I am having problems with Outlook Blocked senders list. Emails from the blocked sender are still showing up in the Inbox although they are blocked. The SCL rating shows -1 in the email headers. Safe senders list is empty.I am using Exchange 2010 SP1 and FPE2010. It seems FPE2010 stamps some messages with SCL -1 rating and then outlook 2010 ignores Blocked senders list for SCL-1 rating. I am testing this with my Hotmail account and SCL shows -1. I don't have any Exch Hub transport rules configured.

I tried "New-FseExtendedOption –Name CFAllowBlockedSenders –Value true" and restarted the transport service on the Edge server, but it did not solve the problem?

Any ideas? I am running Exchange 2010 SP1 and FPE 2010.

1. check that user is in safe senders list. 

2. check that domian in safe senders 

3. check "also trust email from contacts" 

4. open outlook in safe mode and try 

They all look good, but still the problem exists.

Hi,

check the following thread:

http://social.technet.microsoft.com/Forums/en-US/FSENext/thread/d78a0625-d9a3-46af-95dd-cd060ee45791

It looks similar to me.

Greetings

Christian

Are all the emails that are coming in getting an SCL -1?  If you've set that ExtendedOption and emails are still getting SCL -1's then it sounds like they are not even being scanned.  It sounds like they might be being bypassed.  That Extended option will convert the SCL of messages that were scanned and given a SCL -1 to a SCL 0.  However, if the message was NOT ever scanned by Cloudmark, in a case where it was bypassed, the SCL-1 will be maintained.

You should check the FSEAgent log (or email headers) to see what is happeing with the emails.  Check to see if Cloudmark even scanned them.  It sounds like they might not have even been scanned. 

It seems the messages are being scanned by the cloudmark engine. I did a test from hotmail account to my work email and added the hotmail account into the blocked senders list and forced edge sync. The email still shows up in the Inbox since SCL is marked -1. here is the output:

X-MS-Exchange-Organization-AuthSource: RC-EXHC02.riverside.tld
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: hotmail.com
X-MS-Exchange-Organization-SenderIdResult: SoftFail
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-Antispam-Report: v=1.1
 cv=nT6OPbC3N0x1syhOyjIcyBaJ/RroFt863WqpZbiZ3Og= c=1 sm=1 a=Lc7M4SzJr74A:10
 a=8uJ5MO_MQBgA:10 a=sPYveq0nRFkA:10 a=H5Lt9BwX0u8A:10 a=wSTGjB85OMoA:10
 a=qKvQcd3VScL8iK0FDX0A:9 a=wPNLvfGTeEIA:10 a=Vk76pA_WHRxtzKw4VeUA:9
 a=5VkdbnmpB2-PwD0TOncA:7
 a=GgPf95NgkLCdg/tqWO9/GQ==:117;OrigIP:192.168.1.141;SCL:-1
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0

 

 

Sonny

Hi Sonny,

Cloudmark doesn't see this email as spam and rates this email with an SCL of -1. Which you can see in the following lines:

X-MS-Exchange-Organization-SCL: -1
a=GgPf95NgkLCdg/tqWO9/GQ==:117;OrigIP:192.168.1.141;SCL:-1

Greetings

Christian

Yes, it does appear that Cloudmark is scanning the mail.

You ran the ExtendedOption command from the Forefront shell, correct?  Can you please run "Get-FSEExtendedOption -name *" from the Forefront shell and show the output?

If that CFAllowBlockedSenders (which is case sensitive) is present then mail scanned by Cloudmark and deemed not spam should have its SCL converted from a -1 to a 0.  This shouldn't be an issue unless something is misconfigured.

Here is the output for Get-FSEExtendedOption -name *. It seems that this command does not have any effect on SCL rating in my case. It won't change it from SCL-1 to SCL0.

 

Name                                    Value                                 
----                                    -----                                 
AllowScanAfterClean                     True                                  
AptaNewIncidentLastSequenceID           -1                                    
DatabaseMaintenanceTime                 02:00:00                              
DisablePickupDomainCheck                False                                 
DisablePurgeOnMultipleScanFailures      False                                 
ForefrontEnabled                        3                                     
GetFileHttpTimeout                      0                                     
IMQueueDuringEngineUpdate               False                                 
IncidentDatabaseConfigurationString                                           
IncidentDatabaseLocation                local                                 
LegacyScanAccount                       False                                 
ManualScanReducePriority                0                                     
MaxBackgroundDisabledWaitTime           0                                     
MaxDisabledWaitTime                     0                                     
ProcessLaunchTimeout                    120000                                
QAMaxBackgroundDisabledWaitTimeBefor... 600000                                
QAMaxDisabledWaitTimeBeforeLogging      600000                                
ReverseDNSNotRequired                   False                                 
ScanMacBinary                           True                                  
ScanOpenXMLasContainer                  True                                  
ScanSMime                               True                                  
ScheduledScanPollingInterval            180000                                
TimeoutOverrideEngineDownload           300                                   
VsapiBackgroundPriority                 2                                     
EngineUpdateDownloadThreadCount         2                                     
DataCenterPremiumEngines                                                      
CFAllowBlockedSenders                   True                                  

/Sonny

Hi,

from the release notes of FPE 2010:

"FPE marks messages that it believes to be legitimate with an SCL rating of -1. As a result, on Exchange Server 2007, the end user blocked senders feature may not be enforced for these messages. If this occurs, as a workaround, you can set the extended option CFAllowBlockedSenders to 'true'. This changes the SCL rating from -1 to 0 and allows Exchange Server 2007 to enforce the end user blocked senders feature."

Normally this should work, but I don't know why it's not working in your case.

Greetings

Christian

Christian:

 

You mentioned Exchange 2007, I am using FPE2010 and Exchange 2010 SP1, Does Exchange version matter here or its just the functionality of FPE2010?

Hi,

this also applies for Exchange 2010.

Greetings

Christian

Well, that option appears correctly entered in ExtendedOptions.  It should be operating correctly.  I'd double check the FSEAgentLog on the server that you made the change on to ensure Cloudmark is scanning there.  Do you have multiple hub/edge servers that could have scanned the message where that extended option might not be added and enabled?

Are there possibly any transport rules created that may be modifying the scl?  I doubt that but it's possible.

Other than that you may need to open a support case to have it investigated. 

• Marked as answer by Nick Gu - MSFTMicrosoft contingent staff, Moderator Tuesday, June 21, 2011 3:48 AM

Cloudmark agent is scanning the messages and I do have multiple FPE2010 servers which are load balanced, but the setting "CFAllowBlockedSenders" has been enabled on all of them. I guess I'll open a support case with MS. Tahnks for all your help.

 

 

Thanks,

 

 

/Sonny

 

Did you get any resolution to this. We are having the same issue

Any one have soln on this