Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to trace activity of antispam

93 views
Skip to first unread message

Hii Sing Chung

unread,
Apr 25, 2008, 1:23:44 AM4/25/08
to
How do I track the antispam activity in the edge server? Is there any log
somewhere? I would to know what it does to a particular mail, like did it
reject? and why it reject? what score was given? where did it route to?

Are these possible in Exchange 2007?

Jamestechman

unread,
Apr 25, 2008, 10:34:08 AM4/25/08
to
You can sort through your anti-spam agent logs and get RBL perf stats.


Exchange Server 2007: Managing And Filtering Anti-Spam Agent Logs
http://exchangepedia.com/blog/2007/04/managing-and-filtering-anti-spam-agent.html

Exchange Server 2007: How are RBLs performing?
http://exchangepedia.com/blog/2006/12/exchange-server-2007-how-are-rbls.html


Get-AntispamFilteringReport.ps1
Get-AntispamSCLHistogram.ps1
Get-AntispamTopBlockedSenderDomains.ps1
Get-AntispamTopBlockedSenderIPs.ps1
Get-AntispamTopBlockedSenders.ps1
Get-AntispamTopRecipients.ps1


James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

Bharat Suneja [MSFT]

unread,
Apr 25, 2008, 10:33:15 AM4/25/08
to
Antispam agent activity is logged in agent logs on the Edge Transport server
(and on Hub Transport servers with antispam agents installed). It is enabled
by default.

Exchange Server 2007: Managing And Filtering Anti-Spam Agent Logs
http://exchangepedia.com/blog/2007/04/managing-and-filtering-anti-spam-agent.html

--
Bharat Suneja
Microsoft Corporation
----------------------------------
This posting is provided "AS IS" with no warranties, and confers no
rights. Please do not send email directly to this alias. This alias is for
newsgroup purposes only.


"Hii Sing Chung" <sing...@sgintracod.com> wrote in message
news:771A362C-2170-4FC2...@microsoft.com...

Hii Sing Chung

unread,
Apr 27, 2008, 11:05:48 PM4/27/08
to
Thank you Bharat,

I managed to search through the agent logs, and found that many mails were
unexpectedly blocked were given the reason "Message rejected by edge
rule,Blocked Subjects,". In my "Blocked Subjects" transport rule, I use the
"when the subjects field or the body of the message contains text
patterns".."silently drop the message". The "specify text patterns" I put
these:
c\wi\wa\wl*i\ws$
HSBC bank: security alert!
Rwd:
viagra
\\$REPLINK
^SALE*%*OFF$

I've tested that when mail sent in from external with subject I explicitly
put as "Rwd:", "SALE %", were received without being blocked. That make
things very strange. Is there anything wrong with the text patterns I used?

"Bharat Suneja [MSFT]" <bha...@nospam.org> wrote in message
news:%23KqoiFu...@TK2MSFTNGP02.phx.gbl...

0 new messages