Protezione delle mail Full featured SMTP hygiene Exchange Edge Transport for SMTP stack Requires valid license Integrated with Microsoft® Forefront™ Protection 2010 for Exchange Server Antimalware Antispam Antiphishing Also supports generic SMTP mail servers
Vantaggi di una e-mail policy con Forefront TMG Protection on the edge saving processing resources, bandwidth, and storage Integrated management—When you create an e-mail policy using Forefront TMG, you configure the settings in the Forefront TMG Management console, and then Forefront TMG applies your configuration to Exchange Edge and FPES Extended management—Forefront TMG allows you to deploy multiple servers in an array, and manage those servers from a single interface. This is true for the e-mail protection feature, which is a benefit not available to other Exchange and FPES deployments Native support for Network Load Balancing (NLB)—Using NLB and a virtual IP address, you can deploy more Forefront TMG servers at a single point of entry, thereby processing more mail traffic
Funzionalità Protection at the edge Protects mail at the edge of the organization with Forefront Protection 2010 for Exchange Server Advanced protection and premium antispam Multiple scan engines to protect against malware and provide a premium antispam solution Integrated management Easy management of Microsoft Exchange Server Edge role and Forefront Protection 2010 for Exchange Server through Forefront TMG Array deployment Support for managing and load balancing traffic among multiple servers
Forefront Protection for Exchange e Mail Flow FPE effettua le verifiche a livello edge a applica uno «stample» Ricezione mail da client esterno Passaggio da Edge a Hub attraverso il firewall Ulteriore verifica delle regole Applicazione regole firewall Se è presente FPE sull’hub, si attiva Verifica stample AV e solo in mancanza di uno stample anti-malware
Forefront Protection e Ruoli ExchangeFPE can be implemented on a single role machine or on a machine that includes three rolesThe configuration options that FPE allows you to implement will vary according to therole for which it was implementedFPE does not support installations on a CAS-only role because there is no workload toprotectNOTE If you have configuration file to anyou can install and configure FPE on a single To export the multiple Exchange servers, .xml file Export-FseSettings -path c:ConfigSettingsExport.xmlExchange server and later export and import the configuration settings to your otherExchange servers. However, you must install FPE on each separate server before you can To export all extended optionsmport the configuration settings Get-FseExtendedOption -name * >> c:ConfigSettingsExtended.txt
Forefront Protection Processing Decision The source analysis performs various tests, such as determining whether the source IP is allowed or if it belongs to a block list In the protocol analysis, another set of tests , such as atest to determine whether the sender is listed as allowed or blocked, is performedNext, the content analysis will determine whether there is any anomaly on the email body that matches any configured policies The user also has a direct influence on the message’sacceptance, based on the local rules created in Outlook
Installazione In each member of the Forefront TMG array: Install Active Directory® Lightweight Directory Services (AD LDS) Install Exchange Server 2007 SP1 (or 2010) Edge Transport role Install Forefront Protection 2010 for Exchange Server Install Forefront Threat Management Gateway 2010 14
Dettaglio : Installazione Edge Transport Server• Install the prerequisite software : open Scripts directory on the installation media and enter the following commandServerManagerCmd.exe –InputPath Exchange-Edge.XML• Install the Edge Transport Server• Configure the EdgeSync Service : open an Exchange Management Shell and enter the following commandNew-EdgeSubscription –FileName C:Edge-TMG.XML• Copy the Edge-TMG.XML file to the internal Hub Transport Server and import it there : open an Exchange Management Shell and enter the following commands:$Temp = Get-Content -Path "C:Edge-TMG.xml" -Encoding Byte -ReadCount 0New-EdgeSubscription -FileData $Temp -Site "Default-First-Site"Start-EdgeSynchronization 15
Dettaglio : Installazione Forefront Protection for Exchange Choosing to Enable Antispam now will disable Exchange’s content filtering agent, if it is currently enabled. Uninstalling FPE will not re-enable Exchange’s content filtering agent; re-enabling the filtering agent must be done manually 16
Configurazione Run e-mail policy wizard Configure SMTP routes Configure spam filtering Configure virus and content filtering Enable and configure EdgeSync 17
E-Mail Policy Wizard Impostare il server interno e i domini per cui si è autoritativi lmost every options are configured for you without additional configuration , all but content filtering do not go below 6 in content filtering or most the emails will blocked
Creazione di SMTP Routes Defines how Forefront TMG routes traffic from and to the organization SMTP servers At least two routes required: Internal_Mail_Servers define the IP addresses and SMTP domains of the internal mail servers External_Mail_Servers define which mail is allowed to enter the organization and the external FQDN/IP address that will receive mail Each SMTP route has an e-mail listener which responds to mail requests from permitted IP addresses and networks.
