Enable Anti-Spam Functionality on a Hub Transport Server
Applies to: Exchange Server 2010
In some small organizations, it may make sense to run Microsoft Exchange Server 2010 anti-spam features on Hub Transport servers. For example, some organizations may not have enough e-mail volume to justify the cost of installing and maintaining a full perimeter network together with an Edge Transport server. This topic describes how to enable Microsoft Exchange anti-spam functionality on Hub Transport servers.
It isn't a best practice to run anti-spam functionality on the Hub Transport server. We recommend that you run anti-spam features on the Edge Transport server at the perimeter of your organization. Only run anti-spam features on the Hub Transport server if you haven't deployed Edge Transport server.
To install and enable the anti-spam features on a Hub Transport server, you must run the Install-AntispamAgents.psi script. This script is installed when you run Exchange Setup. After you run the script, you must restart the Microsoft Exchange Transport service to finish the installation of the following anti-spam features:
- Connection filtering
- Content filtering
- Sender ID
- Sender filtering
- Recipient filtering
- Sender reputation
Notice that attachment filtering is an antivirus feature that isn't enabled or installed. Attachment filtering only runs on the Edge Transport server. However, the file filtering functionality that's provided by Microsoft Forefront Protection for Exchange Server includes advanced features that are unavailable in the default Attachment Filter agent that's included with Microsoft Exchange Server 2010 Standard Edition. Forefront Protection for Exchange Server is fully supported on the Hub Transport server role.
Most Exchange 2010 documentation doesn't refer to the anti-spam features in the context of the Hub Transport server. Therefore, as you read documentation about how to configure, manage, and maintain anti-spam features, remember that all functionality that's documented in the context of the Edge Transport server is also available on the Hub Transport server, unless specifically noted otherwise.
Looking for other management tasks related to managing anti-spam and antivirus features? Check out Managing Anti-Spam and Antivirus Features.
Enable anti-spam functionality on a Hub Transport server
After you run the Install-AntispamAgents.psi script, restart the Microsoft Exchange Transport service, and set the InternalSMTPServers parameter.
Run the Install-AntispamAgents.psi script
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Hub Transport server" entry in the Transport Permissions topic.
Run the following command from the %system drive%/Program Files\Microsoft\Exchange Server\V14\Scripts folder.
After the script has run, restart the Microsoft Exchange Transport service by running the following command.
Use the Shell to set the InternalSMTPServers parameter
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Transport configuration" entry in the Transport Permissions topic.
You must specify all internal SMTP servers on the transport configuration object in Active Directory forest before you run connection filtering. Specify the internal SMTP servers by using the InternalSMTPServers parameter on the Set-TransportConfig cmdlet.
For all anti-spam features to work correctly, you must have at least one IP address of an internal SMTP server set on the InternalSMTPServers parameter on the Set-TransportConfig cmdlet. If the Hub Transport server on which you're running the anti-spam features is the only SMTP server in your organization, enter the IP address of that computer.
The following example adds the internal SMTP server addresses 10.0.1.10 and 10.0.1.11 to the transport configuration of your organization.
Set-TransportConfig -InternalSMTPServers 10.0.1.10,10.0.1.11
For detailed syntax and parameter information, see Set-TransportConfig.