As per the subject.
We are getting way too much spam allowed through. I can see Anti Spam Settings policy under EPO.
I saw there is an option for Message reputation threshold which is set to 80, what does 80 mean? Is there any doc on levels?
Edit: Our AntiSpam setting:
Message was edited by: norbertg on 14/07/14 12:50:06 PM
Solved! Go to Solution.
i would suggest to lower the message rep score to between 51-55. scores between 51-79 means emails are high likely to be spam but there could be some emails that get caught which are legit emails. 80+ is always spam.
also you want to make sure that the spam rules are getting updated from the local exchange server. if you log into the local msme gui and look at the version and updates section of the dashboard, the Update Information tab will show the anti-spam engine (9309) and Rules. the rules should look something like this
if the rules version doesn't look like this then the anti-spam rules might not be fully up to date.
Thanks I'll look into it.
All messages even obvious spam are coming through with scores of -5000 and threshold of 5 is there a reason for this? e.g
X-NAI-Spam-Version: 126.96.36.19909 : core<5004> : inlines <1074> : streams
<1239065> : uri <1791485>
X-Auto-Response-Suppress: DR, OOF,AutoReply
I was expecting to see spam scores at least in the positive. Also would you happen to know how the system junk folder works? It hasn't caught any messages in 2 days.
edit: I've lowered it down to 60 and if it doesn't go well will look at 55 next.
Our core anti-spam setting:
Message was edited by: norbertg on 16/07/14 9:02:15 AM
A score of -5000 suggests that the sender\sender domain is on "Whitelist from" or recipient or internal domain\internal user is on "Whiteilist to"
So I looked at this message which is obvious spam\phishing and it's not on the whitelist or blacklist and scores a -5000:
Received: from espmta125187.v4broadcaster.com (188.8.131.52) by
EXCHSERVERNAME.DOMAINNAME.com (INTERNALIP) with Microsoft SMTP Server id
184.108.40.206; Wed, 16 Jul 2014 19:04:26 +0930
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=esp; d=v4broadcaster.com;
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=esp; d=v4broadcaster.com;
From: ECS <firstname.lastname@example.org>
Reply-To: Reply <email@example.com>
Sender: ECS <firstname.lastname@example.org>
Date: Wed, 16 Jul 2014 10:30:47 +0100
X-NAI-Spam-Version: 220.127.116.1109 : core <5004> : inlines <1081> : streams
<1239844> : uri <1791819>
Message was edited by: norbertg on 17/07/14 8:43:04 AM
I've gone ahead and removed all our white listed senders. We only have our internal domain address(es) set under whitelisted recipients and blacklisted senders, i'll see how it goes and report back.
We had a 3rd party spam filter on our firewall prior to a month ago, now MSME is taking on all the load and responsibility.Message was edited by: norbertg on 17/07/14 9:47:38 AM