Automated E-Mails that are sent by our helpdesk now include an image which is being blocked by OWA and now requires each user to click the link that re-enables the blocked content on every single e-mail they recieve. The address these e-mails come from is inside our organisation, is there a way to make the sender a trusted sender at organistaion level so each user doesn't have to all the address to their trusted senders list manually? We don't use an Edge server in our setup - not sure if that will make a difference or not.

A couple of ways: 1. Create a hub transport rule and assign a SCL of -1 to those messages based on the FROM: 2. Set it at the mailbox level with: http://technet.microsoft.com/en-us/library/dd979780.aspx Set-MailboxJunkEmailConfiguration

Andy, That didn't work. I've created the hub transport rule and it's had no effect. I didn't look at option 2 because the e-mails are not actually going into the user junk e-mail folder. Here is a screenshot of what we are seeing. http://tinypic.com/r/11ha04h/7 Cheers Adam.

Actually, I would try option 2. Option 1 ensures that it doesnt go to junk but doesnt make it truly "trusted". However, if you go with Option 2, you have to be very careful because simply adding a trusted sender via that powershell command will overwrite anything the user already has, so you would need to script something to pull out the existing safe sender lists and append the one you want to add. Also note, you can use a GPO to do this as well at the client level http://technet.microsoft.com/en-us/library/cc179183.aspx These are the only real options at a global level.

Andy, Couldn't use option 2 either. I've got the following error because the address is within our organisation. Property validation failed. Property = TrustedSendersAndDomains (System.String) Error = "allictsupport[at]riddlesdown.org" is in your organization and can't be added to Safe Senders and Recipients.. + CategoryInfo : NotSpecified: (0:Int32) [Set-MailboxJunkEmailConfiguration], PropertyValidationException + FullyQualifiedErrorId : 2E811E82,Microsoft.Exchange.Management.StoreTasks.SetMailboxJunkEmailConfiguration I can't use the GPO option as this is happening for users using OWA - In Outlook it is fine. Any other suggestions?

Do those user use Outlook as well? If so, the GPO can be used and the safe senders will accessible for OWA and Outlook clients as its stored in the mailbox. What version of Exchange and Service pack are you using?

Most don't use Outlook. I use Outlook 2010 and I haven't had to add anything. My assumption was addresses within the organisation were considered safe. Exchange 2010 SP1 is what we are using.

Ok, as you have seen, you cant add your own domains to the safe sender lists either through OWA or Powershell. You can however add them via Outlook. There is a bug in 2010 SP1 that will clear the safe sender list if you add domains you are authoritative for via Outlook. ( Outlook lets you add them - but that is incorrect behavior) The fix will be upcoming in a future rollup. However, you still wont be able to add your own domains once that fix is released - it only fixes the bug that clears out the entire list. Your only real option is to either change the FROM: so that it comes from a SMTP domain you do not control ( and have the users add to their safe sender lists) or use the hub transport rule I mentioned earlier ( though its a not a perfect solution)

I'd go with the hub transport rule, but, I cannot get it to work. This is what I have: from people: allictsupport[at]riddlesdown.org set scl to: -1 no exclusions When I send an e-mail to that address I have the same problem trying to view it in OWA.

Instead of from people, have the rule check if the FROM matches a pattern ( and enter the SMTP address) After that, check the header of the message to verify that anonymous messages sent from outside of Exchange using that FROM have a SCL of -1 That's about a close as you can get to making it a safe sender.

I've changed the hub transport rule and still the e-mail is not considered safe. Here is the contents of the message header: Received: from (10.59.100.28) by EX2010-1.riddlesdown.local (10.59.100.41) with Microsoft SMTP Server (TLS) id 14.1.218.12; Fri, 3 Dec 2010 19:49:19 +0000 Date: Fri, 3 Dec 2010 19:49:19 +0000 From: IT Support <allictsupport[at]riddlesdown.org> To: <address removed before posting> Message-ID: <4cf949bf6a0f4_580f0535201466cc@HELPDESK.tmail> Subject: [Ticket #5941] Test 5 - Spiceworks MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="mimepart_4cf949bf90257_580f05352014678" Return-Path: allictsupport@riddlesdown.org X-MS-Exchange-Organization-AuthSource: EX2010-1.riddlesdown.local X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 06 X-Originating-IP: [10.59.100.28] X-MS-Exchange-Organization-SCL: -1 I can't believe that e-mails from originating from an accepted domain are not considered safe.

X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 06 Those 2 headers indicate that the sender is authenticating to Exchange, so it should be trusted.

On Mon, 29 Nov 2010 20:32:39 +0000, adamf83 wrote: >Automated E-Mails that are sent by our helpdesk now include an image which is being blocked by OWA and now requires each user to click the link that re-enables the blocked content on every single e-mail they recieve. What link is it they have to click? Is the image embedded in the message or is it a link to a file on a web server? If it's link to a web site, is the web site in the brwoser's "trusted sites"? >The address these e-mails come from is inside our organisation, is there a way to make the sender a trusted sender at organistaion level so each user doesn't have to all the address to their trusted senders list manually? > >We don't use an Edge server in our setup - not sure if that will make a difference or not. Are you sure this isn't a browser configuration thing? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Fri, 3 Dec 2010 20:38:53 +0000, AndyD_ wrote: > > >X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 06 > > > >Those 2 headers indicate that the sender is authenticating to Exchange, so it should be trusted. Not to mention the "X-MS-Exchange-Organization-SCL: -1" which says the message certainly isn't considered to be spam -- at least not by Exchange. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Rich, The image is embeded in the message (<img src> etc..), the actual file is stored on our webserver. I've added the site to trusted sites in IE and this doesn't appear to have made a difference. I've tried this using IE and Firefox, I get the same problem on both - I don't think it's a browser config thing.

One thing you may want to look at is to disable Web Beaconing for OWA. ( I'm not recommending it necessarily) I think you should look at changing the FROM: to a SMTP address that your Exch org isnt authoritative for and that will allow users to add to their safe sender list if the hub transport rule isnt working as expected. http://technet.microsoft.com/en-us/library/bb430788.aspx

Disabling Web Beaconing for OWA does work but i'm not sure I want to implement that as a change. I will look at how I can use a smtp address my Exchange org isn't authoritative for with our helpdesk product. Thanks for all the suggestions.

On Sat, 4 Dec 2010 11:29:08 +0000, adamf83 wrote: >The image is embeded in the message ( etc..), the actual file is stored on our webserver. I've added the site to trusted sites in IE and this doesn't appear to have made a difference. How large is the image? Can it be included in the message and reference by a content identifer instead of using a link? >I've tried this using IE and Firefox, I get the same problem on both - I don't think it's a browser config thing. http://technet.microsoft.com/en-us/library/bb124901.aspx I suppose you could also add the domain (or the usrer) that sends the e-mail to the client's Safe Sender list. I think the definition of "external" content is "anything not in the message". --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

The image is 12k. I don't know about including it in the message and referencing it by a content identifer - how would I go about that? I can't add the domain that send the e-mail as it's the same domain that our exchange org is authoritave for.

On Sat, 4 Dec 2010 22:19:42 +0000, adamf83 wrote: >The image is 12k. I don't know about including it in the message and referencing it by a content identifer - how would I go about that? You include the image as another MIME body part and refer to it in the img tag by name. >I can't add the domain that send the e-mail as it's the same domain that our exchange org is authoritave for. Then change the name of the sending domain. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP