内容筛选Content filtering

备注

2016 年 11 月,Microsoft 停止为 Exchange 和 Outlook 中的 SmartScreen 筛选器生成垃圾邮件定义更新。In November, 2016, Microsoft stopped producing spam definition updates for the SmartScreen filters in Exchange and Outlook. 现有的 SmartScreen 垃圾邮件定义已就位,但其有效性可能会随着时间的推移而降低。The existing SmartScreen spam definitions were left in place, but their effectiveness will likely degrade over time. 有关详细信息,请参阅“停止为 Outlook 和 Exchange 中的 SmartScreen 提供支持”。For more information, see Deprecating support for SmartScreen in Outlook and Exchange.

内容筛选通过评估邮件合法或垃圾邮件的可能性来评估入站电子邮件。Content filtering evaluates inbound email messages by assessing the probability that the messages are legitimate or spam. 与其他筛选技术不同,内容筛选使用统计上重要的合法邮件和垃圾邮件样本的特征来做出决定。Unlike other filtering technologies, the content filtering uses characteristics from a statistically significant sample of legitimate messages and spam to make its determination. 内容筛选器Exchange Server内容筛选由内容筛选器代理提供,与 2010 年 2 月Exchange Server基本变化。Content filtering in Exchange Server is provided by the Content Filter agent, and is basically unchanged from Exchange Server 2010. 内容筛选器代理的更新通过 Microsoft 更新定期提供。Updates to the Content Filter agent are available periodically through Microsoft Update.

默认情况下,内容筛选器代理在边缘传输服务器上启用,但您可以在邮箱服务器上启用它。By default, the Content Filter agent is enabled on Edge Transport servers, but you can enable it on Mailbox servers. 有关详细信息,请参阅在邮箱服务器上启用反垃圾邮件功能For more information, see Enable antispam functionality on Mailbox servers.

若要详细了解如何配置内容筛选器代理,请参阅内容 筛选过程For more information about how to configure the Content Filter agent, see Content filtering procedures.

使用内容筛选器代理Using the Content Filter agent

内容筛选器代理通过为每个邮件 (0 和 9 之间的) SCL 分配垃圾邮件可信度。The Content Filter agent assigns a spam confidence level (SCL) to each message by giving it a rating between 0 and 9. 数字越高,表示邮件是垃圾邮件的可能性更大。A higher number indicates that a message is more likely to be spam. 根据此分级,可以将代理配置为执行以下操作:Based on this rating, you can configure the agent to take the following actions:

  • 删除:在无未送达报告的情况下,邮件 (NDR、传递状态通知、DSN 或退回邮件) 。 Delete: The message is silently dropped without a non-delivery report (also known as an NDR, delivery status notification, DSN, or bounce message).

  • 拒绝:邮件被拒绝,但包含 NDR。Reject: The message is rejected with an NDR.

  • 隔离:邮件发送到垃圾邮件隔离邮箱。Quarantine: The message is sent to the spam quarantine mailbox. 有关垃圾邮件隔离邮箱详细信息,请参阅垃圾邮件隔离Exchange Server。For more information about the spam quarantine mailbox, see Spam quarantine in Exchange Server.

例如,您可以决定应删除 SCL 分级为 7 或更高值的邮件,应拒绝 SCL 评级为 6 的邮件,并隔离 SCL 分级为 5 的邮件。For example, you may decide that messages with an SCL rating of 7 or higher should be deleted, messages with an SCL rating of 6 should be rejected, and that messages with a SCL rating of 5 should be quarantined.

也可以通过为每项操作指定不同的 SCL 分级来调整 SCL 阈值行为。You can adjust the SCL threshold behavior by assigning different SCL ratings to each of these actions. 若要详细了解如何调整 SCL 阈值以满足组织的要求,请参阅 Exchange 垃圾邮件可信度 (SCL) 阈值。For more information about how to adjust the SCL threshold to suit your organization's requirements, see Exchange spam confidence level (SCL) thresholds.

备注

智能邮件筛选器不会扫描大于 11 MB 的邮件。Messages that are over 11 MB aren't scanned by the Intelligent Message Filter. 相反,它们无需扫描即可通过内容筛选器代理。Instead, they pass through the Content Filter agent without being scanned.

