Wednesday, December 15, 2010

How to configure Exchange 2007 Edge Transport Server Whitelists

I got a call from a client earlier tonight because he needed an additional domain added to their Exchange 2007 Edge Transport server’s whitelist. As some of you may already know, there is no place in the Exchange Management Console GUI to append to this list so when the client asked me where the window was, I simply told him I would have to go do it for them when I get home via PowerShell. Since I’ve gone through the exercise to do this tonight, I thought I’d write a post with the considerations and instructions so if I I ever get asked this question again while I’m on the road, I can just point them to this blog post.


As I remember, the PowerShell cmdlet does not allow you to append to the list of domains you already have whitelisted which means you’ll need to first extract the current list, copy the domains somewhere (i.e. notepad) then rerun the cmdlet to create the list.

Retrieving the whitelist

To retrieve the list, log onto your Exchange server (not your Edge Transport server), open up PowerShell and type execute the following cmdlet:

Get-ContentFilterConfig FL

More information about this cmdlet can be found here:

The cmdlet above will output information similar to the following:

[PS] C:\Documents and Settings\tluk.domain\Desktop>Get-ContentFilterConfig FL

Name : ContentFilterConfig
RejectionResponse : Message rejected as spam by Content Fil
OutlookEmailPostmarkValidationEnabled : True
BypassedRecipients : {}
QuarantineMailbox :
SCLRejectThreshold : 7
SCLRejectEnabled : True
SCLDeleteThreshold : 9
SCLDeleteEnabled : False
SCLQuarantineThreshold : 9
SCLQuarantineEnabled : False
BypassedSenders : {}
BypassedSenderDomains : {}
Enabled : True
ExternalMailEnabled : True
InternalMailEnabled : False
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=ContentFilterConfig,CN=Message Hygie
ne,CN=Transport Settings,CN=PatientDire
ct,CN=Microsoft Exchange,CN=Services,CN
Identity : ContentFilterConfig
Guid : 5976a079-feba-4464-bc4e-c48a3914a902
ObjectCategory : domain.local/Configuration/Schem
ObjectClass : {top, msExchAgent, msExchMessageHygiene
WhenChanged : 10/27/2010 4:35:33 PM
WhenCreated : 7/10/2009 1:01:30 PM
OriginatingServer : dc2.domain.local
IsValid : True


I’ve gone ahead and highlighted the field BypassedSenderDomains in red. This is where the whitelisted domains are shown. In this case, there is only 1 domain configured so copy the domain down somewhere such as notepad and continue with using the cmdlet to set the whitelist domains.

Creating the whitelist

As noted earlier, when you execute the cmdlet to add domains to the whitelist, you will overwrite the previous so in this example, let’s say we had the domain: in our whitelist and we would like to add another one named: someOtherDomain to the list. To do this, use the cmdlet:

Set-ContentFilterConfig -BypassedSenderDomains,

More information about this cmdlet can be found here:

Once you’ve executed this command, rerun the cmdlet:

Get-ContentFilterConfig FL

From the displayed information, you should see and listed in the BypassedSenderDomains list.


Hope this helps anyone out there who may be unsure about how to do this.


Marc said...

Helped me alot! Thanks from germany :)

Anonymous said...

Very Useful.... thanks Terence.

Anonymous said...

Thanks buddy!