在邮箱服务器上启用反垃圾邮件功能Enable antispam functionality on Mailbox servers

以下反垃圾邮件代理在 Exchange 2016 和 Exchange 2019 邮箱服务器的传输服务中可用,但默认情况下不会安装这些代理:The following antispam agents are available in the Transport service on Exchange 2016 and Exchange 2019 Mailbox servers, but they aren't installed by default:

  • 内容筛选器代理Content Filter agent

  • 发件人筛选器代理Sender Filter agent

  • 发件人 ID 代理Sender ID agent

  • 发件人信誉的协议分析代理Protocol Analysis agent for sender reputation

您可以通过使用 Exchange 命令行管理程序 脚本在邮箱服务器上安装这些反垃圾邮件代理,如果这些代理是您唯一的屏障以防止垃圾邮件,这将非常重要。通常情况下,当您的组织使用其他类型的反垃圾邮件筛选传入的邮件时,您不需要在邮箱服务器上安装反垃圾邮件代理。You can install these antispam agents on a Mailbox server by using an Exchange Management Shell script, which is important if these agents are your only defense to help prevent spam. Typically, you don't need to install the antispam agents on a Mailbox server when your organization uses other types of antispam filtering on incoming mail.

备注

尽管"收件人筛选器"代理在邮箱服务器上可用,但不应对其进行配置。当邮箱服务器上的收件人筛选检测到包含其他有效收件人的邮件中具有无效或阻止的收件人时,邮件会被拒绝。在邮箱服务器上安装反垃圾邮件代理后,将默认启用收件人筛选器代理。但是,未将其配置为阻止任何收件人。Although the Recipient Filter agent is available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected. The Recipient Filter agent is enabled when you install the antispam agents on a Mailbox server, but it isn't configured to block any recipients.

在开始之前,您需要知道什么?What do you need to know before you begin?

  • 估计完成该任务的时间:15 分钟Estimated time to complete this task: 15 minutes

  • 只能使用 PowerShell 执行此过程。 若要了解如何在本地 Exchange 组织中打开 Exchange 命令行管理程序,请参阅 Open the Exchange Management ShellYou can only use PowerShell to perform this procedure. To learn how to open the Exchange Management Shell in your on-premises Exchange organization, see Open the Exchange Management Shell.

  • 连接筛选代理和附件筛选代理在邮箱服务器上不可用。The Connection Filtering agent and the Attachment Filtering agent aren't available on Mailbox servers. 它们仅在边缘传输服务器上可用,且默认情况下会安装并启用它们。They're only available on Edge Transport servers, and they're installed and enabled there by default. 但是,默认情况下会在邮箱服务器上安装并启用恶意软件代理。However, the Malware agent is installed and enabled by default on Mailbox servers. 有关详细信息,请参阅反恶意软件保护Exchange Server。For more information, see Antimalware protection in Exchange Server.

  • 如果在到达邮箱服务器(例如,外围网络中的边缘传输服务器)之前,您有其他 Exchange 反垃圾邮件代理在邮件中运行,邮箱服务器上的反垃圾邮件代理会识别邮件中已存在的反垃圾邮件 X 标头和那些不经过重新扫描而传递的邮件。If you have other Exchange antispam agents operating on the messages before they reach the Mailbox server (for example, an Edge Transport server in the perimeter network), the antispam agents on the Mailbox server recognize the antispam X-header values that already exist in messages, and those messages pass through without being scanned again.

  • 您必须先获得权限,然后才能执行此过程或多个过程。若要查看所需的权限,请参阅 邮件流权限主题中的"传输配置"条目。You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Transport configuration" entry in the Mail flow permissions topic.

  • 若要了解本主题中的过程可能适用的键盘快捷键,请参阅 Exchange 管理中心内的键盘快捷键For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

提示

遇到问题?请访问以下 Exchange 论坛寻求帮助:Exchange ServerExchange OnlineExchange Online ProtectionHaving problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

步骤 1:运行 Install-AntispamAgents.ps1 PowerShell 脚本Step 1: Run the Install-AntispamAgents.ps1 PowerShell script

在邮箱服务器上的 Exchange 命令行管理程序 中,运行以下命令:Run the following command in the Exchange Management Shell on the Mailbox server:

& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

如何判断这一步生效?How do you know this step worked?

如果脚本运行而未出现错误,并要求您重新启动 Microsoft Exchange 传输服务,则会知道此步骤有效。输出如下所示:You know this step worked if the script runs without errors and asks you to restart the Microsoft Exchange Transport service. The output looks like this:

WARNING: Please exit Windows PowerShell to complete the installation.
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport
Identity                                           Enabled         Priority
--------                                           -------         --------
Content Filter Agent                               True            8
WARNING: Please exit Windows PowerShell to complete the installation.
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport
Sender Id Agent                                    True            9
WARNING: Please exit Windows PowerShell to complete the installation.
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport
Sender Filter Agent                                True            10
WARNING: Please exit Windows PowerShell to complete the installation.
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport
Recipient Filter Agent                             True            11
WARNING: Please exit Windows PowerShell to complete the installation.
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport
Protocol Analysis Agent                            True            12
WARNING: The agents listed above have been installed. Please restart the Microsoft Exchange Transport service for
changes to take effect.