允许短语和阻止短语Allow phrases and Block phrases

您可以通过配置代理用于应用筛选器处理的自定义单词或短语,来自定义内容筛选器代理分配 SCL 值方式。You can customize how the Content Filter agent assigns SCL values by configuring custom words or phrases the agent will use to apply filter processing. 已批准的字词或短语配置为"允许"短语,而未批准的单词或短语则配置为"阻止短语"。Approved words or phrases are configured with Allow phrases, and unapproved words or phrases with Block phrases. 当内容筛选器代理在入站邮件中检测到允许短语时,该代理会自动为邮件分配 SCL 值 0。When the Content Filter agent detects an Allow phrase in an inbound message, the agent automatically assigns an SCL value of 0 to the message. 或者,当内容筛选器代理在入站邮件中检测到阻止短语时,代理会分配 SCL 分级 9。Alternatively, when the Content Filter agent detects a Block phrase in an inbound message, the agent assigns an SCL rating of 9. 您可以使用大写和小写字母的任意组合创建最多 800 个自定义单词或短语。You can create up to 800 custom words or phrases in any combination of uppercase and lowercase letters. 但是,内容筛选器代理将忽略此情况。However, the case is ignored by the Content Filter agent.

Outlook E-mail Postmark 验证Outlook Email Postmark validation

内容筛选器代理还包括 Outlook 电子邮件邮戳验证。The Content Filter agent also includes Outlook Email Postmark validation. 此验证适用于出站邮件,以帮助邮件系统区分合法电子邮件和垃圾邮件,并帮助减少误报。This validation is applied to outbound messages to help messaging systems distinguish legitimate email from spam, and to help reduce false positives. 在垃圾邮件筛选中 ,如果 垃圾邮件筛选器错误地将合法邮件标识为垃圾邮件,则会出现误报。In spam filtering, a false positive occurs when a spam filter incorrectly identifies a legitimate message as spam. 如果启用了 Outlook 电子邮件邮戳验证,内容筛选器代理将分析入站邮件的计算邮戳邮件头。When Outlook Email Postmark validation is enabled, the Content Filter agent parses the inbound message for a computational postmark header. 邮件中是否存在有效的已解决计算邮戳标头指示生成邮件的客户端计算机已解决计算邮戳,因此内容筛选器代理可能会降低邮件的 SCL 分级。The presence of a valid, solved computational postmark header in the message indicates the client computer that generated the message solved the computational postmark, so the Content Filter agent is likely to lower the message's SCL rating.

尽管计算机不需要大量处理时间来解决单个计算邮戳,但处理数百万条垃圾邮件的邮戳将禁止恶意发件人处理。Although computers don't require significant processing time to solve individual computational postmarks, processing postmarks for millions of spam messages will be prohibitive to a malicious sender. 如果发件人的邮件包含有效的已解决计算邮戳,则发件人不太可能是恶意邮件,因此内容筛选器代理将降低 SCL 分级。If a sender's message contains a valid, solved computational postmark, it's unlikely that the sender is malicious, so the Content Filter agent would lower the SCL rating. 如果已启用邮戳验证功能,并且入站邮件中的计算邮戳标头无效或丢失,则内容筛选器代理将不会更改 SCL 分级。If the postmark validation feature is enabled and the computational postmark header in an inbound message is invalid or missing, the Content Filter agent won't change the SCL rating.

绕过收件人、发件人和发件人域Bypassing the recipient, sender, and sender domain

在某些组织中,必须接受发送到特定别名的所有电子邮件,如果组织管理大量垃圾邮件,这可能会导致问题。In some organizations, all email messages to certain aliases must be accepted, which can cause problems if your organization manages a significant volume of spam. 您可以为特定收件人、发件人和发件人域配置内容筛选例外。You can configure exceptions to content filtering for specific recipients, senders, and sender domains.

例如,一个名为 Woodgrove Bank 的公司有一个名为 customerloans@woodgrovebank.com 的别名,该别名向外部贷款客户提供电子邮件支持,因此 Exchange 管理员将阻止短语配置为筛选通常在 unscruprupruply 贷款机构发送的垃圾邮件中使用的邮件。For example, a company named Woodgrove Bank has an alias named customerloans@woodgrovebank.com that provides email support to external loan customers, so the Exchange administrators configure Block phrases to filter messages that are typically used in spam sent by unscrupulous loan agencies. 为了防止潜在的合法邮件被拒绝,管理员通过输入内容筛选器代理配置中的收件人电子邮件地址列表来设置内容筛选的例外。To prevent potentially legitimate messages from being rejected, the administrators set exceptions to content filtering by entering a list of recipient email addresses in the Content Filter agent configuration.

