User wants all her spam - ORF Forums

User wants all her spam RSS Back to forum

1

I have a user that wants all her spam sent to her inbox tagged with [SPAM] in the header. Is this possible for just one user? I think to be clear, she essentially does not want any of it filtered out by ORF. I realize this could be in the neighborhood of thousands a day, but this is what she wants.

Please forgive if this is a stupid question, but I have never had a request from a user to actually get all of the spam.

Thanks!
Brian

by Brian Anderson 7 years ago
2

@Brian Anderson: yes, it is possible by using ORF in combination with Exchange Content Filtering, though ORF can be configured to tag _all_ blacklisted emails (instead of rejecting them) or none, so this means you can no longer use Before Arrival (and therefore Greylisting) for the rest of the users.

In ORF:

1. Start the ORF Administration Tool
2. Expand Configuration / Tests / Tests in the left navigation pane
3. Assign all blacklist tests possible to On Arrival, disable Greylisting if you have it enabled
4. Expand Configuration / Filtering – On Arrival / Actions
5. Click the Actions button and select “Accept email and perform further actions”
6. Check “Tag email subject with the text below” and enter [SPAM]
7. Click OK and save your settings by pressing Ctrl+S.

In Exchange:

I. Ensure ORF runs before Content Filter:

1. Start the Exchange Management Shell
2. Enter the following command:

Get-TransportAgent | Format-List

3. As you will see, ORF has two agents, the "Vamsoft ORF Routing Agent" and the "Vamsoft ORF Receive Agent". To change the priority of the filtering agent of ORF (e.g. to 4, if you want ORF to run before the Content Filter of Exchange), run the following commands:

Set-TransportAgent -Identity "Vamsoft ORF Receive Agent" -Priority 4

4. Finally, restart the MSExchangeTransport Service to apply the changes:

Restart-Service MSExchangeTransport

II. Configure Exchange to reject or delete emails tagged by ORF except for this particular recipient

1. Start the Exchange Management Console
2. Expand Organization Configuration > Hub Transport and select the Transport Rules tab
3. Select Action | New Transport rule in the menu
4. Name the rule (e.g. “Reject and delete ORF-tagged emails”). You can add a comment as well. Click Next.
5. In the Conditions page, select the condition to trigger this rule: “When the subject field contains specific words”
6. Set the “specific word” to [SPAM] (the tag we will use in ORF). Click Next.
7. In the Actions page, select the action “Send rejection message to sender with enhances status code” The latter should be "5.7.1" the rejection message is up to you (e.g., "Message classified as spam. If this is a mistake, call us at 1 234 5678 ext 9."). Optionally, you can enable the delete action as well (not sure what happens if you enable both). Click Next.
8. On the Exceptions page, select "except when the message is sent to people". Set the user who wishes to receive all spam. Click Next.
9. Click New, then click Finish.

III. Create another rule to set the SCL score of ORF-tagged emails for this particular recipient

1. Start the Exchange Management Console
2. Expand Organization Configuration > Hub Transport and select the Transport Rules tab
3. Select Action | New Transport rule in the menu
4. Name the rule (e.g. “Set SCL of ORF-tagged spam for ”). You can add a comment as well. Click Next.
5. In the Conditions page, select the condition to trigger this rule: “When the subject field contains specific words”
6. Set the “specific word” to [SPAM] (the tag we will use in ORF).
7. Enable the "sent to people" condition and select the user. Click Next.
6. In the Actions page, select the action “Set the spam confidence level to value”
7. In the rule description, click on the 0 link and add a value that’s above the user's SCLJunkThreshold (see below), e.g. 6, and click Next
8. On the Exceptions page, click Next again
9. Click New, then click Finish.

IV. Configure the SCL thresholds for this user

Exchange has 4 kinds of SCL Thresholds, read about them at http://technet.microsoft.com/en-us/library/aa995744.aspx

Basically, the Per-Mailbox thresholds rules override the global settings

http://technet.microsoft.com/en-us/library/bb123981.aspx

1. Start the Exchange Management Shell
2. Enter the following command (example):

Set-Mailbox -Identity [email protected] -SCLDeleteEnabled $false -SCLRejectEnabled $false -SCLQuarantineEnabled $false -SCLJunkEnabled $true SCLJunkThreshold 5

'[email protected]' selects the mailbox of the user, the rest of the parameters ensures no emails are deleted or rejected or quarantined, and that emails with SCL score above 5 will be redirected to the Junk folder.

by Krisztian Fekete (Vamsoft) 7 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2