步骤 2:重新启动 Microsoft Exchange 传输服务Step 2: Restart the Microsoft Exchange Transport service

在邮箱服务器上的 Exchange 命令行管理程序 中,运行以下命令:Run the following command in the Exchange Management Shell on the Mailbox server:

Restart-Service MSExchangeTransport

如何判断这一步生效?How do you know this step worked?

如果 Microsoft Exchange 传输服务重新启动而未出现错误,则您会知道此步骤有效。输出如下所示:You know this step worked if the Microsoft Exchange Transport service restarts without errors. The output looks like this:

WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...

步骤 3:指定组织中的内部 SMTP 服务器Step 3: Specify the internal SMTP servers in your organization

需要指定发件人 ID 代理应忽略的任何内部 SMTP 服务器的 IP 地址。事实上,需要指定至少一个内部 SMTP 服务器的 IP 地址。如果运行反垃圾邮件代理的邮箱服务器是组织中唯一的 SMTP 服务器,请指定该计算机的 IP 地址。You need to specify the IP addresses of every internal SMTP server that should be ignored by the Sender ID agent. In fact, you need to specify the IP address of at least one internal SMTP server. If the Mailbox server where you're running the antispam agents is the only SMTP server in your organization, specify the IP address of that computer.

若要在不影响任何现有值的情况下添加内部 SMTP 服务器的 IP 地址,请在邮箱服务器上的 Exchange 命令行管理程序 中运行以下命令:To add the IP addresses of internal SMTP servers without affecting any existing values, run the following command in the Exchange Management Shell on the Mailbox server:

Set-TransportConfig -InternalSMTPServers @{Add="<ip address1>","<ip address2>"...}

此示例将内部 SMTP 服务器地址 10.0.1.10 和 10.0.1.11 添加到组织的传输配置中。This example adds the internal SMTP server addresses 10.0.1.10 and 10.0.1.11 to the transport configuration of your organization.

Set-TransportConfig -InternalSMTPServers @{Add="10.0.1.10","10.0.1.11"}

您如何知道此步骤有效?How do you know this step worked?

要验证您是否已成功地指定至少一个内部 SMTP 服务器的 IP 地址,请在邮箱服务器上的 Exchange 命令行管理程序 中运行下面的命令,并验证是否显示至少一个有效的内部 SMTP 服务器的 IP 地址。To verify that you have successfully specified the IP address of at least one internal SMTP server, run the following command in the Exchange Management Shell on the Mailbox server, and verify that the IP address of at least one valid internal SMTP server is displayed.

Get-TransportConfig | Format-List InternalSMTPServers

步骤 4:后续步骤Step 4: Next steps

  • 内容筛选器代理、发件人 ID 代理、发件人筛选器代理和协议分析(发件人信誉)代理现应该在邮箱服务器上安装和运行。若要验证此点,请在邮箱服务器上的 Exchange 命令行管理程序 中,运行以下命令:The Content Filter agent, Sender ID agent, Sender Filter agent, and Protocol Analysis (sender reputation) agent should now be installed and running on the Mailbox server. To verify this, run the following commands in the Exchange Management Shell on the Mailbox server:

    Get-TransportAgent
    
    Get-ContentFilterConfig | Format-Table Name,Enabled; Get-SenderFilterConfig | Format-Table Name,Enabled; Get-SenderIDConfig | Format-Table Name,Enabled; Get-SenderReputationConfig | Format-Table Name,Enabled
    
  • 若要查看有关每个代理的配置的详细的信息,请运行以下命令:To see detailed information about the configuration of each agent, run the following commands:

    Get-ContentFilterConfig | Format-List *Enabled,RejectionResponse,*Postmark*,Bypassed*,Quarantine*;
    
    Get-SenderFilterConfig | Format-List *Enabled,*Block*
    
    Get-SenderIDConfig | Format-List *Enabled*,*Action,Bypassed*
    
    Get-SenderReputationConfig | Format-List *Enabled*,*Proxy*,*Block*,*Ports*
    
  • 若要配置每个代理,请参阅下列主题:To configure each agent, see the following topics:

  • 默认情况下,内容筛选器代理、发件人筛选器代理和发件人 ID 代理在邮箱服务器上反垃圾邮件代理日志中记录他们的活动。您可以验证信息写入日志时这些反垃圾邮件代理是否运行。若要查看日志的位置和配置,请在邮箱服务器上的 Exchange 命令行管理程序 中运行下面的命令:By default, the Content Filter agent, the Sender Filter agent, and the Sender ID agent record their activities in the antispam agent log on the Mailbox server. You can verify that these antispam agents are working when information is written to the log. To see the location and configuration of the log, run the following command in the Exchange Management Shell on the Mailbox server:

    Get-TransportService | Format-List AgentLog*
    

有关如何配置这些日志的说明,请参阅Configure antispam Agent LoggingFor instructions on how to configure the log, see Configure antispam Agent Logging.