Kernel Data Recovery Blog

Setup Anti-Malware and Anti-Spam in Exchange Server 2016/2019

Read time 4 minutes

Summary: Safeguarding your company’s data and assets is more than a necessity in this era where cyberattacks are more prevalent. Organizations need to be highly cautious while applying spam settings. This article will guide you through the process to setup anti-malware and anti-spam in Exchange Server 2016/2019. However, if you lose your data or there exists any corruption, Kernel for Exchange Server Recovery tool is the best to rely on.

Exchange Server receives a vast number of emails in business organizations, in addition to sending many emails outside the organization. An Exchange Administrator must secure its mail recipients from external threats like spamming, phishing, virus attacks, and hacking attempts. Microsoft has some inbuilt protection like anti-malware and anti-spam features, which you can configure to safeguard the data.

Let’s dig deep and learn how we can enable anti-spam and anti-malware protection using various transport agents. But first, we must understand how they work and protect the data.

Anti-spam agent for Mailbox Servers

In the typical condition, the Exchange Administrator must enable the anti-spam agents on Mailbox Servers when there is no Edge Transport server or a robust anti-spam protection application in the organization. These agents have a priority value, and a lower value indicates a higher priority. Based on the default priority value, here is the order of agents in which they are applied to the messages of the mailbox –

Note: It’s crucial to remember that the mailbox servers already have a Recipient Filter Agent. However, you must refrain from configuring it. If the recipient filter agent identifies any blocked or invalid receiver in the list of other receivers within a message, the entire message will be rejected. You only need to enable the Recipient Filter Agent with antispam agents enabled on the mailbox server without configuring it to block any recipients.

Installing anti-spam agents on mailbox servers

You can install all these agents using an Exchange Management Shell script only and here is its whole procedure in a stepwise manner.

  1. Start the Exchange Management Shell on Exchange Server and run the following script.

    & $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

    When the script runs successfully, it will ask you to restart the Exchange Server.

  2. Restart the Microsoft Exchange Transport services with the command.

    Restart-Service MSExchangeTransport

  3. Now, mention the incoming SMTP servers which you want to ignore by the sender ID agent. You can specify multiple numbers of SMTP servers, but you need to specify at least one server necessarily.

    Set-TransportConfig -InternalSMTPServers @{Add=”IP address1″,”IP address2”,}

    Example

    Set-TransportConfig -InternalSMTPServers @{Add=”10.0.21.21″,”10.0.21.22″, “10.0.21.23” }

    To verify the presence of SMTP server in the configuration list, run the command –

    Get-TransportConfig | Format-List InternalSMTPServers

  4. Install all the agent with this command.

    Get-TransportAgent

    And

    Get-ContentFilterConfig | Format-Table Name,Enabled; Get-SenderFilterConfig | Format-Table Name,Enabled; Get-SenderIDConfig | Format-Table Name,Enabled; Get-SenderReputationConfig | Format-Table Name,Enabled

    Check the status of each agent by running following commands one by one.

    Get-ContentFilterConfig | Format-List *Enabled,RejectionResponse,*Postmark*,Bypassed*,Quarantine*;
    Get-SenderFilterConfig | Format-List *Enabled,*Block*
    Get-SenderIDConfig | Format-List *Enabled*,*Action,Bypassed*
    Get-SenderReputationConfig | Format-List *Enabled*,*Proxy*,*Block*,*Ports*

All these agents work on the mailbox server, and you need to install and configure them manually. However, many administrators overlook the importance of anti-spam protection and face severe corruption issues in the Exchange. There is an in-built utility called ESEUTIL to repair the Exchange Server database using multiple switches, but it can further delete the corrupt data rather than recover it.

Installing anti-malware agents on mailbox servers

Run the following commands in the Exchange Management Shell on the Mailbox server to setup the anti-malware agents:

Step1: Create a malware filter policy

Use the following command to create a malware filter policy:

New-MalwareFilterPolicy -Name “” [-Action ] [-AdminDisplayName ““] [-BypassInboundMessages <$true | $false>] [-BypassOutboundMessages <$true | $false>] [-CustomNotifications <$true | $false>] [] []

This will create a new malware filter policy with the following settings:

Step2: Create malware filter rule

Execute the following command to create a malware filter rule:

New-MalwareFilterRule -Name “” -MalwareFilterPolicy “” [] [-Comments ““]

A new malware filter rule is created with the given settings:

Step3: Verify the policy

Run the given command to verify that policies are successfully created:

Get-MalwareFilterPolicy -Identity “” | Format-List

Conclusion

With these basic steps and commands, one can set up anti malware and anti spam in Exchange Server. However, there can also be instances when data loss or breaches occur even after enabling them. Here comes the Kernel for Exchange Server software at your rescue. The software is a specialized data recovery software which can handle corruption, recover accidentally deleted messages from the Exchange database, and bring all the data back to you.