Sender reputation procedures

 

Applies to: Exchange Server 2016

Topic Last Modified: 2016-03-14

Learn how to configure sender reputation in Exchange 2016, and how to verify the sender reputation settings.

Sender reputation and the Protocol Anaysis agent block unwanted messages according to various characteristics of the sender. Sender reputation relies on persisted data about the sender to determine what action, if any, to take on an inbound message. For more information, see Sender reputation and the Protocol Analysis agent.

  • Estimated time to complete each procedure: 5 minutes

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Antispam features" entry in the Antispam and antimalware permissions topic.

  • You can only use PowerShell to perform this procedure. To learn how to open the Exchange Management Shell in your on-premises Exchange organization, see Open the Exchange Management Shell.

  • By default, antispam features aren't enabled in the Transport service on a Mailbox server. Typically, you only enable the antispam features on a Mailbox server if your Exchange organization doesn't do any prior antispam filtering before accepting incoming messages. For more information, see Enable antispam functionality on Mailbox servers.

  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

tipTip:
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

To disable sender reputation, run the following command:

Set-SenderReputationConfig -Enabled $false

To enable sender reputation, run the following command:

Set-SenderReputationConfig -Enabled $true
noteNote:
The Protocol Analysis agent is the underlying agent for sender reputation functionality. When you disable sender reputation, the Protocol Analysis agent is still enabled. To disable the Protocol Analysis agent, run the command: Disable-TransportAgent "Protocol Analysis Agent".

To verify that you have successfully enabled or disabled sender reputation, run the following command to verify the Enabled property value:

Get-SenderReputationConfig | Format-List Enabled

By default, sender reputation is enabled for external messages (messages from external sources).

To disable sender reputation for external messages, run the following command:

Set-SenderReputationConfig -ExternalMailEnabled $false

To enable sender reputation for external messages, run the following command:

Set-SenderReputationConfig -ExternalMailEnabled $true

To verify that you have successfully enabled or disabled sender reputation for external messages, run the following command to verify the ExternalMailEnabled property value:

Get-SenderReputationConfig | Format-List ExternalMailEnabled

As a best practice, you don't need to apply antispam filters to messages from trusted partners or from inside your organization. There's always a chance that the filters will detect false positives. To reduce the chance that filters will mishandle legitimate email messages, you should typically configure antispam agents to only run on messages from untrusted and unknown sources.

To enable sender reputation for internal messages, run the following command:

Set-SenderReputationConfig -InternalMailEnabled $true

To disable sender reputation for internal messages, run the following command:

Set-SenderReputationConfig -InternalMailEnabled $false

To verify that you have successfully enabled or disabled sender reputation for internal messages, run the following command to verify the InternalMailEnabled property value:

Get-SenderReputationConfig | Format-List InternalMailEnabled

Sender blocking uses the calculated sender reputation level (SRL) of the sender and a specified SRL threshold to temporarily block the sender. To configure the sender blocking in sender reputation, use the following syntax:

Set-SenderReputationConfig -SenderBlockingEnabled <$true | $false> -SrlBlockThreshold <0 - 9> [-SenderBlockingPeriod <0 - 48>]

This example lowers the sender reputation level (SRL) block threshold to 6 (which means senders with an SRL of 6, 7, 8, or 9 are blocked), and blocks the offending senders for 36 hours:

Set-SenderReputationConfig -SrlBlockThreshold 6 -SenderBlockingPeriod 36

This example disables sender blocking.

Set-SenderReputationConfig -SenderBlockingEnabled $false

Notes:

  • The default value of the SenderBlockingEnabled parameter is $true.

  • The default value of the SenderBlockingPeriod parameter is 24.

  • The default value of the SrlBlockThreshold parameter is 7.

  • You can't disable sender blocking and open proxy server detection at the same time. One must be enabled when the other is disabled, or they both can be enabled.

To verify that you have successfully configured sender blocking in sender reputation, run the following command to verify the property values:

Get-SenderReputationConfig | Format-List *block*

By default, sender reputation uses open proxy server detection as one of the criteria to calculate the SRL of the source server. In open proxy server detection, the Exchange server tries to send a test message from the source messaging server. If the test message is successfully delivered back to the Exchange server, it indicates the source server is configured as an open proxy server (intentionally or unintentionally).

Open proxy server detection uses the protocols and TCP ports that are described in the following table, so these outbound ports need to be open in your firewall:

 

Protocols Ports

SOCKS4, SOCKS5

1081, 1080

Wingate, Telnet, Cisco

23

HTTP CONNECT, HTTP POST

6588, 3128, 80

Also, if your organization uses a proxy server to control outbound Internet traffic, you need to configure sender reputation to use your proxy server to access the Internet. Specifically, you need to define the proxy server name, type, and TCP port that sender reputation requires to access the Internet.

To configure open proxy server detection in sender reputation, use the following syntax:

Set-SenderReputationConfig -OpenProxyDetectionEnabled <$true | $false> [-ProxyServerName <String> -ProxyServerPort <Port> -ProxyServerType <None | Socks4 | Socks5 | HttpConnect | HttpPost | Telnet | Cisco | Wingate>]

This example configures sender reputation to connect to the Internet through the proxy server named SERVER01 that uses the HTTP CONNECT protocol on port 80.

Set-SenderReputationConfig -ProxyServerName SERVER01 -ProxyServerPort 80 -ProxyServerType HttpConnect

This example disables open proxy server detection in sender reputation.

Set-SenderReputationConfig -OpenProxyDetectionEnabled $false

Notes:

  • The default value of the OpenProxyDetectionEnabled parameter is $true.

  • The default value of the ProxyServerName parameter is blank ($null).

  • The default value of the ProxyServerPort parameter is 0.

  • The default value of the ProxyServerType parameter is None.

  • You can't disable open proxy server detection and sender blocking at the same time. One must be enabled when the other is disabled, or they both can be enabled.

To verify that you have successfully configured open proxy server detection in sender reputation, run the following command to verify the property values:

Get-SenderReputationConfig | Format-List *proxy*
 
Show: