Tag Archive: spam


You run the Exchange 2007 BPA and see the following information (warning) items:

Junk Store threshold is currently configured to move messages to recipient’s Junk folder when they have a Spam Confidence Level (SCL) value of 8. This is the default value for the Junk Store threshold. However, the recommended value is 4. You can configure SCL thresholds by using the Set-OrganizationConfig cmdlet in the Exchange Management Shell.

SCL Warning

SCL Warning

Following the link on the BPA, which takes you here, tells us the correct setting for the SCL Junk Threshold is 4. Im good with Microsoft recommendations, more so if it stops errors. You can change this number depending upon your organization and your desire to block out spam. The lower the value, the more “spam” is blocked, including what Exchange thinks is spam and may be good mail. I have had issues with spam in the past, 4 sounds way better than 8.

This is done by the Exchange Management Shell. Open it up from the start menu, the navigate to the scripts folder by typing in the command:

cd “C:\Program Files\Microsoft\Exchange Server\Scripts” including quotes.

Simply type in:

set-organizationconfig -scljunkthreshold 4

 

 

SCL Junk Threshold

SCL Junk Threshold

 

If you get no error, the issue is solved. If too much good mail is being trapped in spam folders, change this to 5 or 6. If you want more mail captured- spam is getting through- change this to 3. Personally I would not go higher than 3, and if you go that high make sure you enable a transport rule to give mail sent from your users a rating that will allow it through.

In the past I had an issue with being used as an open relay as well as having my address spoofed. As a best-practice, I not keep block list providers configured in Exchange 2007, even if I do not prefer to use Forefront Security. Setting up block list providers is easy, and I will list a few that you should add.

Open Exchange Management console (EMC). Expand Orginization Configuration>Hub Transport. Click the Anti-Spam tab.

Your looking at a list like this:

Block List Provider Setup

Block List Provider Setup

Double click IP Block List Providers, then click the Providers tab
Click Add and you will be looking at a screen like this:
Add Block List Provider

Add Block List Provider

For Name, enter SpamHaus
For Lookup Domain, add zen.spamhaus.net
Leave it selected to Match Any Return Code
Click OK.
Repeat with the following addresses:
  • SpamCop: bl.spamcop.net
  • Sorbs: dnsbl.sorbs.net
  • AbuseAt: cbl.abuseat.org
  • SpamHaus: zen.spamhaus.org
Block List Providers

Block List Providers

These are the four I use. Feel free to add more or less, or add different ones depending upon your need.
These lists block the IP addresses of domains known to send spam. They do not catch all, and sometime the catch the wrong IP’s. SORBS is notably hard to deal with if you get incorrectly listed, and will charge for a second removal- so make sure you are not an open relay.
A GREAT test can be found here- this will tell you your relay status: Microsoft Exchange Server Remote Connectivity Analyzer (near the bottom, Inbound SMTP Test, though the others are good to run as well).
On a side note, while your in Anti-Spam, look at the other settings as well, there might be some you need to change. One for me is under recipient fintering, I check the box for block addresses outside of the GAL. I do not want anyone outside sending mail to my domain for anyone not on the GAL.
Recipient Filtering

Recipient Filtering

%d bloggers like this: