Troubles with deleted attachments in Exchange 2007 Edge Server

My continuing journey in to the joys of having a non-standard Edge server configuration, just to have a lab to muck around in!

Certain file types, mainly .exe were being deleted and replaced with a simple .txt with the name of the deleted file attached to the original email. So I got evil.exe.txt rather than evil.exe.

I turned to Google for Powershell commands on how to configure the Edge server, since the GUI showed nothing active in the Transport rules tab.

Found this command Get-TransportAgent cmdlet to view the configuration of a transport agent on a computer that has the Edge Transport server role or the Hub Transport server role installed in a Microsoft Exchange Server 2007 organization.
http://technet.microsoft.com/en-us/library/bb123536(EXCHG.80).aspx

[PS] C:\Documents and Settings\Elvis>Get-TransportAgent

Identity Enabled Priority
——– ——- ——–
Connection Filtering Agent True 1
Address Rewriting Inbound Agent True 2
Edge Rule Agent True 3
Content Filter Agent True 4
Sender Id Agent True 5
Sender Filter Agent True 6
Recipient Filter Agent True 7
Protocol Analysis Agent True 8
Attachment Filtering Agent True 9
Address Rewriting Outbound Agent True 10

This lead me to believe my naughty server was blocking by default and this proved me right:
http://technet.microsoft.com/en-us/library/aa997139(EXCHG.80).aspx

By the magic of changing Enable to Disable, I modify the Powershell command and ran it.

Disable-TransportAgent -Identity “Attachment Filtering agent”

[PS] C:\Documents and Settings\Elvis>Get-TransportAgent

Identity Enabled Priority
——– ——- ——–
Connection Filtering Agent True 1
Address Rewriting Inbound Agent True 2
Edge Rule Agent True 3
Content Filter Agent True 4
Sender Id Agent True 5
Sender Filter Agent True 6
Recipient Filter Agent True 7
Protocol Analysis Agent True 8
Attachment Filtering Agent False 9
Address Rewriting Outbound Agent True 10

And as if by magic, my .exe came through to Outlook untouched.

Hopefully, a useful reference if other oddities happen again!

Should reaaaaaallllly think about learning PowerShell sooner rather than later …

Reply now | Feed

3 Comments

  1. #4
    max - la piccola casa :

    Mar 11, 2008 11:00 pm |

    I’ve the same problem, you know how can disable the attachment detection in compressed file like .zip?

  2. #5
    Chris Mohan( author ) :

    Mar 15, 2008 11:27 pm |

    You can remove the type of attachment being scanned.

    Check that .zip are in the blocked group using the powershell cmdlets:
    Get-AttachmentFilterEntry and Get-AttachmentFilterEntry
    You should see a file type for .Zip. Use

    Remove-AttachmentFilterEntry filename:*.zip

    And that should allow them through. For more info
    http://technet.microsoft.com/en-us/library/aa997139(EXCHG.80).aspx or Google “Remove-AttachmentFilterEntry”
    Make sure you do a backup of your configuration first and try this on your test system first!

  3. #6
    Florasy :

    Mar 24, 2008 11:24 pm |

    i am gonna show this to my friend, man

Leave a Reply


XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Wp Logo Theme: Guangzhou
Home