10 following orders how Antispam works – Exchange 2010

You can configure the Edge Transport server to perform anti-spam filtering to all messages sent to the Edge Transport server from SMTP servers on the Internet. When you do this, the Edge Transport server applies the anti-spam filters in the following order:

  1. The Connection filter agent examines the local IP Allow list. If the IP address of the sending SMTP server is on the administrator-defined IP Allow list, the message is then accepted and sent to sender filtering.
  1. The Connection filter agent examines the local IP Block list. If the IP address of the sending server is found on the local IP Block list, the message is automatically rejected, and no other filters are applied.
  1. The Connection filter agent then queries the IP Allow List providers and checks the IP address of the sending SMTP server against the list of allowed IP addresses. If the IP address of the sending server is on the list of allowed IP addresses from IP Allow List providers, the message is then accepted.
  1. The Connection filter agent then queries the IP Block List providers and checks the IP address of the sending SMTP server against the list of blocked IP addresses. If the sending server’s IP address is found on RBL, the message is rejected, and no other filters are applied.
  1. The Sender Filter agent then examines the message based on the sender in the MAIL FROM: SMTP header in the message envelope and the message header. If either From: header field matches the address in the Blocked Sender list, Exchange Server 2010 rejects the message, and no other filters are applied.
  1. The Recipient Filter agent then examines the recipients in the RCPT TO: SMTP header in the message. If the recipient is configured on the Recipient Block list, Exchange Server 2010 rejects the message for that particular recipient. In addition, the Recipient Filter agent checks to see whether the recipient is present in the organization. If the recipient is not present in the organization, Exchange rejects the message for that recipient.
  1. The Sender ID agent then filters messages by verifying the IP address of the sending SMTP server against the purported owner of the sending domain.
  1. The Content Filter agent then examines the message contents and blocks or allows the message based on the message contents.
  1. The message is then checked for attachments. If any of the attachments in the message are blocked, the message is either rejected or the message is forwarded without the attachment.
  1. Finally, if an antivirus product is installed on the Edge Transport server, the message is scanned for viruses.
Advertisements
This entry was posted in Exchange Servers. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s