Hi everybody

The following mail considered as spam (flase positive) by Exchange Edge server 2013 and moved to spam quarantine mailbox specified in the contentfilter config. While analyzing the header I didn't see any thing wrong with the sender. Any ideas?Thanks in advance

***********************

Delivery of this message to the following recipients or groups is quarantined:
mwafeeq@1234web.net.nl
Subject: eOoredoo Bill notification

Diagnostic information for administrators:
Generating server: Edge01.1234web.net.nl
mwafeeq@1234web.net.nl
Remote Server returned '550 5.2.1 Content Filter agent quarantined this message'
Original message headers:
Received: from smtp-out1.ooredoo.qa (212.77.206.2) by Edge01.1234web.net.nl
 (192.168.1.69) with Microsoft SMTP Server id 15.0.995.29; Thu, 26 Mar 2015
 12:04:36 +0300
Message-ID: <7ad34c$cmglg@smtp-out1.ooredoo.qa>
Date: Thu, 26 Mar 2015 09:04:12 +0000
From: e-ooredoo <e-ooredoo@ooredoo.qa>
Subject: eOoredoo Bill notification
To: <mwafeeq@1234web.net.nl>
MIME-Version: 1.0
Content-Type: text/plain
Return-Path: e-ooredoo@ooredoo.qa
Received-SPF: Pass (Edge01.1234web.net.nl: domain of e-ooredoo@ooredoo.qa
 designates 212.77.206.2 as permitted sender) receiver=Edge01.1234web.net.nl;
 client-ip=212.77.206.2; helo=smtp-out1.ooredoo.qa;

******************************

<o:p></o:p>

inorder to check if actually content filtering is causing this issue can you disable content filtering restart transport service and see the results

Hi Noufal,

As the suggestion above, you can use to troubleshoot if the issue is associated with Content Filter agent.

In addition, you can also try to bypass this sender or his domain with the following command and check if any helps:

Set-ContentFilterConfig -BypassedSender  e-ooredoo@ooredoo.qa

Set-ContentFilterConfig -BypassedSenderDomains ooredoo.qa

Best regards,

of course It is from the content-filtering moving to the quarantine email address r as specified in the configuration below

Get-ContentFilterConfig
RunspaceId                            : 771a9992-2a79-466a-9186-89a8a9e6ad1d
Name                                  : ContentFilterConfig
RejectionResponse                     : Your message was rejected because it appears to be SPAM by  spam
                                        intelligence team.
OutlookEmailPostmarkValidationEnabled : True
BypassedRecipients                    : {}
QuarantineMailbox                     : administrator@1234web.net.nl
SCLRejectThreshold                    : 8
SCLRejectEnabled                      : False
SCLDeleteThreshold                    : 9
SCLDeleteEnabled                      : False
SCLQuarantineThreshold                : 9
SCLQuarantineEnabled                  : True
BypassedSenders                       : {noreply@1234web.net, fatwahelp@1234web.net.nl, noreply@1234web.net.nl,
                                        noreplay@1234web.net.nl, noreplay@1234web.net, timea@1234web.net.nl}
BypassedSenderDomains                 : {providesupport.com}
Enabled                               : False
ExternalMailEnabled                   : True
InternalMailEnabled                   : False
AdminDisplayName                      :
ExchangeVersion                       : 0.1 (8.0.535.0)
DistinguishedName                     : **
Identity                              : ContentFilterConfig
Guid                                  : 27950756-e31f-4428-81f3-5f96c558d96d
ObjectCategory                        : 1234web.net.nl/Configuration/Schema/ms-Exch-Message-Hygiene-Content-Filter-Con
                                        fig
ObjectClass                           : {top, msExchAgent, msExchMessageHygieneContentFilterConfig}
WhenChanged                           : 11/2/2014 8:07:27 AM
WhenCreated                           : 5/21/2007 9:11:23 AM
WhenChangedUTC                        : 11/2/2014 5:07:27 AM
WhenCreatedUTC                        : 5/21/2007 6:11:23 AM
OrganizationId                        :
OriginatingServer                     : DC2.1234web.net.nl
IsValid                               : True
ObjectState                           : Unchanged

Did you try sending this email to your personal account hotmail, gmail  and see if where this email gets landed ?

This is important incoming mail from  third party , like billing statement from Wowza (http://www.wowza.com) . When I forward by clicking "send again" from quarantine mailbox it goes to inbox of the recipient.