Intelligent Message Filter, Content Filter, can do more...

WinDeveloper IMF Tune
WinDeveloper IMF Tune

The Exchange 2007 Content Filter Agent

Alexander Zammit

Alexander Zammit Photo

Software Development Consultant. Involved in the development of various Enterprise software solutions. Today focused on Blockchain and DLT technologies.

Cast your Vote
Poor Excellent

The Exchange 2007 Content Filter Agent replaces the Exchange 2003 Intelligent Message Filter. Based on the same SmartScreen technology, the new filter offers a very similar feature set adding some key improvements.

In Exchange 2003 Microsoft made its first significant steps towards providing a comprehensive anti-spam filtering solution out of the box. Exchange 2007 makes further advancements beefing up the feature set through a number of transport agents.

Today we look at the Content Filter agent, the reincarnation of the Exchange 2003 Intelligent Message Filter (IMF). We see how this agent builds on IMF adding functionality in a number of areas.

Installing the Anti-Spam Agents

The Content Filter forms part of a set of anti-spam transport agents that ship with Exchange 2007. These must be run on a server having the Edge or Hub transport server role. The Edge server installation includes the anti-spam agents within it. However in case of Hub Transport servers, the agents must be installed manually through the command shell.

The installation script is located under:
<Exchange Server dir.>\Scripts\install-AntispamAgents.ps1

  1. On the Hub transport server machine, from the Exchange 2007 program group, open the Exchange Management Shell.

  2. Run> install-AntispamAgents.ps1

    Anti-Spam Agents Installation

  3. Restart the MS Exchange Transport service

Once the Agents are installed we can proceed with the configuration. From the Exchange 2007 program group, open the Exchange Management Console. Next, depending on the server type, select:
Microsoft Exchange | Edge Transport | Anti-Spam OR
Microsoft Exchange | Organization Configuration | Hub Transport | Anti-Spam

Exchange 2007 Anti-Spam Filters

From here we can see the various anti-spam filter types Exchange 2007 provides. Note how all of these are enabled by default. For today we just focus on the Content Filter. Open its properties to start exploring the available functionality.

SCL Thresholds

The main set of thresholds is available at the Content Filter properties under the Actions page. Here we find the SCL thresholds for the Gateway level actions.

Content Filter Actions

In Exchange 2003 IMF provided one Gateway threshold to which an action from Delete, Reject or Archive could be applied.

The Content Filter now provides three Gateway thresholds, one for each of the Delete, Reject and Quarantine actions. The three threshold settings follow a rule where:

  • The Delete threshold must be greater than the Reject threshold
  • The Reject threshold must be greater than the Quarantine threshold

Exchange 2003 IMF users will immediately notice that no threshold is available for disk Archiving. Instead emails can now be rerouted to a central mailbox through the Quarantine Action. We just need to enable the Quarantine threshold and specify the email address where to deposit filtered emails.

Of course it is also possible to configure the gateway thresholds and all other Content Filter properties using the command shell. We do this using the Set-ContentFilterConfig cmdlet. Here are some examples:

Set-ContentFilterConfig -SCLQuarantineEnabled $true -SCLQuarantineThreshold 5

Set-ContentFilterConfig -SCLRejectEnabled $true -SCLRejectThreshold 7

Set-ContentFilterConfig -SCLDeleteEnabled $true -SCLDeleteThreshold 9

What about the Junk Email threshold? How are we to specify which emails should go to the Outlook Junk Folder? Exchange 2007 continues with the tradition of putting certain settings in locations that are not immediately intuitive. Of course there is probably a valid technical reason for this. However the public newsgroups already show this as one of the most common Content Filter related questions.

A global SCL Junk email threshold equivalent to that available in Exchange 2003 can now be set using the command shell:

Set-OrganizationConfig -SCLJunkThreshold <SCL threshold value>

As in the case of Exchange 2003, this SCL Junk threshold applies to emails with an SCL greater but NOT equal to the threshold. Thus considering all the thresholds discussed above, an email is deposited to the Junk Folder if the assigned SCL:

  • Exceeds the threshold specified through Set-OrganizationConfig
  • Is less than any gateway threshold configured at the Content Filter

So far we discussed the configuration of global thresholds that work very similarly to the Exchange 2003 IMF. In addition to these, Exchange 2007 also provides another option. It is possible to configure thresholds per mailbox that override the global thresholds. On processing an email the Content Filter will first look for the mailbox specific thresholds. If found, these are applied, otherwise the global thresholds are enforced.

