ContentFilterConfigBypassedRecipient In Spam Email Header…

I was at a customer site and had to look into a strange issue. The issue was that one user kept getting spam emails, that too emails which are clearly spam in all respect. This was happening only for one user and the organization had a combined TMG, Edge 2010 & Forefront 2010 for Exchange as their spam filtering system. Of course, they had an array of TMG servers.

Below is what the user had in the spam email header.

X-MS-Exchange-Organization-Antispam-Report: ContentFilterConfigBypassedRecipient

X-MS-Exchange-Organization-SCL: -1

X-MS-Exchange-Organization-Antispam-Report: MessageSecurityAntispamBypass

MIME-Version: 1.0

SCL rating of –1 for a spam email & ContentFilterConfigBypassedRecipient means that the user is been configured to bypass the checks.  I immediately checked the TMG servers and Forefront for any “Allowed Recipients List” which will bypass the antispam checks, but the list was empty.

The issue was that this particular user had “AntispamBypassEnabled” set to true on the mailbox level. You can find the setting by running

Get-Mailbox “user” | fl anti*

Get antispambypassenabled value

In my case, the setting was set to true, which made all spam emails appear in his inbox. Once I had flipped it to false, spam emails were blocked by Forefront.

In order to set the value to false (which is the default), run

Set-Mailbox “user” –AntispamBypassEnabled $false

Set it to false

This was the the last place I looked in solving this particluar issue & hence thought of sharing, in case someone else comes across the same problem.

Leave a Comment