安全列表聚合Safelist aggregation

在 Exchange Server 中,安全列表聚合是指从 Microsoft Outlook、Web 上的 Outlook 或 Set-MailboxJunkEmailConfiguration cmdlet 中所有用户的垃圾邮件选项收集的发件人和收件人电子邮件地址,这些地址与内置 Exchange 反垃圾邮件代理共享。In Exchange Server, safelist aggregation refers to sender and recipient email addresses that are collected from all users' Junk Email options in Microsoft Outlook, Outlook on the web, or the Set-MailboxJunkEmailConfiguration cmdlet, and shared with the built-in Exchange antispam agents. 安全列表聚合基本上与 2010 Exchange Server无变化。Safelist aggregation is basically unchanged from Exchange Server 2010.

启用和配置安全列表聚合时,Exchange安全列表聚合数据执行以下操作:When you enable and configure safelist aggregation, Exchange can take the following actions based on the safelist aggregation data:

  • 将传递未经其他反垃圾邮件处理(该处理可能会将邮件标识为垃圾邮件)而已被标识为安全的发件人传入的邮件。Deliver incoming messages from senders that have been identified as safe without additional antispam processing (which could potentially identify the messages as spam).

  • 阻止已被标识为恶意的发件人传入的邮件。Block incoming messages from senders that have been identified as malicious.

若要配置安全列表聚合,请参阅Safelist aggregation proceduresTo configure safelist aggregation, see Safelist aggregation procedures.

在垃圾邮件筛选的上下文中,误报 是指被标识为垃圾邮件的合法邮件。对于每天筛选来自 Internet 的几十万封邮件的组织,即使是小百分比的误报也意味着用户可能无法收到许多合法邮件。安全列表聚合可能是减少邮件误报的最有效方法。In the context of spam filtering, a false-positive is a legitimate message that's identified as spam. For organizations that filter hundreds of thousands of messages from the Internet every day, even a small percentage of false-positives means that users might not receive many legitimate messages. Safelist aggregation is likely the most effective way to reduce false-positives.

存储在用户的安全列表集合中的信息Information stored in the user's safelist collection

安全列表集合 是指来自用户的安全发件人列表、安全收件人列表、阻止发件人列表和外部联系人(可选)的组合数据。A safelist collection is the combined data from the user's Safe Senders list, Safe Recipients list, Blocked Senders list, and (optionally) external contacts. 此数据存储在 Outlook 中和 Exchange 邮箱中。This data is stored in Outlook and in the Exchange mailbox. 有关在用户安全列表集合中添加和删除条目的详细信息,请参阅使用 Exchange 命令行管理程序在邮箱上配置安全列表集合For more information about adding and removing entries from a user's safelist collection, see Use the Exchange Management Shell to configure the safelist collection on a mailbox.

以下信息存储在用户的安全列表集合中:The following information is stored in a user's safelist collection:

  • 保险箱发件人:"发件人:"字段中的 SMTP 电子邮件地址。Safe senders: The SMTP email address in the From: field.

  • 保险箱收件人:"收件人:"字段中的 SMTP 电子邮件地址。Safe recipients: The SMTP email address in the To: field.

  • 阻止的发件人:与安全发件人一样,用户可以通过将不需要的发件人添加到阻止的发件人列表来阻止这些发件人。Blocked senders: Just like safe senders, users can block unwanted senders by adding them to their Blocked Senders list.

  • 保险箱域:这是 保险箱 发件人列表的一部分,但会指定发件人的域 (masato@contoso.com) SMTP 电子邮件地址 (lcontoso.com) 。Safe domain: This is part of the Safe Senders list, but instead of an SMTP email address (masato@contoso.com), the domain of the sender is specified (lcontoso.com).

    注意:默认情况下,Exchange聚合期间不包含安全域。Note: By default, Exchange doesn't include safe domains during safelist aggregation. 但是,您可以将安全列表聚合配置为包含安全域数据。However, you can configure safelist aggregation to include the safe domain data. 有关详细信息,请参阅配置内容筛选以使用安全域数据For more information, see Configure Content Filtering to Use Safe Domain Data.

