Powershell script to create inbox rule to move spam to junk folder on all Exchange 2010 mailboxes

With Hexamail Guard you can tag any email that is processed as spam using header or subject tags. The script below uses the simplest case (a subject prefix tag) to move spam to user “Junk E-mail” folders  automatically in Exchange.
Remember to turn off the Spam blocker Block and Delete options if you want all spam to pass through to the users’ mailbox junk folders.
#Get list of all Exchange mailboxes
$list = Get-Mailbox * -ResultSize unlimited

foreach ($entry in $list)
$user = $entry.alias
$check = Get-InboxRule -Mailbox $user | where { $_.name -like "Hexamail Spam" }

if ($check -ne $null)
elseif ( $check -eq $null)
New-Inboxrule -name "Hexamail Spam" -mailbox $user -MoveToFolder "$($user):\Junk E-Mail" -SubjectContainsWords "Potential spam:" -ExceptIfSubjectContainsWords  ("RE: Potential spam:","FWD: Potential spam:") -confirm:$false -priority 999 -force

Using DNSBL in Exchange 2013

In order to use an RBL with Exchange 2013 its best to use Hexamail to provide antispam for Exchange 2013.

This has several advantages over any built in antispam protection in Exchange:

  1. Hexamail blocks spam before it reaches Exchange and therefore email doesnt ever burden Exchange
  2. It offers various options per blocklist, such as allow, weight, block and reject so you can configure each blocklist to be as aggressive as you wish
  3. Blocked spam appears in a web based quarantine allowing the admin or users to unblock and whitelist in a single click if required
  4. Blocked spam never reaches Exchange or Outlook so no scripts or malicious links can be activated by end users
  5. Configuration is via a full Windows GUI that allows clear configuration of each list and the action it performs rather than using a complicated command line interface (Powershell)

Hexamail DNSBL support is shown in the screenshot below:



DNSBLs can be used not only for the sending IP address (or IP address in the email headers) but also to reject sender

email address domains:





And also any links (URL hostnames)  contained in the contents:




In every case the email can be allowed, weighted, blocked or rejected/deleted based on the matching list found.


Hexamail can be installed on the same server as Exchange or on another, separate server. Installation is controlled by a really simple to use setup wizard that automatically integrates with Exchange if it is installed on the same machine.

You can download a trial of Hexamail Guard here

Challenge Response in Exchange

challenge–response is another  technique for filtering spam that automatically sends a reply to email from new senders with a “challenge” to the (alleged) sender of the  e-mail. The reply contains a link allowing the sender to verify that they did in fact send the email. They may be asked to enter a captcha to prove that they are a human and not a robot.

The advantage of this system is that senders add themselves to a whitelist by verifying that they sent the email so email from the same sender is never challenged again. The technique can be used to block a lot of Exchange Server spam. The only disadvantage is that email such as newsletters and other mail-shot/group/list email may be challenged and a challenge sent to an automated script that cannot verify. In these cases a good challenge -response system ALSO quarantines the incoming email to allow the recipient to release (and whitelist) it.

Microsoft Exchange  does not by default support Challenge Response. It can be added using options in Hexamail Guard, or Hexamail Nexus which can filter and challenge email before they get to Exchange. Both products also feature a quarantine allowing users to release email such as newsletters that may inadvertently be stopped using this technique


Adding Greylisting to Exchange Server 2013 Antispam

Greylisting (or graylisting) is a method of spam protection. A mail server using greylisting temporarily rejects any email from a sender it does not recognize. If the originating server is  areal email server it will rety to send the email after a short delay. The receiving server will accept the email on the next attempt. Spammers often use poorly scripts that do not retry. In this way most spam from bot-nets is avoided. The only disadvantage of greylisting is that there is ashort (configurable) delay for incoming email from new senders. This can be as short as 10 minutes.

To add greylisting features to Exchange server you can use a tool such as Hexamail Guard

This allows greylisting options to be easily added to an existing Microsoft Exchange or Small Business Server, with lots of flexible options controlling and managing the greylist and clear and concise logging.

Hexamail is the only product that allows the greylist to be optionally used depending on the country of origin and time of day of the email. For example you may want to only greylist email during the night, so daytime email are not delayed in any way, and over night all email is greylisted when a short delay is of no consequence.


Greylisting Options in Hexamail Guard

Similarly you can greylist only email from other countries. If most of your customers are in your timezone then the delay to email from other countries will not be noticeable:


Once greylisted a sender’s email will travel unimpeded through to the mailserver.