Creazione di route Anti-virus Engines Forefront Security for Exchange (FSE) Multi-layer Filters Multi-layer Filters Exchange Edge Role Receive Connector Send Connector Network Inspection System (NIS) TMG Filter Driver External Network Internal Network ``
Spam Filtering The anti-spam solution on FPE is composed of four major detection pillars: Source Protocol Content Client analysis To configure these options, under the Antispam option, click Configure. You can run the Windows PowerShell command Set- FseSpamFiltering -enabled $true on the Forefront Management Shell to enable the Antispam feature. This process requires you to restart the Microsoft Exchange Transport service. Another way to enable the Antispam feature is by clicking Enable Antispam Filtering
Configurazione di Spam Filtering Defines spam filtering policy Connection-level filtering IP Allow List IP Allow List Providers IP Block List Block List Providers Protocol-level filtering Configuring Recipient Filtering Configuring Sender Filtering Configuring Sender ID Configuring Sender Reputation Content-level filtering
Spam Filtering - IP Allow List The IP Allow List allows you to add one or more IP addresses that are considered trusted and should always be allowed to send e-mail . You can use this option for example in a scenario where you have partners that you want to categorize them as source trust of e-mails and therefore allow them to send e-mail without passing through the normal SMTP filters . This feature is enabled by default on the Spam Filtering tab
Spam Filtering - Ip Allow List Providers You can use the IP Allow List Providers dialog box to maintain a list of IP addresses that are known to not be associated with any type of spam activity The IP Allow List Providers feature is also referred to as safe list services This feature is enabled by default on the Spam Filtering tab,
Spam Filtering - Ip Block List In contrast with the IP Allow List, the IP Block List allows you to add one or more IP that should never be allowed to establish an SMTP connection with TMG You want to block this IP during the connect phase (the initial attempt to establish the SMTP connection)
Spam Filtering - Ip Block List provider You have the capability to add the providers that are known (or suspected) to send spam This option is enabled by default and you can change the status in the Status drop-down box
Spam Filtering - Recipient Filtering In the Recipient Filtering dialog box, you can specify a list of e-mail addresses or a distribution list that would like to receive e-mails from outside your organization It is very common within an organization to have some distribution lists that are used regularly and those you might want to prevent receiving e-mail from Internet .
Spam Filtering - Sender Filtering If you learn of a specific e-mail address that is sending lots of spam to your organization and you want to block that source e-mail address from sending messages, you can use the Sender Filtering feature1. Click the Block Senders tab and notice that by default thereis already a filter to block2. Click Add, and then add the e-mail address3. Click OK . Click Add again and then specify the domain that you want to block4. 5. Click the Action tab to specify the action to be taken when a message contains one of the senders specified in the Block Senders list
Spam Filtering - Sender ID The Sender ID feature works by verifying that the source of the message is the organization it claims to be . Sender ID checks the IP address of the sending server against a registered list of servers that the domain owner has authorized to send e-mail .
Spam Filtering - Content-level Filtering Delete Messages That Exchange Edge Transport Server (installed on the TMG computer) accepts and then deletes the Have A SCL Rating message Greater Than Or Equal To The message is deleted and the sending server is not Because the sending server understands that the message was accepted, the sending server notified of the doesn’t retry sending the message in the same session message deletion Reject Messages That This option rejects the message by sending one of several SMTP negative responses to the Have A SCL Rating sending server Greater Than Or Equal To Quarantine Messages When using this option you need to specify a mailbox to hold the quarantined e-mail . You That Have A SCL must have the mailbox account already created prior to configuring this option . In other Rating Greater Than Or words, this option does not create a mailbox for quarantine—it can only use an existing Equal To mailbox The numbers that are configured besides each of those option have a range from 0 to 9, where 9 indicates that the e-mail is very likely to be spam and 0 indicates that the e-mail is least likely to be spam . Notice that by default all options are dimmed, but if you select any of those check boxes the option will be enabled . For this example leave all these settings at their default values and click OK to close the dialog box
Virus and Content Filtering Configures antivirus, file attachment, and message body filtering Virus filter – Engine selection policy and remediation actions File filters – Unwanted file attachments based on file type, filename, and prefix Message body filters – Identify unwanted e-mail messages by applying keyword lists to the contents of the message body
Virus and Content Filtering - Configuration On the Engines tab you can select up to five engines that will be used for transport scanning (inbound and outbound messages You can also select how the engines will be used to scan the messages by selecting one of the following options: Always Scan With All Selected Engines Using this option Forefront Protection 2010 for Exchange Server queues messages for scanning if any of the selected engines becomes busy, such as during signature updates or heavy e-mail traffic times . Scan With The Subset Of Selected Engines Which Are Available This option scans using all selected engines . Scans alternate between engines when one of the selected engines is busy . Scan With A Dynamically Chosen Subset Of Selected Engines Using this option Forefront Protection 2010 for Exchange Server heuristically chooses from the selected engines, based on recent results and statistical projections Scan With Only One Of The Selected Engines Using this option only one of the selected engines listed in this dialog box is used to scan any single objectNote When selecting multiple engines it is important to consider performance andsizing of the server. CpU utilization can increase 20 to 40 percent depending on biasand engines.