  • 外部联系人:安全列表集合中可以包括两种类型的外部联系人信息:External contacts: Two types of external contact information can be included in the safelist collection:

    • 用户已发送邮件到的收件人:如果用户在 Outlook 的"垃圾邮件"选项中选择"自动将我的电子邮件添加到 保险箱 发件人"列表中的人员,这些电子邮件地址将添加到 保险箱 发件人列表中。Recipients that the user has sent mail to: These email address are added to the Safe Senders list if the user selects Automatically add people I e-mail to the Safe Senders list in the Junk Email options in Outlook.

    • 用户的"联系人"文件夹中的联系人:如果用户在 Outlook、Outlook 网页或 Set-MailboxJunkEmailConfiguration cmdlet 的"垃圾邮件"选项中选择"还信任来自我的联系人的电子邮件",这些电子邮件地址将添加到 保险箱 发件人列表中。 Contacts in the user's Contacts folder: These email address are added to the Safe Senders list if the user selects Also trust e-mail from my Contacts in the Junk Email options in Outlook, Outlook on the web, or the Set-MailboxJunkEmailConfiguration cmdlet.

How Exchange uses the safelist collectionHow Exchange uses the safelist collection

安全列表集合存储在用户的邮箱服务器上。The safelist collection is stored on the user's Mailbox server. 用户在安全列表集合中最多可以有 1024 个唯一条目。A user can have up to 1,024 unique entries in a safelist collection. Exchange邮箱助理(称为垃圾邮件选项邮箱助理)监视对服务器上邮箱的安全列表集合的更改。Exchange has a mailbox assistant, called the Junk Email Options mailbox assistant, that monitors changes to the safelist collection for mailboxes on the server. 它还会将这些更改复制到 Active Directory(安全列表集合存储在后者的每个用户对象中)。It then replicates these changes to Active Directory, where the safelist collection is stored on each user object. 并针对最少的存储和复制优化安全列表集合。The safelist collection is optimized for minimized storage and replication. 如果您已经在您的外围网络中订阅了边缘传输服务器,则 Microsoft Exchange EdgeSync 服务将复制安全列表集合至边缘传统服务器上的 Active Directory Lightweight Directory Service (AD LDS) 实例。If you have a subscribed Edge Transport server in your perimeter network, the Microsoft Exchange EdgeSync service replicates the safelist collection to the Active Directory Lightweight Directory Services (AD LDS) instance on the Edge Transport server.

以下Exchange反垃圾邮件代理使用安全列表集合:The following Exchange antispam agents use the safelist collection:

  • 内容筛选器代理使用安全发件人列表数据传递未经(无需)其他处理的发件人的邮件。The Content Filter agent uses the Safe Senders list data to deliver messages from those senders without additional (unnecessary) processing.

  • 发件人筛选器代理使用阻止发件人列表数据拒绝或删除来自这些发件人的邮件。有关详细信息,请参阅Sender filtering proceduresThe Sender Filter agent uses the Blocked Senders list data to reject or delete messages from those senders. For more information, see Sender filtering procedures.

注意:尽管保险箱收件人列表可包含在安全列表聚合中,但内容筛选器代理不处理安全收件人数据。Note:Although the Safe Recipients list can be included in safelist aggregation, the Content Filter agent doesn't act on safe recipient data.

安全列表集合条目的哈希值计算Hashing of safelist collection entries

安全列表集合条目在跨三个用户对象属性 msExchSafeSenderHashmsExchSafeRecipientHashmsExchBlockedSendersHash (作为二进制大对象)存储为数组集之前单向计算哈希值 (SHA-256)。Safelist collection entries are hashed (SHA-256) one way before they are stored as array sets across three user object attributes, msExchSafeSenderHash, msExchSafeRecipientHash, and msExchBlockedSendersHash, as a binary large object. 计算数据哈希值时,将生成固定长度的输出,并且输出可能是唯一的。When data is hashed, an output of fixed length is produced, and the output is likely to be unique. 若要计算安全列表集合条目的哈希值,将生成 4 个字节的哈希值。For hashing of safelist collection entries, a 4-byte hash is produced. 从 Internet 接收邮件时,Exchange对发件人的电子邮件地址进行哈希处理,并将其与代表目标邮箱存储的哈希值进行比较。When a message is received from the Internet, Exchange hashes the sender's email address and compares it to the hashes that are stored on behalf of the destination mailbox. 如果发件人与安全发件人哈希值匹配,将不对邮件进行内容筛选。If the sender matches the safe senders hash, the message bypasses content filtering. 如果发件人与阻止发件人哈希值匹配,则会阻止该邮件。If the sender matches the blocked senders hash, the message is blocked.

