How to Configure the Store Junk Mail Threshold in SBS 2008

[Today's post comes to us courtesy of Damian Leibaschoff]

In SBS 2008 we automatically configure Content Filtering in Exchange 2007 to reject any e-mail that scores a spam confidence level of 7 or higher.

Get-ContentFilterConfig| fl scl*

SCLRejectThreshold : 7
SCLRejectEnabled : True
SCLDeleteThreshold     : 9
SCLDeleteEnabled       : False
SCLQuarantineThreshold : 9
SCLQuarantineEnabled   : False

However, we do not configure the threshold for automatically moving suspect e-mails to the junk mail folder of a recipient. This setting is left with its default of higher than 8, basically having no effect whatsoever for inbound e-mail (as we are rejecting them at 7 anyways).

This is the default setting on an SBS 2008 install:

Get-OrganizationConfig | fl scl*

SCLJunkThreshold : 8

There are many different strategies on how to set these thresholds at the content filter level and at the store, the simplest way is to set the store threshold to a value that is lower than the threshold set on the content filter, for example, we could set it to 5 (meaning that any e-mail that scores 6 will be moved to the Junk Email folder of the recipient).

To do this we have to open an Administrative Exchange Management Shell and then type the following command:

Get-OrganizationConfig | Set-OrganizationConfig -SCLJunkThreshold:5

You have to keep in mind that you have to find the right balance for this value and your needs, as now you are starting to work to levels of confidence that could lead to false positives, if you encounter such, remember that you can always white list the sender (directly from Outlook) and prevent this in the future, or you can tweak the settings higher or even lower.

If you want to read more about this, check the following: https://technet.microsoft.com/en-us/library/aa995744.aspx

Note: You may notice that the math above looks a little off, this is because the SCLRejectThreshold and the SCLJunkThreshold work slightly differently.  The SCLRejectThreshold uses >= (greater than or equal) while the SCLJunkThreshold uses > (greater than) in it's processing logic.