Safe Senders GPO Not Working

We had a GPO for Safe Senders in Outlook that was supposed to pull the Safe Senders from a text file shared on the SYSVOL, but it was not working.

I looked into Exchange 2010 to figure out how I could do Safe Senders at a server level rather than have to configure a GPO for it.

In the Exchange 2010 Management Console I navigated to Organization Configuration | Hub Transport | Transport Rules

Exchange 2010 Management Console - Transport Rules
Exchange 2010 Management Console – Transport Rules

On the Transport Rules tab I added a New Transport Rule:

Adding a new Transport Rule to Exchange 2010
Adding a new Transport Rule to Exchange 2010

When the wizard launches, it is very self explanatory and is built like an Outlook rule.

New Transport Rule Wizard
New Transport Rule Wizard

I selected to enable this new transport rule for the condition “when the From address matches text patterns” so I could add the domains I wanted to whitelist.

textpatterns

I added appriver.com$ as my text pattern. I used a dollar sign at the end of the text pattern because of what I read on TechNet:

The dollar sign ( $ ) character indicates that the preceding pattern string must exist at the end of the text string being matched. For example, contoso.com$ matches adam@contoso.com and kim@research.contoso.com, but doesn’t match kim@contoso.com.au.

Since I know that everything I want to whitelist from AppRiver comes from @appriver.com I use the $ character in my text pattern.

After clicking OK and then Next, it’s time to figure out what Action to perform when a message matches this text pattern.

What do we want our Transport Rule to do?
What do we want our Transport Rule to do?

I chose “set the spam confidence level to value” and then clicked on the underlined blue text link in order to set the SCL to -1. This ensures that Outlook does not classify the message as spam and put it in the Junk E-mail folder.

On the next page of the wizard I did not enter any Exceptions because I want this transport rule to be active for all messages coming in to my organization from AppRiver.

Now the rule is complete. But as always, there are other ways to do it rather than using the GUI. As in most cases, you can use PowerShell!

This is the output that we see on the last page of the New Transport Rule Wizard, which we can translate into a PowerShell command:

Name: 'Safe Senders'
Comments: ''
Priority: '0'
Enabled: $true
FromAddressMatchesPatterns: 'appriver.com$'
SetSCL: '-1'

Translated into a working PowerShell command:

New-TransportRule -Name "Safe Senders" -Comments 'Safe Senders list to whitelist specific domains' -FromAddressMatchesPatterns: 'appriver.com$' -SetSCL: '-1'

Since I already had this rule set up, I modified the string to create a test transport rule:

New-TransportRule -Name "Safe Senders Test" -Comments 'Test List Made From Powershell' -FromAddressMatchesPatterns: 'ericrdu.com$' -SetSCL: '-1'
Creating a New Transport Rule via PowerShell
Creating a New Transport Rule via PowerShell

If you don’t want to enable your new Transport Rule right away, add in -Enabled $false to your command. Otherwise the rule will be enabled by default.
You can also add a -Priority X (where X is a number) to set the order in which your rules will be applied. Since this is my first rule, I do not need a Priority and the default will be 0. Any additional rules will be added as +1.

So now, does the rule actually work?

Held Spam Report email header from earlier in the day, before the rule (because the Held Spam Report comes from AppRiver):

header1

Held Spam Report email header after adding the rule:

header2

Leave a Reply

Your email address will not be published. Required fields are marked *