我已將 Exchange 2013 邊緣傳輸伺服器設定為利用多個 IPBlockListProviders(包括 Spamhaus)。雖然它們在大多數情況下都工作得很好,但仍然有一些電子郵件儘管與阻止清單提供者之一匹配,但仍能通過。
以最近從 IP 66.248.197.240 收到的一封電子郵件為例,該電子郵件肯定位於 Spamhaus SBL 以及其他一些位址上(http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a66.248.197.240&run=toolpage)並由邊緣伺服器正確識別,如下所示:
[PS] C:\Users\Administrator>Test-IPBlockListProvider -Identity "Spamhaus" -IPAddress 66.248.197.240
Provider ProviderResult Matched
-------- -------------- -------
Spamhaus {127.0.0.3} True
我已經確認我沒有使用任何公共 DNS 轉發器(例如 Google 的),因此這不是全部或全部被封鎖的問題。
最令人困惑的是,此配置適用於 SBL 上收到的大多數訊息:
[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\get-AntispamTopRBLProviders.ps1
Name Value
---- -----
Spamhaus 4594
SpamCop 48
有趣的是,似乎產生重大影響的一件事是修改傳輸代理的優先級,使連接過濾代理處於第一位。這是我目前的配置,以防相關:
[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-TransportAgent
Identity Enabled Priority
-------- ------- --------
Connection Filtering Agent True 1
Sender Id Agent True 2
Sender Filter Agent True 3
Recipient Filter Agent True 4
Content Filter Agent True 5
Address Rewriting Inbound Agent True 6
Edge Rule Agent True 7
Attachment Filtering Agent True 8
Address Rewriting Outbound Agent True 9
Protocol Analysis Agent True 10
我新增了來自下面 SBL 上的 IP 位址的電子郵件的完整郵件標頭(已編輯我的伺服器身分)。很明顯,包含所有垃圾郵件過濾功能會影響郵件到達郵件伺服器所需的時間(在本例中,提交和送達之間需要 8 秒),但似乎並沒有足夠。
X-Ms-Exchange-Organization-Network-Message-Id: 32388ce4-005a-4090-a363-08d2612d1e23
X-Ms-Exchange-Organization-Authas: Anonymous
Pm-Xs: 15766241f_7460962er.x15766241
X-Ms-Exchange-Organization-Avstamp-Enterprise: 1.0
Vr-Yhkrg: 15766241s-15766241e_i7460962
X-Ms-Exchange-Organization-Prd: heliq240.emited.work
X-Ms-Exchange-Organization-Pcl: 2
Return-Path: [email protected]
X-Ms-Exchange-Organization-Scl: 1
Mime-Version: 1.0
Ybu-Efa: c3195284488a449ed165c2c50f18376bb-ec3195284488a449ed165c2c50f18376b.u15766241
Okul-Lfp: 15766241y.15766241n_c7460962
X-Ms-Exchange-Organization-Senderidresult: None
X-Ms-Exchange-Organization-Antispam-Report: DV:3.3.14519.472;SID:SenderIDStatus None;OrigIP:66.248.197.240
Message-Id: <c3195284488a449ed165c2c50f18376b.15766241.7460962@heliq240.emited.work>
X-Ms-Exchange-Organization-Authsource: edgeserver.mydomain.com
Content-Type: multipart/alternative; boundary="15766241"
Received-Spf: None (edgeserver.mydomain.com: [email protected] does not designate permitted sender hosts)
Received: from mailboxserver.mydomain.com (192.168.1.2) by mailboxserver.mydomain.com (192.168.1.2) with Microsoft SMTP Server (TLS) id 15.0.847.32 via Mailbox Transport; Wed, 20 May 2015 10:59:49 -0500
Received: from mailboxserver.mydomain.com (192.168.1.49) by mailboxserver.mydomain.com (192.168.1.49) with Microsoft SMTP Server (TLS) id 15.0.847.32; Wed, 20 May 2015 10:59:43 -0500
Received: from edgeserver.mydomain.com (192.168.1.4) by mailboxserver.mydomain.com (192.168.1.49) with Microsoft SMTP Server (TLS) id 15.0.847.32 via Frontend Transport; Wed, 20 May 2015 10:59:43 -0500
Received: from heliq240.emited.work (66.248.197.240) by edgeserver.mydomain.com (192.168.1.4) with Microsoft SMTP Server id 15.0.847.32; Wed, 20 May 2015 10:59:41 -0500
New telecommuting opportunities available today - 05/20/15
有什麼建議麼?
另外,這是我在 Stack Exchange 網站上發表的第一篇文章。我希望這個問題是有價值的並且在正確的網站上。如果沒有,請告訴我!
答案1
我建議您也檢查您的允許列表,因為您似乎對(可能已啟用的)阻止列表遭受了嚴重打擊。我的直覺是,您必須在傳輸流中有一條規則來成功驗證訊息。由於連接過濾器在清單中最高,我認為責任就到此為止。