安全列表集合条目的单向哈希值计算执行下列重要功能:One-way hashing of safelist collection entries performs the following important functions:

  • 最小化存储和复制空间:大多数情况下,哈希操作可以减少数据的大小。Minimizes storage and replication space: Most of the time, hashing reduces the size of the data. 因此,保存和传输安全列表集合的哈希值版本可以节省存储空间并缩短复制时间。Therefore, saving and transmitting a hashed version of a safelist collection entry conserves storage space and replication time. 例如,在安全列表集合中包含 200 个条目的用户将创建大约 800 个字节的哈希值数据,在 Active Director 中存储和复制。For example, a user who has 200 entries in his or her safelist collection would create about 800 bytes of hashed data stored and replicated in Active Directory.

  • 使 恶意用户无法使用用户安全列表集合:因为单向哈希值无法反向工程为原始 SMTP 地址或域,所以安全列表集合不会为可能危及 Exchange 服务器的恶意用户生成可用的电子邮件地址。Renders user safelist collections unusable by malicious users: Because one-way hash values are impossible to reverse-engineer into the original SMTP address or domain, the safelist collections don't yield usable email addresses for malicious users who might compromise an Exchange server.

启用安全列表聚合Enabling safelist aggregation

安全列表聚合默认启用。Safelist aggregation is enabled by default. 安全列表集合数据由垃圾邮件选项邮箱助理写入 Active Directory。The safelist collection data is written to Active Directory by the Junk Email Options mailbox assistant. 与早期版本的 Exchange 不同,无需手动运行 Update-SafeList cmdlet 进行哈希操作,将安全列表集合数据写入 Active Directory。Unlike previous versions of Exchange, you don't need to manually run the Update-SafeList cmdlet to hash and write the safelist collection data to Active Directory.

您仍然可以通过 Update-Safelist cmdlet 来手动运行安全列表聚合。然而,您应了解在运行该命令时可能会生成的复制通信。如果在大量使用安全列表的多个邮箱上运行 Update-Safelist,则可能生成大量网络通信。如果要对多个邮箱运行该命令,则建议您在非通信高峰期或非上班时间运行该命令。You can still manually run safelist aggregation by using the Update-Safelist cmdlet. However, you need to be aware of the replication traffic that might be generated when you run this command. Running Update-Safelist on multiple mailboxes where safelists are heavily used might generate a significant amount of network traffic. We recommend that if you run the command on multiple mailboxes, you should run the command during off-peak, non-business hours.

Update-SafeList cmdlet 将从用户邮箱读取安全列表集合,对各个项进行散列算法处理,对项进行排序以便于搜索,然后将散列值转换成二进制属性。最后, Update-SafeList cmdlet 会将创建的二进制属性与属性中存储的任何值进行比较。如果这两个值完全相同,则 Update-SafeList cmdlet 不使用安全列表聚合数据更新用户属性值。如果这两个属性值不同, Update-SafeList cmdlet 将更新安全列表聚合值。The Update-SafeList cmdlet reads the safelist collection from the user's mailbox, hashes each entry, sorts the entries for easy search, and then converts the hash to a binary attribute. Finally, the Update-SafeList cmdlet compares the binary attribute that was created to any value stored on the attribute. If the two values are identical, the Update-SafeList cmdlet doesn't update the user attribute value with the safelist aggregation data. If the two attribute values are different, the Update-SafeList cmdlet updates the safelist aggregation value.

有关使用 Update-SafeList 的详细信息,请参阅 Safelist aggregation proceduresFor more information about using Update-SafeList, see Safelist aggregation procedures.