How to manage whitelists using the Exchange Management Shell

 

Exchange 2010’s anti-spam capabilities are robust, and many companies find the protection offered by the Edge Transport server role to be strong enough to meet their needs. Sometimes, that protection (just like anti-spam measures on any system) may prove to be too strong, and you can find yourself wanting to add certain senders to what can be called the safe senders list, the permitted senders list, or the whitelist.

 

Exchange’s whitelist is a list of SMTP addresses that are permitted to send email to recipients on the Exchange system, without being subject to any of the spam filtering capabilities within the system. The whitelist can be both powerful and dangerous. Consider what will happen when you add user@example.com to the whitelist. If an email comes in to the system, and the header states that the mail is from user@example.com, then that email is accepted and passed through to the recipient’s mailbox. It won’t matter what else might be in the message, including key words, links, or anything else that screams “spam,” a whitelisted sender is passed right through. If the sending address was spoofed, this will result in spam messages reaching the user’s mailbox.

In this case, we are talking only about spam whitelists. Many applications that can scan messages and attachments for malware maintain their own whitelists. Unless you add the sender address to those whitelists too, messages and attachments will still be scanned for malware.

 

In Exchange 2010, the whitelist is handled by the ContentFilter, and the whitelist is an attribute known as the BypassedSenders. BypassedSenders is a comma delimited list of sender addresses, and is managed using the Exchange Management Shell. Let’s look first at the ContentFilter. Open the EMS, and execute this command:

 

Get-ContentFilterConfig [enter]

 

Unless you have already made changes to this, you will see the full list of attributes, including the BypassedSenders. You can add a list of addresses to this attribute, using the following command, where each sender address is separated by a comma:

 

set-contentfilterconfig –BypassedSenders user1@example.com, user2@example.com [enter]

 

You can add as many email addresses to that command as you want. Repeat the Get-ContentFilterConfig command and you will see this list of addresses you entered, starting with the last in the list. This works well, until you need to add another. Using the Set-ContentFilterConfig –BypassedSenders command will overwrite anything that is already on this list. If you want to add a new entry or two, while maintaining the existing entries, use the following commands:

 

$list = (Get-ContentFilterConfig).BypassedSenders
$list.add("user3@example.com, user4@example.com")
Set-ContentFilterConfig -BypassedSenders $list 

 

By creating the $list from the existing entries, and then adding the new entries, and feeding the combined list back into the Set command, you will preserve your existing entries. It’s kind of like adding a new directory to your path.

 

Why would you want to whitelist senders? It could be that for some reason, the sender is legitimate, but frequently sends messages that look spammy because of keywords, or a large number of links. Or it could be a business partner or critical customer, and you want to be sure that communications from them are not blocked. Just remember two things; any message that says it is from someone on that list will be passed without further checking, and that whitelist applies to all mailboxes, not just to an individual. As long as you can live with those caveats, you’re ready to go.

Written by Casper Manes

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.

Leave A Reply