We have a spam filter monitoring all email before it hits our exchange server. If it deems anything "SPAM" it sets the "x-flag-spam" to yes and places "*****SPAM*****" into the subject of the email.
I have configured two separate transport rules in exchange 2013: 1) checks the 'x-flag-spam' for 'yes' and 2) checks the subject for "*****SPAM*****" and for the most part they work well.
I created the second rule because the first rule didn't seem to work all the time. It let some emails get through to clients 10% of the time. Even with the second rule emails with "*****SPAM*****" in the header get through 10% of the time. I am at a loss as to why these emails are making it through. I've already verified that 90% of the emails are indeed getting deleted. Just not this 10%. They seem to be coming in spurts too. (i.e. users get 2-3 at a time and then nothing for several days).
So my question is, is there a way to view the log of the transport rules? This way I can see what exactly is happening?
Any other ideas welcome as well.
Thanks, Luke Pickard