安全列表聚合Safelist aggregation

在 Exchange Server 中,安全列表聚合是指发件人和收件人电子邮件地址,这些地址是从 Microsoft Outlook、Outlook 网页或set-mailboxjunkemailconfiguration cmdlet 中的所有用户的垃圾邮件选项收集的,并与内置 Exchange 反垃圾邮件代理共享。In Exchange Server, safelist aggregation refers to sender and recipient email addresses that are collected from all users' Junk Email options in Microsoft Outlook, Outlook on the web, or the Set-MailboxJunkEmailConfiguration cmdlet, and shared with the built-in Exchange antispam agents. 在 Exchange Server 2010 中,安全列表聚合基本上不变。Safelist aggregation is basically unchanged from Exchange Server 2010.

在启用和配置安全列表聚合时,Exchange 可以根据安全列表聚合数据执行以下操作:When you enable and configure safelist aggregation, Exchange can take the following actions based on the safelist aggregation data:

  • 将传递未经其他反垃圾邮件处理(该处理可能会将邮件标识为垃圾邮件)而已被标识为安全的发件人传入的邮件。Deliver incoming messages from senders that have been identified as safe without additional antispam processing (which could potentially identify the messages as spam).

  • 阻止已被标识为恶意的发件人传入的邮件。Block incoming messages from senders that have been identified as malicious.

若要配置安全列表聚合,请参阅Safelist aggregation proceduresTo configure safelist aggregation, see Safelist aggregation procedures.

在垃圾邮件筛选的上下文中,误报是指被标识为垃圾邮件的合法邮件。对于每天筛选来自 Internet 的几十万封邮件的组织,即使是小百分比的误报也意味着用户可能无法收到许多合法邮件。安全列表聚合可能是减少邮件误报的最有效方法。In the context of spam filtering, a false-positive is a legitimate message that's identified as spam. For organizations that filter hundreds of thousands of messages from the Internet every day, even a small percentage of false-positives means that users might not receive many legitimate messages. Safelist aggregation is likely the most effective way to reduce false-positives.

存储在用户的安全列表集合中的信息Information stored in the user's safelist collection

安全列表集合是指来自用户的安全发件人列表、安全收件人列表、阻止发件人列表和外部联系人(可选)的组合数据。A safelist collection is the combined data from the user's Safe Senders list, Safe Recipients list, Blocked Senders list, and (optionally) external contacts. 此数据存储在 Outlook 中和 Exchange 邮箱中。This data is stored in Outlook and in the Exchange mailbox. 有关在用户安全列表集合中添加和删除条目的详细信息,请参阅使用 Exchange 命令行管理程序在邮箱上配置安全列表集合For more information about adding and removing entries from a user's safelist collection, see Use the Exchange Management Shell to configure the safelist collection on a mailbox.

以下信息存储在用户的安全列表集合中:The following information is stored in a user's safelist collection:

  • 安全发件人: "发件人 " 字段中的 SMTP 电子邮件地址。Safe senders: The SMTP email address in the From: field.

  • 安全收件人: "收件人: " 字段中的 SMTP 电子邮件地址。Safe recipients: The SMTP email address in the To: field.

  • 阻止的发件人:与安全发件人一样,用户可以通过将不需要的发件人添加到阻止发件人列表来阻止Blocked senders: Just like safe senders, users can block unwanted senders by adding them to their Blocked Senders list.

  • 安全域:这是安全发件人列表的一部分,但不是 SMTP 电子邮件地址(masato@contoso.com),而是指定发件人的域(lcontoso.com)。Safe domain: This is part of the Safe Senders list, but instead of an SMTP email address (masato@contoso.com), the domain of the sender is specified (lcontoso.com).

    注意:默认情况下,在安全列表聚合过程中,Exchange 不包含安全域。Note: By default, Exchange doesn't include safe domains during safelist aggregation. 但是,您可以将安全列表聚合配置为包含安全域数据。However, you can configure safelist aggregation to include the safe domain data. 有关详细信息,请参阅配置内容筛选以使用安全域数据For more information, see Configure Content Filtering to Use Safe Domain Data.