安全列表聚合Safelist aggregation

安全列表 聚合是一组跨 Outlook 和 Exchange 共享的反垃圾邮件功能。Safelist aggregation is a set of antispam functionality that's shared across Outlook and Exchange. 正如其名称所示,它从 Outlook 用户配置的反垃圾邮件安全列表中收集数据,并且使此数据可供 Exchange 服务器上反垃圾邮件代理使用。As its name suggests, it collects data from the antispam safe lists that Outlook users configure, and makes this data available to the antispam agents on the Exchange server. 内容筛选器代理使用 Outlook 安全发件人列表、安全收件人列表和受信任的联系人来优化垃圾邮件筛选。The Content Filter agent uses the Outlook Safe Senders Lists, Safe Recipients Lists, and trusted contacts to optimize spam filtering. 来自这些联系人的电子邮件由内容筛选器代理标识为安全。Email messages from these contacts are identified as safe by the Content Filter agent. 发件人筛选和发件人筛选器代理使用 Outlook 阻止的发件人名单执行每个收件人的发件人筛选。Sender filtering and the Sender Filter agent uses the Outlook Blocked Senders list to perform per-recipient sender filtering. 有关详细信息,请参阅安全 列表聚合For more information, see Safelist aggregation.

配置内容筛选器代理Configuring the Content Filter agent

通过使用 Exchange 命令行管理程序配置内容筛选器代理。You configure the Content Filter agent by using the Exchange Management Shell. 有关详细信息,请参阅内容 筛选过程For more information, see Content filtering procedures.

内容筛选器代理依赖于更新来确定邮件是否是垃圾邮件。The Content Filter agent depends on updates to determine whether a message is spam. 这些更新包含有关网络钓鱼网站、Microsoft SmartScreen 垃圾邮件启发和其他智能邮件筛选器更新的数据。These updates contain data about phishing web sites, Microsoft SmartScreen spam heuristics, and other Intelligent Message Filter updates. 这些更新通常包含约 6 MB 的数据,这些数据的有用时间长于其他反垃圾邮件更新数据。These updates generally contain about 6 MB of data that's useful for longer periods of time than other antispam update data.

内容筛选器更新可通过 Microsoft 更新获取。Content filter updates are available from Microsoft Update. 内容筛选器更新数据每两周更新一次并可供下载。The content filter update data is updated and available for download every two weeks.

在边缘传输服务器的邮件流规则中使用 SCL 值Using the SCL value in mail flow rules on Edge Transport servers

在边缘传输服务器上,边缘规则代理在内容筛选器代理添加 SCL 值之前对邮件操作。On Edge Transport servers, the Edge Rule agent acts on messages before the SCL value is added by the Content Filter agent. 如果要使用 SCLOver 邮件流规则 (也称为传输规则) 条件,则需要通过更改传输代理优先级,将内容筛选器代理配置为在边缘规则代理之前运行。If you want to use the SCLOver mail flow rule (also known as a transport rule) condition, you need to configure the Content Filter agent to run before the Edge Rule agent by changing the transport agent priorities. 有关详细信息,请参阅使 邮件 SCL 值对边缘传输服务器上的邮件流规则可用For more information, see Make message SCL values available to mail flow rules on Edge Transport servers.

注意Notes:

  • 尽管内容筛选器代理在其他 SMTP 事件上运行,但 SCL 值由在 SMTP 事件上注册的内容筛选器代理的实例标记 OnEndOfData 在邮件上。Although the Content Filter agent runs on other SMTP events, the SCL value is stamped on the message by the instance of the Content Filter agent that's registered on the OnEndOfData SMTP event.

  • 如果将内容筛选器代理配置为在边缘传输服务器上边缘规则代理之前对邮件进行处理,则服务器可能会产生额外的处理成本,因为通常会由其他邮件流规则拒绝的邮件在边缘规则代理拒绝之前由内容筛选器代理接收和评估。If you configure the Content Filter agent to act on messages before the Edge Rule agent on an Edge Transport server, the server might incur additional processing costs, because messages that would normally be rejected by other mail flow rules are received and evaluated by the Content Filter agent before they are rejected by the Edge Rule agent. 此外,无法配置邮件流规则来标记 SCL 值为 的邮件,这将告知内容筛选器代理 -1 忽略该邮件。Also, you won't be able to configure a mail flow rule to stamp a message that has an SCL value of -1, which tells the Content Filter agent to ignore the message.

有关传输代理和传输代理优先级的信息,请参阅传输代理Exchange Server。For more information about transport agents and transport agent priority, see Transport Agents in Exchange Server.