Hello All, my apologies if this is in the wrong forum category, wasn't sure where to fit it.

I am having an issue with forefront, everything was fine until a power outage and then it started. Emails that were sent to employees in the firm (Non Spam) were being marked as SCL 9 and getting quarantined.

What's happening/what I've found/what I've done:
-1 conversation between 4 people in TO:, 1 person will get the email 3 will get quarantined
-Good emails with no content other than for example "Hello world" is getting marked as spam
-There are no custom words
-Everything that is being filtered is done by Cloudmark (Content Filtering)
-SCL threshold is set to SCL 5 to 9
-Tracking Log Explorer shows emails were indeed quarantined because of Content Filtering
-Turning off AntiSpam allows emails to go in, enabling AntiSpam and disabling Content Filtering allows emails to go in, enabling Content filtering stops emails
-Server has been updated and rebooted
-the AMD64 folder which stores all the FSE files has been renamed and recreated by ForeFront
-CloudMark AntiSpam Engine has been updated (manually after issues arrived)

There is defenitly more things, I would have to write 5 pages full to write it all up


Example of log of a GOOD email that was filtered
2015-02-11T07:23:56.114Z,08D2131CBFCCD6E3,192.168.2.5:25,77.11.22.33:30423,77.11.22.34,<000a01d045cb$b1ec37b0$15c4a710$@abc.com>,Real.Person@abc.com,Real.Person@aabc.com;,Real.Person2@company.com,1,FSE Content Filter Agent,OnEndOfData,QuarantineMessage,550 5.2.1 Content Filter agent quarantined this message,SclAtOrAboveQuarantineThreshold,9,v=2.1 cv=Z6zVQhhA c=0 sm=1 tr=0 p=4MfX1YvupX4A:10 a=LTOlPjUYpQHiz8jQH8PLbA==:117 a=LTOlPjUYpQHiz8jQH8PLbA==:17 a=jPJDawAOAc8A:10 a=mwYmVkQf-84A:10 a=WeXzW5BiAAAA:8 a=0HtSIViG9nkA:10 a=3j4BkbkPAAAA:8 a=CnHykNJeAAAA:8 a=jU4qhlNgAAAA:8 a=JqEG_dyiAAAA:8 a=rlBN

Does anyone have any suggestions what can be done?

Alan

Hi,

Please have look at the mlavie's reply on the thread below.

"I think I may have solved this. After nearly giving up, I noticed that about the same time, Verizon.net (a large USA ISP) started rejecting emails from my server. I contacted Verizon support, who told me I had been blacklisted. They would not tell me who runs their blacklists, but some Googling showed it to (apparently) be...

...

... Cloudmark.

After I did everything Verizon recommended to do, I was no longer on their blacklist -and - my server started letting in email again.

It would appear that Forefront for Exchange was being told by Cloudmark that its own Exchange Server was a threat, and therefore blocked anything coming through it. On one hand, this makes sense. On the other hand, if I am correct, then Forefront should have given an indication of the reason for this exceptional situation."

https://social.technet.microsoft.com/Forums/forefront/en-US/843e1506-f1c1-4f23-82bb-09c709049667/fse-marking-all-inbound-email-as-spam-due-to-content?forum=FSENext

Best Regards,

Joyce