To read the official Microsoft topic on this subject, see Configuring content filtering on the Microsoft TechNet Library.
***********************************
The Forefront Protection 2010 for Exchange Server (FPE) content filter uses the Cloudmark™ Antispam engine to analyze each e-mail message and stamp it with a Spam Confidence Level (SCL). The SCL ratings that can be applied are -1 and 0 and 5 - 9, where:
FPE does not assign SCL ratings between SCL: 1 to SCL: 4. Messages that fall into this category are assigned SCL ratings of SCL:-1 or SCL: 0.
The Cloudmark Antispam engine uses frequently updated spam definitions in order to detect spam.
After an SCL rating is assigned to an e-mail message, FPE can be configured to take several different actions based on the administrator's configured SCL threshold. FPE assigns different values to the SCL rating based on how much you trust the antispam engine's spam determinations.
The SCL action is configured using a drop down box that ranges from None to SCL 5 – 9.
The default setting for the Suspected spam drop down is SCL 5 - 7, which means that all mail with an SCL rating between 5 and 7 will be treated as suspected spam and quarantined and all mail with an SCL rating of 8 or 9 will be treated as certain spam. You should monitor the mail that ends up in quarantine, and if you find that all or most of it is spam, you can adjust the SCL setting to a lower setting. For example, you can configure FPE to quarantine messages with SCL 5 or 6 and reject messages starting with SCL 7 and continue to monitor the quarantine for false positives.
You can configure FPE to take several actions when spam is detected.
To begin using content filtering, you must enable the content filter, enable definition updates for the Cloudmark Antispam engine, and then configure the Spam Confidence Level setting.
In the Forefront Protection 2010 for Exchange Server Administrator Console Policy Management tree view, expand Antispam, and then click Configure.
In the Antispam – Configure pane, in the Content filter section, select the Enable Content Filtering check box. You must stop and then restart the Microsoft Exchange Transport service for changes to this setting to take effect. Do not use the Restart function.
The antispam engine downloads definition updates independently from other engine and definition updates. If you use a proxy server, configure proxy settings to ensure that the antispam updates download successfully. Antispam updates cannot be downloaded from a redistribution server (UNC path).
The antispam engine is updated very infrequently, at most two times per year and this is the version information that is displayed in the UI. So do not be alarmed if the version information does not change often in the UI. The actual spam definitions (fingerprints) are updated every forty five seconds (These are called “microupdates.”), and full fingerprint updates are downloaded approximately every three minutes. This guarantees that FPE always runs with the latest spam fingerprints.
In the FPE Administrator Console Policy Management tree view, tree, expand Antispam, and then click Configure.
In the Antispam - Configure pane, in the Content filter section, and select the SCL setting you would like in the Suspected spam drop down box. This sets level at which you would like e-mail messages that have been assigned an SCL rating to be considered "certain spam."
Based on the level you have selected, select the Action that FPE should take for Suspect and Certain spam messages, and then click Save at the top of the pane.
In the Policy Management view of the FPE Administrator Console, in the tree, expand Antispam, and then click Configure.
In the Antispam - Configure pane, in the Content filter section, click the Configure Content Allow Lists button or select Configure Content Allow Lists in the Actions pane.
In the Configure Content Allow Lists dialog box, perform the following steps:
Click Save at the top of the pane to save your configuration.
The address is added to the allowed sender domains list. You can repeat this step in order to add more domain names.
In the FPE Administrator Console Policy Management view, in the tree view, expand Antispam, and then click Configure.
The address is added to the Recipient Exception list. You can repeat this step in order to add more addresses.
Note You can edit items in the lists by double-clicking and editing an item, and then pressing ENTER. You can delete items from the lists by selecting an item and clicking Remove. You can also import and export items from a list.
FPE can collect data about spam detections and report it to the antispam engine vendor. This data is used to help improve detection rates of the engine.
In the Content filter section, select the Report statistical data to 3rd party engine provider check box.
No personal information is collected as part of this process.
Information about false negatives and false positives are used by the antispam engine maker to improve the performance of the engine.
To submit false positive or false negative spam e-mail messages, send the e-mail as an RFC 2822 attachment. Do not send misclassified messages by using the Forward command; this strips them of essential header information and will result in an invalid submission.
Send the original e-mail message for analysis to:
To attach an e-mail message as an RFC 2822 attachment
In Microsoft Outlook, create a new e-mail message.
Address it to the appropriate address.
Click the Attach Item button, select the e-mails that were falsely classified, and then click OK.
Fernando Lugão Veltem edited Revision 5. Comment: added toc