Configure content filtering to use safe domain data

  • Article

[Cette rubrique est une documentation préliminaire et peut être modifiée dans les versions ultérieures. Des rubriques vides sont incluses comme espaces réservés. N’hésitez pas à nous transmettre vos commentaires. Envoyez-nous un e-mail à l’adresse ExchangeHelpFeedback@microsoft.com.]  

Learn how to use a command prompt to configure content filtering to use safe domain data.

Safe domain data is an entire domain (for example, @contoso.com) that's stored in a user's Safe Senders List. By default, the Content Filter agent doesn't use safe domain data to identify senders that are allowed to bypass content filtering.

This default setting helps reduce the amount of spam that's delivered into your organization. For example, a user might add the domain of a large email provider to their Safe Senders List. If this domain is frequently used or spoofed by spammers, and if content filtering is configured to use safe domain data to mark the messages as safe, messages from any sender in that domain would be delivered to recipients in your organization.

We recommend that you don't modify the default setting in most cases. However, you can configure users' safe domain data to be stored in Active Directory and used by content filtering to mark messages as safe. To do this, you need to modify the MSExchangeMailboxAssistants.exe.config XML application configuration file that's associated with the Microsoft Exchange Mailbox Assistants service, as detailed later in this topic. When you make this configuration change, the safe domain data is hashed and stored in each user's msExchSafeSenderHash user object attribute in Active Directory as part of safelist aggregation. The Content Filter agent can then use the safe domain data to mark messages from senders in those domains as safe. For more information about safelist aggregation, see Safelist aggregation.

What do you need to know before you begin?

  • Estimated time to complete: 10 minutes

  • Exchange permissions don't apply to the procedures in this topic. These procedures are performed in the operating system of the Exchange Server.

  • Changes you save to the MSExchangeMailboxAssistants.exe.config file are applied after you restart the Microsoft Exchange Mailbox Assistants service.

  • Les paramètres par serveur personnalisés de vos fichiers de configuration d’application XML Exchange, par exemple les fichiers web.config sur les serveurs d’accès au client ou le fichier EdgeTransport.exe.config sur les serveurs de boîtes aux lettres, seront remplacés lors de l’installation d’une mise à jour cumulative Exchange. Veuillez enregistrer ces informations pour configurer à nouveau votre serveur après l’installation. Vous devez reconfigurer ces paramètres après avoir installé une mise à jour cumulative Exchange.

  • Pour des informations sur les raccourcis clavier applicables aux procédures de cette rubrique, voir Raccourcis clavier dans Exchange 2013Keyboard shortcuts in the Exchange admin center.

Conseil

Vous rencontrez des difficultés ? Demandez de l’aide en participant aux forums Exchange. Visitez le forum à l’adresse : Exchange Server, Exchange Online ou Exchange Online Protection

Use a command prompt to configure content filtering to use safe domain data

  1. In the Command Prompt window, open the MSExchangeMailboxAssistants.exe.config file in Notepad by running the following command:

    Notepad %ExchangeInstallPath%Bin\MSExchangeMailboxAssistants.exe.config

  2. Locate the </appsettings> key at the end of the file, and paste the following key before the </appsettings> key:

    <add key="IncludeSafeDomains" value="true" />

  3. When you are finished, save and close the MSExchangeMailboxAssistants.exe.config file.

  4. Restart the Microsoft Exchange Mailbox Assistants service by running the following command:

    net stop MSExchangeMailboxAssistants && net start MSExchangeMailboxAssistants

How do you know this worked?

To verify that you have successfully configured content filtering to use safe domain data, do the following:

  1. Verify that adding a domain to a user's Safe Senders List in Outlook updates the user's msExchSafeSenderHash attribute in Active Directory. To do this, view the attribute in ADSIEdit.exe or LDP.exe, open the user's mailbox in Outlook, add a domain to the Safe Senders List, run the command Update-Safelist <username>, and verify that the original and current values of msExchSafeSenderHash are different.

  2. After you've verified the safe domain data is stored in Active Directory, send a test message from an external sender in that domain to a user in your organization. Verify the message is marked as safe by examining the anti-spam header fields in the message header.