The anti-spam agent installation process with Exchange 2013 is similar to previous versions of Exchange. When you install anti-spam agents on Exchange 2013 servers, most agents will be installed on the mailbox role but not the Connection filtering agent, also known as RBL, DNS Block List, etc.
The PowerShell script install-AntispamAgents.ps1 will look for which server role is installed and will not install Connection filtering if the server holds the mailbox role. This is understandable since SMTP connection should come in from the CAS server and then the original sending IP will not be show since CAS do Source-NAT. So the logic would be to install the connection filtering agent on CAS. However the install script will not let you do that either. Connection Filtering will only install on Edge role.
I can only speculate why this is the case. Either Microsoft wants it to be like this or they have found some trouble with the Connection Filtering Agent running on CAS.
I figured I will give this a try anyway, and here is how you get it to work:
Since the script doesn't install the Connection filtering agent on CAS it is probably unsupported to install the agent manually, but I had it running for months without any problem so make your own judgment.
Lasse works as a consultant performing almost anything related to Exchange server, Architect/Reviewer/Design/development and teaching, and sometimes MOC material but also client specific. Lasse understands large enterprise environments as well as the small environment. His knowledge and understanding of customer needs makes him the perfect team member of migration/consolidation projects. Besides doing consulting he speaks at conferences and seminars and if time permits, he writes technical articles. Lasse Pettersson has been awarded the title MVP (Most Valuable Professional) by Microsoft since 2005 for his work with Exchange server. Lasse focus on Exchange server but also work with other products and technologies such as Lync server, Active Directory, firewalls and network communications. You can read his blog "a new message has arrived".