我已经将我们的 Exchange 2013 边缘传输服务器配置为使用多个 IPBlockListProviders,包括 Spamhaus。虽然它们大多数时候都运行良好,但仍有一些电子邮件尽管与某个阻止列表提供商匹配,但仍会通过。
以最近从 IP 66.248.197.240 收到的一封电子邮件为例,该 IP 肯定位于 Spamhaus SBL 以及其他一些 IP 上(http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a66.248.197.240&run=toolpage) 并被 Edge 服务器正确识别为:
[PS] C:\Users\Administrator>Test-IPBlockListProvider -Identity "Spamhaus" -IPAddress 66.248.197.240
Provider ProviderResult Matched
-------- -------------- -------
Spamhaus {127.0.0.3} True
我已经确认我没有使用任何公共 DNS 转发器(例如 Google 的),因此不存在全部或全部被阻止的问题。
最令人困惑的是,此配置适用于在 SBL 上接收的大多数消息:
[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\get-AntispamTopRBLProviders.ps1
Name Value
---- -----
Spamhaus 4594
SpamCop 48
有趣的是,似乎有一件事产生了重大影响,那就是修改传输代理的优先级,使连接过滤代理排在第一位。这是我当前的配置,以防万一:
[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-TransportAgent
Identity Enabled Priority
-------- ------- --------
Connection Filtering Agent True 1
Sender Id Agent True 2
Sender Filter Agent True 3
Recipient Filter Agent True 4
Content Filter Agent True 5
Address Rewriting Inbound Agent True 6
Edge Rule Agent True 7
Attachment Filtering Agent True 8
Address Rewriting Outbound Agent True 9
Protocol Analysis Agent True 10
我附上了一封来自 SBL 上的 IP 地址的电子邮件的完整邮件头(已删除我的服务器身份)。很明显,我所拥有的所有垃圾邮件过滤功能都会影响邮件到达邮箱服务器所需的时间(在本例中,从提交到投递需要 8 秒),但这似乎还不够。
X-Ms-Exchange-Organization-Network-Message-Id: 32388ce4-005a-4090-a363-08d2612d1e23
X-Ms-Exchange-Organization-Authas: Anonymous
Pm-Xs: 15766241f_7460962er.x15766241
X-Ms-Exchange-Organization-Avstamp-Enterprise: 1.0
Vr-Yhkrg: 15766241s-15766241e_i7460962
X-Ms-Exchange-Organization-Prd: heliq240.emited.work
X-Ms-Exchange-Organization-Pcl: 2
Return-Path: [email protected]
X-Ms-Exchange-Organization-Scl: 1
Mime-Version: 1.0
Ybu-Efa: c3195284488a449ed165c2c50f18376bb-ec3195284488a449ed165c2c50f18376b.u15766241
Okul-Lfp: 15766241y.15766241n_c7460962
X-Ms-Exchange-Organization-Senderidresult: None
X-Ms-Exchange-Organization-Antispam-Report: DV:3.3.14519.472;SID:SenderIDStatus None;OrigIP:66.248.197.240
Message-Id: <c3195284488a449ed165c2c50f18376b.15766241.7460962@heliq240.emited.work>
X-Ms-Exchange-Organization-Authsource: edgeserver.mydomain.com
Content-Type: multipart/alternative; boundary="15766241"
Received-Spf: None (edgeserver.mydomain.com: [email protected] does not designate permitted sender hosts)
Received: from mailboxserver.mydomain.com (192.168.1.2) by mailboxserver.mydomain.com (192.168.1.2) with Microsoft SMTP Server (TLS) id 15.0.847.32 via Mailbox Transport; Wed, 20 May 2015 10:59:49 -0500
Received: from mailboxserver.mydomain.com (192.168.1.49) by mailboxserver.mydomain.com (192.168.1.49) with Microsoft SMTP Server (TLS) id 15.0.847.32; Wed, 20 May 2015 10:59:43 -0500
Received: from edgeserver.mydomain.com (192.168.1.4) by mailboxserver.mydomain.com (192.168.1.49) with Microsoft SMTP Server (TLS) id 15.0.847.32 via Frontend Transport; Wed, 20 May 2015 10:59:43 -0500
Received: from heliq240.emited.work (66.248.197.240) by edgeserver.mydomain.com (192.168.1.4) with Microsoft SMTP Server id 15.0.847.32; Wed, 20 May 2015 10:59:41 -0500
New telecommuting opportunities available today - 05/20/15
有什么建议么?
另外,这是我在 Stack Exchange 网站上的第一篇帖子。我希望这个问题是值得的,并且是在正确的网站上。如果不是,请告诉我!
答案1
我建议您也检查一下您的允许列表,因为看起来您与(可能已启用的)阻止列表的冲突很严重。我的直觉是,您在传输流中必须有一个规则可以成功验证该消息。由于连接过滤器在列表中处于最高位置,我认为责任就到此为止了。