Skip to main content

What is SafeList Aggregation in Exchange 2007 or How to help you administer Safe senders list in Exchange 2007 to fight false-positives?

"safelist aggregation refers to a set of anti-spam functionality that is shared across Microsoft Office Outlook and Exchange" - Microsoft

So let's see what this functionality really is. Presume your Exchange architecture is using Hub Transport and no Edge Transport Exchange server role. You enabled Anti-spam functionality on your Hub Transport server and you created quarantine mailbox for collecting spam mails.To help you reduce instances of false-positives you can enable the SafeList Aggregation which uses Outlook's Safe senders and safe recipients, Safe Domain and External Contacts collections for Exchange's ALLOWED senders list.

First, you need to send this data to Active Directory from where it can be read by Anti-spam agent on Exchange 2007 Hub or Edge Transport Exchange role.This can be done by running the Exchange Management Shell cmdlet Update-SafeList on a user's mailbox.

Syntax: Update-SafeList -Identity <MailboxIdParameter>

Let's say you want to use Safe Senders collection from Dusan Kosaric's mailbox. You would use the following syntax:

Update-SafeList -Identity "Dusan Kosaric"

If you wan to update Safe List from every mailbox in organization on regular basis you can create scheduled task. First create the SafeList.bat file with following entries:

"C:\Program Files\Microsoft Command Shell\v1.0\Powershell.exe" -psconsolefile
"C:\Program Files\Microsoft\Exchange Server\bin\exshell.psc1" -command

"get-mailbox where {$_.RecipientType -eq [Microsoft.Exchange.Data.Directory.Recipient.RecipientType]::UserMailbox } update-safelist"

After you create SafeList.bat file, run this command in Exchange Management Shell:

at 01:00 /every:M,T,W,Th,F,S,Su cmd /c "X:\SafeList.bat"

If your organization is not a large one and you are not dealing with A LOT of spam, you can use SafeList Aggregation only from Quarantine mailbox. You can open your quarantine mailbox in Outlook 2003 or 2007 and search through mails to find false-positives. Add senders to the Outlook Safe Senders list under Actions -> Junk e-mail -> Junk e-mail options -> Safe Senders in Outlook and than run Update-SafeList cmdlet in Exchange Management Shell.

************
Related links:

http://technet.microsoft.com/en-us/library/bb125168.aspx

http://technet.microsoft.com/en-us/library/aa998280.aspx

Comments

  1. Hi,

    I tried to use this procedure.

    1° fyi in SBS2008 path for Powershell.exe is C:\windows\System32\WindowsPowerShell\V1.0\

    2° when I start the .bat file a received the message "C:\windows\System32\WindowsPowerShell\V1.0\Powershell.exe" -psconsolefile
    Missign argument for parameter psconsolefile

    Any idea?

    Yves

    ReplyDelete
  2. For SBS2008:

    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -PSConsoleFile "C:\Program Files\Microsoft\Exchange Server\bin\exshell.psc1" -command ....

    ReplyDelete
  3. I've been using this feature for quite a while now. Spammers must have noticed and are lately starting to spoof e-mail adresses to get Spam through my Spam filters. Any idea what to do?

    ReplyDelete
  4. It is a common problem. Some people block their own domain in order to prevent this, but be careful with this in order not to block yourself fully if you have special architecture and combinations with mail flow.

    Dusan

    ReplyDelete

Post a Comment

Popular posts from this blog

Change SMTP port 25 in Exchange 2007, 2010

For some reason you might want to change default SMTP port number 25 Exchange 2007 is using. Exchange 2007 uses RECEIVE AND SEND connectors, one for receiving mails and other for sending mails (obviously ;) So you need to change ports on those connectors. I will not say those two, because you might be using more than two. You change Receive connector port by opening the connector properties in Exchange Management Console --> Hub Transport --> RECEIVECONNECTORNAME --> Properties --> Network --> Local IP Addresses (Edit Receive Connector Binding) Just to clarify what "Local IP Addresses" and "Remote Servers" are (from Exchange 2007 help), because I find it little bit confusing: Use these local IP Addresses to receive mail Use this list to specify the IP addresses and port numbers on which this Receive connector listens for incoming mail. Receive mail from remote servers which have these IP addresses Use this list to specify the

Error "<#5.5.2 smtp;554 5.5.2 Invalid data in message> #SMTP#" when you send attachment in your mail

Some users were receiving error <#5.5.2 smtp;554 5.5.2 Invalid data in message> #SMTP# when they sent message with attachment. The problem is when attached document name is longer than 50 characters . Some Firewalls have header size restriction and that limit blocks this messages to be sent. To correct this, change header limit on affected Firewall or shorten the name of the document you are sending (which is probably not good permanent solution). ****** Update #1 : Default header size limit in Exchange 2007 is 64K . Update #2: It might be the SMTP version problem. Mail is rejected with CONTENT-DISPOSITION error (overly long message header field for CONTENT-DISPOSITION) but not for all SMTP servers (same mail sent through different SMTP servers). If you send mail with attachment that has name longer than 50 characters from Exchange 2007 directly through DNS you may encounter this error, but if you send same mail from Exchange 2007 through smart host (other than Exch

The attempt to connect to http://yourserver/PowerShell using "Kerberos" authentication failed

The error you get: The attempt to connect to http://yourserver/PowerShell using "Kerberos" authentication failed: Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found If you removed Exchange server from the machine and installed it again, you can get following error when you open Exchange Management Console: The following error occurred while attempting to connect to the specified Exchange server 'yourserver.domain.com': The attempt to connect to http://yourserver.domain.com/PowerShell using "Kerberos" authentication failed: Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found. Possible causes are:   -The user name or password specified are invalid.   -Kerbero