Anti-spam whitelisting by sender IP in Exchange 2016 on-prem

Question

I can't seem to find the way to bypass the anti-spam filter by IP address in the Exchange 2016.

The goal is to allow POS tills to send automated emails to accounts when the bill is closed.

The IPAllowListEntry is a part of Connection Filter Agent that is only installed on Edge Transport servers which we don't have (it's a small org with 25-ish email addresses), so it's not an option.

I have created the transport rule to bypass the filter (this image) but it still rejects the email with "550 5.7.1 Message rejected as spam by Content Filtering".

Am I missing something or is it just not possible and I need to look for another way to get emails in?

The relevant Content Filter entry:

RunspaceId      : 48313825-e2e1-4519-aa46-4912cb226c0c
Timestamp       : 26/06/2020 12:25:15 PM
SessionId       : 08D7F137C2E9E894
IPAddress       : 10.0.0.33
MessageId       : <a0394c1a-0d1a-48e1-9df7-042aab9e55a0@SERVER.example.com>
P1FromAddress   : sender@example.com
P2FromAddresses : {sender@example.com}
Recipients      : {recipient@example.com}
Agent           : Content Filter Agent
Event           : OnEndOfData
Action          : RejectMessage
SmtpResponse    : 550 5.7.1 Message rejected as spam by Content Filtering.
Reason          : SclAtOrAboveRejectThreshold
ReasonData      : 7
Diagnostics     : DV:3.3.5705.600;SID:SenderIDStatus None
NetworkMsgID    : 5829a30a-4a41-430e-3aa7-08d8196765ee
TenantID        : 00000000-0000-0000-0000-000000000000
Directionality  : Incoming

score 0 · Answer 1 · answered Jul 01 '20 at 07:41

0

According to the code in the undeliverable message, it seems that content filter agent still blocks emails from the specific IP address range. Based on my research, you could try to allow specific recipients and senders for content filter(Use the Shell to configure recipient and sender exceptions):

Set-ContentFilterConfig -BypassedRecipients <recipient1,recipient2...> -BypassedSenders <sender1,sender2...> -BypassedSenderDomains <domain1,domain2...>

answered Jul 01 '20 at 07:41

Ivan_Wang

1,333
1
4
4

This is not an acceptable solution, sorry. Bypassed senders and recipients are processed separately, and I'm sure as hell not excluding the accounts mailbox from whatever limited protection is offered by Content Filter. – Draco-S Jul 02 '20 at 20:46
Run the command "Get-ContentFilterPhrase" to see if some specific words and phrases were blocked by content filter. At the same time, please try to disable/enable content filter(https://docs.microsoft.com/en-us/exchange/manage-content-filtering-exchange-2013-help#use-the-shell-to-enable-or-disable-content-filtering), and restart Microsoft Exchange Transport and Frontend Transport service, maybe the above methods could help you make the SCL rule work. – Ivan_Wang Jul 10 '20 at 07:43

score 0 · Accepted Answer · answered Sep 04 '20 at 04:27

OK, after much research I have come to the conclusion that it is not possible. The IP-based content filter rules only work on the Exchange Edge Transport service, which excludes small-business installations from the feature.

Leaving this here for people that encounter this or similar issue in future.

Anti-spam whitelisting by sender IP in Exchange 2016 on-prem

2 Answers2