Anti-spam agents are enabled, but the list of internal SMTP servers is empty

 

Applies to: Operations Manager Management Pack for Exchange 2010

Topic Last Modified: 2011-08-02

The Microsoft Exchange Server 2010 Management Pack for System Center Operations Manager monitors the Windows Application log on computers running Exchange 2010 and generates this alert when the events specified in the following Details table are logged.

To learn more about this alert, in Operations Manager, do one or more of the following:

  • From the Operations Console, double-click this alert, and then click the General tab. Review the description of the alert that includes the variables specific to your environment.

  • From the Operations Console, double-click this alert, and then click the Alert Context tab. Review the logged events that meet the criteria of this Operations Manager alert.

Details

Product Name

Exchange

Product Version

14.0 (Exchange 2010)

Event ID

1022

Event Source

MSExchangeTransport

Alert Type

Warning

Rule Path

Microsoft Exchange Server/Exchange 2010/Common Components/Hub Transport and Edge Transport/Transport

Rule Name

Anti-spam agents are enabled, but the list of internal SMTP servers is empty.

Explanation

The Warning event indicates that Exchange anti-spam agents are enabled and that the list of internal Simple Mail Transfer Protocol (SMTP) servers is empty.

In some organizations, the Hub Transport server role or the Edge Transport server role that is running connection filtering is installed on computers that don't process SMTP requests directly on the Internet. In this scenario, the transport server is behind another front-end SMTP server that processes inbound messages directly from the Internet.

The Connection Filter agent must be able to extract the correct originating IP address from the message. To extract and evaluate the originating IP address, the Connection Filter agent must parse the Received headers from the message and compare those headers with the known SMTP server in the perimeter network.

When an RFC-compliant SMTP server receives a message, the server updates the message's Received header with the domain name and IP address of the sender. Therefore, for every SMTP server that is between the originating sender and the transport server, the SMTP server adds an additional Received header entry.

User Action

To resolve this problem, you must specify all internal SMTP servers on the transport configuration object in the Active Directory directory service forest before you run connection filtering.

Specify the internal SMTP servers by using the InternalSMTPServers parameter on the Set-TransportConfig cmdlet.

For more information about this cmdlet, see Set-TransportConfig.

For more information about how to configure connection filtering, see Understanding Connection Filtering.

For More Information

If you are not already doing so, consider running the Exchange tools, which have been created to help you analyze and troubleshoot your Exchange environment. These tools can help make sure that your configuration aligns with Microsoft best practices. They can also help you identify and resolve performance issues and improve mail flow. To run these tools, go to the Toolbox node of the Exchange Management Console. To learn more about these tools, see Managing Tools in the Toolbox.