  • 外部联系人:安全列表集合中可以包含两种类型的外部联系人信息:External contacts: Two types of external contact information can be included in the safelist collection:

    • 用户已向其发送邮件的收件人:如果用户在 Outlook 的 "垃圾邮件" 选项中选择 "自动将我的电子邮件添加到安全发件人列表",则会将这些电子邮件地址添加到 "安全发件人" 列表中。Recipients that the user has sent mail to: These email address are added to the Safe Senders list if the user selects Automatically add people I e-mail to the Safe Senders list in the Junk Email options in Outlook.

    • 用户的 "联系人" 文件夹中的联系人:如果用户选择信任来自我的联系人的 outlook、outlook 网页中的电子邮件或set-mailboxjunkemailconfiguration cmdlet 中的联系人,则会将这些电子邮件地址添加到安全发件人列表中。Contacts in the user's Contacts folder: These email address are added to the Safe Senders list if the user selects Also trust e-mail from my Contacts in the Junk Email options in Outlook, Outlook on the web, or the Set-MailboxJunkEmailConfiguration cmdlet.

How Exchange uses the safelist collectionHow Exchange uses the safelist collection

安全列表集合存储在用户的邮箱服务器上。The safelist collection is stored on the user's Mailbox server. 用户在安全列表集合中最多可以有 1024 个唯一条目。A user can have up to 1,024 unique entries in a safelist collection. Exchange 具有邮箱助理(称为 "垃圾邮件选项邮箱助理"),监视对服务器上的邮箱的安全列表集合的更改。Exchange has a mailbox assistant, called the Junk Email Options mailbox assistant, that monitors changes to the safelist collection for mailboxes on the server. 它还会将这些更改复制到 Active Directory(安全列表集合存储在后者的每个用户对象中)。It then replicates these changes to Active Directory, where the safelist collection is stored on each user object. 并针对最少的存储和复制优化安全列表集合。The safelist collection is optimized for minimized storage and replication. 如果您已经在您的外围网络中订阅了边缘传输服务器,则 Microsoft Exchange EdgeSync 服务将复制安全列表集合至边缘传统服务器上的 Active Directory Lightweight Directory Service (AD LDS) 实例。If you have a subscribed Edge Transport server in your perimeter network, the Microsoft Exchange EdgeSync service replicates the safelist collection to the Active Directory Lightweight Directory Services (AD LDS) instance on the Edge Transport server.

以下 Exchange 反垃圾邮件代理使用安全列表集合:The following Exchange antispam agents use the safelist collection:

  • 内容筛选器代理使用安全发件人列表数据传递未经(无需)其他处理的发件人的邮件。The Content Filter agent uses the Safe Senders list data to deliver messages from those senders without additional (unnecessary) processing.

  • 发件人筛选器代理使用阻止发件人列表数据拒绝或删除来自这些发件人的邮件。The Sender Filter agent uses the Blocked Senders list data to reject or delete messages from those senders. 有关详细信息,请参阅Sender filtering proceduresFor more information, see Sender filtering procedures.

注意:尽管安全收件人列表可以包含在安全列表聚合中,但内容筛选器代理不会对安全收件人数据执行操作。Note:Although the Safe Recipients list can be included in safelist aggregation, the Content Filter agent doesn't act on safe recipient data.

安全列表集合条目的哈希值计算Hashing of safelist collection entries

安全列表集合条目在跨三个用户对象属性 msExchSafeSenderHashmsExchSafeRecipientHashmsExchBlockedSendersHash (作为二进制大对象)存储为数组集之前单向计算哈希值 (SHA-256)。Safelist collection entries are hashed (SHA-256) one way before they are stored as array sets across three user object attributes, msExchSafeSenderHash, msExchSafeRecipientHash, and msExchBlockedSendersHash, as a binary large object. 计算数据哈希值时,将生成固定长度的输出,并且输出可能是唯一的。When data is hashed, an output of fixed length is produced, and the output is likely to be unique. 若要计算安全列表集合条目的哈希值,将生成 4 个字节的哈希值。For hashing of safelist collection entries, a 4-byte hash is produced. 从 Internet 接收邮件时,Exchange 会对发件人的电子邮件地址进行哈希运算,并将其与代表目标邮箱存储的哈希进行比较。When a message is received from the Internet, Exchange hashes the sender's email address and compares it to the hashes that are stored on behalf of the destination mailbox. 如果发件人与安全发件人哈希值匹配,将不对邮件进行内容筛选。If the sender matches the safe senders hash, the message bypasses content filtering. 如果发件人与阻止发件人哈希值匹配,则会阻止该邮件。If the sender matches the blocked senders hash, the message is blocked.

