Connection Filtering In Exchange 2013

MS Exchange

The change in Exchange 2013 architecture with just two roles has had an effect on the connection filtering anti-spam agent.

John asked via email – “How can I implement connection filtering in Exchange 2013 now that FPE 2010 is discontinued? I was able to install the anti-spam agents on a 2010 hub server & the connection filtering was taken care of”.

In Exchange 2013, the anti-spam agents can only be installed on the Mailbox role. But, the connection filtering which is very useful in fighting spam emails is not available in 2013. Same goes for the attachment filter. Even though CAS proxies emails back and forth (if setup correctly), it is a stateless proxy and can’t have any anti-spam agents on it.

As there is no Edge role in 2013 yet, the workaround is to use a 2007 or 2010 Edge role with the Exchange 2013 infrastructure. Both versions of Edge server can perform connection filtering. One point to note is that the edge subscription is setup from the Mailbox role in 2013 compared to the hub in 2010.

Another option to have connection filtering will be to use a cloud based anti-spam offering like FOPE or Exchange Online Protection (EOP) as it is called these days.

Any other options?

Other Popular Articles


MS Exchange

Keep Track Of Exchange 2013 Database Failovers

MS Exchange

Playing With Exchange 2013 Performance Logs

MS Exchange

Tackle .Net Framework 4.6.1 On Exchange Servers

11 thoughts on “Connection Filtering In Exchange 2013”

  1. Had been pulling my hair out on this at loosing connection filtering, even though Microsoft now say it’s ok to run CAS and mailbox role together. Was about to give up and install an edge server when I came across this blog. It works like a dream – logs prove emails are being blocked by spamhaus lookup and users very happy at diminished spam once again in their inbox! Result!

    Reply
  2. Be sure to set your pathing properly in the above script. And, after installation, pop a reboot. When the connection filter catches an email, it will create it’s log directory This can be found at in the (default) directory x:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog

    Enjoy!

    Reply
  3. It works just fine on exchange 2013. We have it running in 8 sites at this point with 0 issues. Hit powershell (run as admin):
    cd $exscripts
    Install-TransportAgent -Name “Connection Filtering Agent” -TransportService FrontEnd -TransportAgentFactory “Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentFactory” -AssemblyPath “D:\Program Files\Microsoft\Exchange Server
    \V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll”
    Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $true -Enabled $true
    Add-IPBlockListProvider -name bl.spamcop.net -LookupDomain bl.spamcop.net -AnyMatch $true -Enabled $true
    Add-IPBlockListProvider -name b.barracudacentral.org -LookupDomain b.barracudacentral.com -AnyMatch $true -Enabled $true
    Enable-TransportAgent -TransportService FrontEnd -Identity “Connection Filtering Agent”
    Restart-Service MSExchangeTransport

    Reply

Leave a Comment