Saturday, April 21, 2007

What is SafeList Aggregation in Exchange 2007 or How to help you administer Safe senders list in Exchange 2007 to fight false-positives?

"safelist aggregation refers to a set of anti-spam functionality that is shared across Microsoft Office Outlook and Exchange" - Microsoft

So let's see what this functionality really is. Presume your Exchange architecture is using Hub Transport and no Edge Transport Exchange server role. You enabled Anti-spam functionality on your Hub Transport server and you created quarantine mailbox for collecting spam mails.To help you reduce instances of false-positives you can enable the SafeList Aggregation which uses Outlook's Safe senders and safe recipients, Safe Domain and External Contacts collections for Exchange's ALLOWED senders list.

First, you need to send this data to Active Directory from where it can be read by Anti-spam agent on Exchange 2007 Hub or Edge Transport Exchange role.This can be done by running the Exchange Management Shell cmdlet Update-SafeList on a user's mailbox.

Syntax: Update-SafeList -Identity <MailboxIdParameter>

Let's say you want to use Safe Senders collection from Dusan Kosaric's mailbox. You would use the following syntax:

Update-SafeList -Identity "Dusan Kosaric"

If you wan to update Safe List from every mailbox in organization on regular basis you can create scheduled task. First create the SafeList.bat file with following entries:

"C:\Program Files\Microsoft Command Shell\v1.0\Powershell.exe" -psconsolefile
"C:\Program Files\Microsoft\Exchange Server\bin\exshell.psc1" -command

"get-mailbox where {$_.RecipientType -eq [Microsoft.Exchange.Data.Directory.Recipient.RecipientType]::UserMailbox } update-safelist"

After you create SafeList.bat file, run this command in Exchange Management Shell:

at 01:00 /every:M,T,W,Th,F,S,Su cmd /c "X:\SafeList.bat"

If your organization is not a large one and you are not dealing with A LOT of spam, you can use SafeList Aggregation only from Quarantine mailbox. You can open your quarantine mailbox in Outlook 2003 or 2007 and search through mails to find false-positives. Add senders to the Outlook Safe Senders list under Actions -> Junk e-mail -> Junk e-mail options -> Safe Senders in Outlook and than run Update-SafeList cmdlet in Exchange Management Shell.

************
Related links:

http://technet.microsoft.com/en-us/library/bb125168.aspx

http://technet.microsoft.com/en-us/library/aa998280.aspx

Posted by Dušan Košarić at Saturday, April 21, 2007

Categories:

0 comments:

Post a Comment