安全列表集合条目的单向哈希值计算执行下列重要功能:One-way hashing of safelist collection entries performs the following important functions:

  • 大限度地减少存储和复制空间:在大多数情况下,哈希减小了数据的大小。Minimizes storage and replication space: Most of the time, hashing reduces the size of the data. 因此,保存和传输安全列表集合的哈希值版本可以节省存储空间并缩短复制时间。Therefore, saving and transmitting a hashed version of a safelist collection entry conserves storage space and replication time. 例如,在安全列表集合中包含 200 个条目的用户将创建大约 800 个字节的哈希值数据,在 Active Director 中存储和复制。For example, a user who has 200 entries in his or her safelist collection would create about 800 bytes of hashed data stored and replicated in Active Directory.

  • 呈现恶意用户无法使用的用户安全列表集合:由于无法将单向哈希值反向工程到原始 SMTP 地址或域中,因此,安全列表集合不会为可能危害 Exchange server 的恶意用户生成可用的电子邮件地址。Renders user safelist collections unusable by malicious users: Because one-way hash values are impossible to reverse-engineer into the original SMTP address or domain, the safelist collections don't yield usable email addresses for malicious users who might compromise an Exchange server.

启用安全列表聚合Enabling safelist aggregation

安全列表聚合默认启用。Safelist aggregation is enabled by default. 安全列表集合数据通过垃圾邮件选项邮箱助理写入 Active Directory。The safelist collection data is written to Active Directory by the Junk Email Options mailbox assistant. 与早期版本的 Exchange 不同,您无需手动运行 "更新安全列表" cmdlet 以散列并将安全列表集合数据写入 Active Directory。Unlike previous versions of Exchange, you don't need to manually run the Update-SafeList cmdlet to hash and write the safelist collection data to Active Directory.

您仍然可以通过 Update-Safelist cmdlet 来手动运行安全列表聚合。You can still manually run safelist aggregation by using the Update-Safelist cmdlet. 然而,您应了解在运行该命令时可能会生成的复制通信。However, you need to be aware of the replication traffic that might be generated when you run this command. 如果在大量使用安全列表的多个邮箱上运行 Update-Safelist,则可能生成大量网络通信。Running Update-Safelist on multiple mailboxes where safelists are heavily used might generate a significant amount of network traffic. 如果要对多个邮箱运行该命令,则建议您在非通信高峰期或非上班时间运行该命令。We recommend that if you run the command on multiple mailboxes, you should run the command during off-peak, non-business hours.

Update-SafeList cmdlet 将从用户邮箱读取安全列表集合,对各个项进行散列算法处理,对项进行排序以便于搜索,然后将散列值转换成二进制属性。最后, Update-SafeList cmdlet 会将创建的二进制属性与属性中存储的任何值进行比较。如果这两个值完全相同,则 Update-SafeList cmdlet 不使用安全列表聚合数据更新用户属性值。如果这两个属性值不同, Update-SafeList cmdlet 将更新安全列表聚合值。The Update-SafeList cmdlet reads the safelist collection from the user's mailbox, hashes each entry, sorts the entries for easy search, and then converts the hash to a binary attribute. Finally, the Update-SafeList cmdlet compares the binary attribute that was created to any value stored on the attribute. If the two values are identical, the Update-SafeList cmdlet doesn't update the user attribute value with the safelist aggregation data. If the two attribute values are different, the Update-SafeList cmdlet updates the safelist aggregation value.

有关使用 Update-SafeList 的详细信息,请参阅Safelist aggregation proceduresFor more information about using Update-SafeList, see Safelist aggregation procedures.