Mailbox specific thresholds are configured through the set-mailbox cmdlet. The set of set-mailbox parameters relevant to anti-spam are listed in, How to Configure Anti-Spam Features on a Mailbox.

As an example the following cmdlet overrides the Global Junk Email threshold for the dom\User mailbox:
Set-Mailbox -Identity dom\User -SCLJunkEnabled $true -SCLJunkThreshold 4

This one overrides the Rejection threshold:
Set-Mailbox -Identity dom\User -SCLRejectEnabled $true -SCLRejectThreshold 7

The following clears the rejection threshold override, forcing the Content Filter configuration to be applied:
Set-Mailbox -Identity dom\User -SCLRejectEnabled $null

Of course we can also process multiple mailboxes with a single cmdlet by piping the get-mailbox result to set-mailbox:
Get-Mailbox -OrganizationalUnit Domain.com\Users | Set-Mailbox -SCLDeleteEnabled $true -SCLDeleteThreshold 8

Custom Words Property Page

At the Content Filter properties we also have the Custom Words property page. Here we find a keyword based whitelist and blacklist. This functionality is similar to that provided by the Exchange 2003 XML custom weights file.

Content Filter Custom Words

The Exchange 2003 XML solution has some major limitations that the Content Filter resolves. In Exchange 2003, whenever an IMF update is installed, the XML file must be copied to the new directory created by the update. Considering that IMF receives two updates per month, this can become quite an issue.

Another problem with the XML file is the lack of a proper UI for configuring keywords. Editing the file manually is prone to human error. For example, mistyping an XML element name leads to invalid XML. In turn this causes IMF to ignore the settings altogether.

Apart for these improvements it is worth noting how the new Content Filter lost a feature on the way. In Exchange 2003 the XML allows both for whitelist/blacklist functionality and also for assigning weights to specific keywords. For example through the XML we can say that if the word "sex" is found, increment the SCL by 2. In this manner we influence how emails are rated. The Content Filter does not provide this functionality any longer.

Recipient Exceptions

As discussed in Excluding Recipients from IMF Filtering, in Exchange 2003 a patch is available for allowing the exclusion of certain mailbox from spam filtering. The patch requires the configuration of email addresses at the registry.

The Exchange 2007 Content Filter now provides the UI for entering these addresses. We find this at the Content Filter | Exceptions properties page.

Content Filter Exceptions

References

How to install Microsoft Anti Spam Agents on Exchange 2007

How to Enable and Configure the Spam Confidence Level Thresholds

How to Configure Anti-Spam Features on a Mailbox

User Comments - Page 1 of 1

Alexander Zammit 12 Oct 2010 15:13
How is the Content Filter configured?

Are you Rejecting/Deleting/Quarantining to a central mailbox?

OR you are just moving emails to Junk without blocking anything at the server?
Titus R 12 Oct 2010 14:17
I have recently deployed Exchange 2007. I have one mailbox on my exchange that is ignoring the Content Filter. I have checked to be sure it was not included in the Exceptions area of the Content Filter as well as make sure that it was not individually set to false to ignore the Filter. Does anyone know what could be wrong? I have 70 mailboxes and this is the only one not using the Content Filter. I have even check rules in Outlook and everything is set the same as the mailboxes following the Content Filter Key Words. Any help would be great!
joesmith12 4 Nov 2009 10:32
I picked a common character in each foreign language and added it to the custom filter. Any messages that contain that character are deleted.
Glenn in Miami 2 Mar 2008 11:34
Is there a way to filter in Exchange 2007 spam filter to block emails with foreign characters (arabic or chinese characters, for example). I am getting a lot of spam like this that I like to block...any suggestion?
Copyright © 2005 - 2024 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation