Forefront Protection for Exchange - Allowed sender still delivered to Junk Mail

Question

I've got a fresh install of Server 2008 R2 SP1, Exchange 2010 SP1, and Forefront 2010 Protection for Exchange. All on the same box, Exchange is CAS/Hub/MBS. This is a testing box, looking to evaluate the software configuration.

I've got it running, very default configuration. When I send an e-mail in with a bunch of known spam keywords it correctly delivers to Junk Mail. When I whitelist the sender/domain/IP (even all together) it still gets delivered to Junk Mail. Whilelisting by configuring in FPE -> Policy Mgmt -> Antispam Config -> Content Allow Lists or Filter Lists -> Allowed Sender List.

Mail headers show its being recognized as whitelisted, but still has the SCL score at 9:

X-MS-Exchange-Organization-SCL: 9
X-MS-Exchange-Organization-AuthSource: mailserver.example.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-Antispam-Report: MessageSecurityAntispamBypass
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0

Note the MessageSecurityAntispamBypass from being on the Allowed Sender List.

What do I need to change to get FPE/Exchange to deliver whitelisted e-mails to the Inbox?

Answer 1

Looks like it might be a known issue: http://social.technet.microsoft.com/Forums/en-US/FSENext/thread/78e0ae47-58b1-400f-87d0-dc41fd393acc/

You mentioned in chat that you're seeing the high SCL value set on messages that pass thru your E2K3 bridgehead but not on messages that deliver directly to E2K10 / FPE. If you're going to stay in production in that configuration then, obviously, you'll need to figure out why E2K3 is stamping that high SCL.

Sniffing the traffic between the boxes may be helpful (to assure that E2K3 is stamping the SCL before it's sent to E2K10) but the servers may "EHLO" each other and go into a proprietary binary data exchange-- I can't remember for sure. Changing the SMTP Virtual Server on the E2K3 side to use "HELO" only may help matters there.