Connection Filtering In Exchange 2013

Share & Comment

The change in Exchange 2013 architecture with just two roles has had an effect on the connection filtering anti-spam agent.

John asked via email – “How can I implement connection filtering in Exchange 2013 now that FPE 2010 is discontinued? I was able to install the anti-spam agents on a 2010 hub server & the connection filtering was taken care of”.

In Exchange 2013, the anti-spam agents can only be installed on the Mailbox role. But, the connection filtering which is very useful in fighting spam emails is not available in 2013. Same goes for the attachment filter. Even though CAS proxies emails back and forth (if setup correctly), it is a stateless proxy and can’t have any anti-spam agents on it.

As there is no Edge role in 2013 yet, the workaround is to use a 2007 or 2010 Edge role with the Exchange 2013 infrastructure. Both versions of Edge server can perform connection filtering. One point to note is that the edge subscription is setup from the Mailbox role in 2013 compared to the hub in 2010.

Another option to have connection filtering will be to use a cloud based anti-spam offering like FOPE or Exchange Online Protection (EOP) as it is called these days.

Any other options?

Share & Comment
Subscribe for Updates
Never miss a blog post again

6 thoughts on “Connection Filtering In Exchange 2013

  1. Eric Parr

    It works just fine on exchange 2013. We have it running in 8 sites at this point with 0 issues. Hit powershell (run as admin):
    cd $exscripts
    Install-TransportAgent -Name “Connection Filtering Agent” -TransportService FrontEnd -TransportAgentFactory “Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentFactory” -AssemblyPath “D:\Program Files\Microsoft\Exchange Server
    \V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll”
    Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $true -Enabled $true
    Add-IPBlockListProvider -name bl.spamcop.net -LookupDomain bl.spamcop.net -AnyMatch $true -Enabled $true
    Add-IPBlockListProvider -name b.barracudacentral.org -LookupDomain b.barracudacentral.com -AnyMatch $true -Enabled $true
    Enable-TransportAgent -TransportService FrontEnd -Identity “Connection Filtering Agent”
    Restart-Service MSExchangeTransport

    Reply
  2. Eric Parr

    Be sure to set your pathing properly in the above script. And, after installation, pop a reboot. When the connection filter catches an email, it will create it’s log directory This can be found at in the (default) directory x:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog

    Enjoy!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>