How to Make the SCL Value Available to Edge Transport Rules

  • Article

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic explains how to use the Exchange Management Shell to make the spam confidence level (SCL) value on messages available for processing in transport rules that run on computers that have the Edge Transport server role installed.

Note

You cannot perform the following procedures by using the Exchange Management Console. To perform these procedures, you must use the Exchange Management Shell. For more information about how to use the Exchange Management Shell, see Using the Exchange Management Shell.

In Microsoft Exchange Server 2007, transport rules that run on Edge Transport servers are applied to messages by the Edge Rule agent on the OnEndOfData Simple Mail Transfer Protocol (SMTP) transport event. One of the transport rule conditions available on Edge Transport servers is the with a spam confidence (SCL) rating that is greater than or equal to limit transport rule condition. By using this transport rule condition, you can apply a transport rule action to a message based on the SCL value stamped on the message. The Content Filter agent stamps an SCL value on the message based on an analysis of the message content and is used to determine whether the message is spam. The Content Filter agent also runs on the OnEndOfData SMTP transport event.

Note

Although the Content Filter agent also runs on other events, the SCL value is stamped on the message by the instance of the Content Filter agent registered on the OnEndOfData SMTP transport event.

Because both the Edge Rule agent and the Content Filter agent run on the OnEndOfData SMTP transport event, the priority value applied to each transport agent is used to determine which transport agent runs first. By default, the Edge Rule agent runs before the Content Filter agent to reduce the cost of processing messages that may be blocked by the Edge Rule agent. However, because the Edge Rule agent runs before the Content Filter agent and therefore the SCL value has not yet been stamped on the message, you can't use the with a spam confidence (SCL) rating that is greater than or equal to limit transport rule condition in the default configuration.

You can use the following procedure to configure the Content Filter agent to run before the Edge Rule agent on the OnEndOfData SMTP transport event. This enables the Content Filter agent to stamp an SCL value on a message that can then be read by the with a spam confidence (SCL) rating that is greater than or equal to limit transport rule condition.

For more information about transport agents and transport agent priority, transport rules, and content filtering, see the following topics:

Before You Begin

This topic assumes that only one Edge Transport server has been configured in your organization. Or, if you are running more than one Edge Transport server, these servers are running in parallel.

You may not have to perform this procedure if the following conditions are true:

  • There is more than one Edge Transport server in your organization.

  • These servers are configured in multiple layers between the Internet and your internal network.

In that case, you can configure the Edge Transport servers that are running in the outer perimeter network to use transport rules to block unwanted messages. The Content Filter agent will then stamp SCL values on messages. You can then configure transport rules that run on the Edge Transport servers in the inner perimeter network to check for the SCL value on messages.

If you use this procedure to configure the Content Filter agent with a higher priority value than the Edge Rule agent, the Edge Transport server may incur additional processing costs because all the messages that are received by the Edge Transport server will be evaluated by the Content Filter agent. This is true even if the message is later rejected by a transport rule that is configured on the Edge Rule agent. Also, you will no longer be able to configure a transport rule on the Edge Transport server to stamp a message that has an SCL value of -1. This value indicates to the Content Filter agent that the message should not be evaluated.

To perform the following procedures on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Procedure

The following procedure sets the priority value of the Content Filter agent to 3. Because the Edge Rule agent was previously configured by using the priority value 3, its priority value is increased to 4. If you have more than one Edge Transport server that are running in parallel and want each Edge Transport server to have the same configuration, you must perform this procedure on each server.

For more information about how to configure transport agents, see How to Modify a Transport Agent.

Important

The following procedure stops and starts the Microsoft Exchange Transport service on the local Edge Transport server. Mail that flows through this Edge Transport server will not be delivered while the Microsoft Exchange Transport service is stopped.

To use the Exchange Management Shell to modify the priority value of the Content Filter agent

  1. Run the following command:

    Set-TransportAgent "Content Filter Agent" -Priority 3

  2. Stop the Microsoft Exchange Transport service.

    Net Stop MSExchangeTransport

  3. Start the Microsoft Exchange Transport service.

    Net Start MSExchangeTransport

After you perform this procedure, you can verify the transport agent priority order by sending a test message through the Edge Transport server that you just configured. Then you can use the Get-TransportPipeline cmdlet to view the transport agent priority order. You must send a message through the Edge Transport server because the Get-TransportPipeline cmdlet retrieves information about the transport pipeline that is built dynamically every time that a message is sent.

For more information about how to view the transport pipeline, see How to View Transport Agents in the Transport Pipeline.

To use the Exchange Management Shell to verify the transport agent priority order

  1. Send a message through the Edge Transport server that you just configured.

  2. Run the following command:

    Get-TransportPipeline

The output produced by this procedure will resemble the following example. In the following example, the Content Filter agent is listed before the Edge Rule agent on the OnEndOfData SMTP event. This indicates that the Content Filter agent is now being applied to messages before the Edge Rule agent on the OnEndOfData SMTP event.

Event           : OnConnectEvent
TransportAgents : {Connection Filtering Agent, Protocol Analysis Agent}
Event           : OnHeloCommand
TransportAgents : {}
Event           : OnEhloCommand
TransportAgents : {}
Event           : OnAuthCommand
TransportAgents : {}
Event           : OnEndOfAuthentication
TransportAgents : {}
Event           : OnMailCommand
TransportAgents : {Connection Filtering Agent, Sender Filter Agent}
Event           : OnRcptCommand
TransportAgents : {Connection Filtering Agent, Address Rewriting Inbound Agent,
                   Recipient Filter Agent}
Event           : OnDataCommand
TransportAgents : {}
Event           : OnEndOfHeaders
TransportAgents : {Connection Filtering Agent, Address Rewriting Inbound Agent,
                   Sender Id Agent, Sender Filter Agent, Protocol Analysis Agen
                  t}
Event           : OnEndOfData
TransportAgents : {Content Filter Agent, Edge Rule Agent, Protocol Analysis Age
                  nt, Attachment Filtering Agent}
Event           : OnHelpCommand
TransportAgents : {}
Event           : OnNoopCommand
TransportAgents : {}
Event           : OnReject
TransportAgents : {Protocol Analysis Agent}
Event           : OnRsetCommand
TransportAgents : {Protocol Analysis Agent}
Event           : OnDisconnectEvent
TransportAgents : {Protocol Analysis Agent}
Event           : OnSubmittedMessage
TransportAgents : {Address Rewriting Outbound Agent}
Event           : OnRoutedMessage
TransportAgents : {Address Rewriting Outbound Agent}

For More Information

For more information about the features discussed in this topic, see the following topics: