Your SlideShare is downloading. ×
Microsoft Forefront Online Protection for
Exchange 9.3 New Features Guide
Microsoft Corporation
Published: November 2009
Legal Information
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property ...
Contents
Introduction........................................................................................................
Introduction
This guide provides up-to-date information about the latest features and changes for Microsoft
Forefront Onli...
Header: RegEx syntax



   Name match expression:            X-Mailer

   Value match expression:           ContosoMailers...
familiar with RegEx syntax, you can select the Basic option, which will allow you to create simple
expressions for content...
Metacharacter                     Description                            Example

                                  basic ...
Character type   Character   Description                    Example

                                 Used in
            ...
Character type        Character             Description                    Example

                                      ...
such as Reject, Encrypt, Redirect. The Administration Center Policy Rules support
    only a subset of RegEx characters.
T...
• Upload large lists. Called Dictionaries, these lists can contain IP addresses,
     domains, e-mail addresses, keywords,...
How to replace a dictionary

        1. From the Administration tab, select the Filters subtab
        2. In the Tasks pan...
dictionary from these policy rules. Then you can return to the Filters tab and
                  delete the dictionary.
  ...
Policy Rule           Apply            Message Containing Recipients        Rule Behavior
                      Opportunis...
Spanish
Supported browsers for these languages are limited to the following:
        •   Internet Explorer 7
        •   I...
To set language preferences for Safari 3 (using the Mac OS X system preferences) do
   the following:

            1. Usin...
• SMTP Connectivity Checker: Some areas within the SMTP Connectivity Checker
        pages will not be translated into loc...
18
Upcoming SlideShare
Loading in...5
×

Microsoft Forefront - Online Protection for Exchange 9.3 New Features Guide

1,333

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,333
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Microsoft Forefront - Online Protection for Exchange 9.3 New Features Guide"

  1. 1. Microsoft Forefront Online Protection for Exchange 9.3 New Features Guide Microsoft Corporation Published: November 2009
  2. 2. Legal Information Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. ©2009 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Entourage, Excel, Hotmail, Outlook, Windows, and Windows Server are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.
  3. 3. Contents Introduction.....................................................................................................................................4 Overview.........................................................................................................................................4 Enhancements and changes resulting from the 9.3 release........................................................4 Enhanced Policy Rule Syntax Options............................................................................................5 Basic syntax.............................................................................................................................6 RegEx syntax...........................................................................................................................7 New Policy Rules E-mail Header Match Option............................................................................10 Custom Policy Rules Filters..........................................................................................................10 Updated Match Option for Outbound Forced TLS Rules...............................................................13 Globalization of the Administration Center....................................................................................14 Support in Local Languages.........................................................................................................17 Minor Interface/Terminology Changes..........................................................................................17 Policy Rules Tab........................................................................................................................17
  4. 4. Introduction This guide provides up-to-date information about the latest features and changes for Microsoft Forefront Online Protection for Exchange.These changes help improve performance and usability, and give you better management capabilities for existing hosted services. You can use the information in this document to help prepare your messaging environment for updated services, and to communicate information to customers, partners, and employees. Overview The primary objective of the Microsoft Forefront Online Protection for Exchange 9.3 enhancements is to improve your ability to create and maintain custom filtering rules. These enhancements were a direct result of feedback from Forefront Online Protection for Exchange customers, who expressed a need for more options when they created custom company policy rules for filtering, and more flexibility to manage these rules. Enhancements and changes resulting from the 9.3 release • Policy rule syntax options: You have the option to use two types of syntax. First, you can use a basic syntax, which is a mixture of comma-separated values (CSV) and simple string-wildcard syntax. Second, you can use a subset of the regular expression (RegEx) syntax for more complex rules, which is useful when listing content for policy rules. • New Policy Rules e-mail header match option: You can match e-mails based on e- mail header name and value. The following sample e-mail header rule is shown in both basic and RegEx syntax. Examples: Header: Basic syntax Name match expression: Message-ID Value match expression: <d1234f1869fb3fb83bfd215319beb77c@www.contoso.com> Interpretation: Matching e-mail header containing the header "Message-ID: <d1234f1869fb3fb83bfd215319beb77c@www.contoso.com>" 4
  5. 5. Header: RegEx syntax Name match expression: X-Mailer Value match expression: ContosoMailers[versions1.73]|PartnerContosoMailer1234 Interpretation: Matching e-mail header that contains the header "X-Mailer: ContosoMailer [version 1.73]" including whitespaces OR "X- Mailer: PartnerContosoMailer1234" • Updated match option for outbound forced TLS rules: The Policy Rules editor now offers a check box to enable Opportunistic TLS for recipients not specifically identified by the policy rule. • Custom policy rules filters now feature the following enhancements: a. The ability to upload dictionaries of custom-created lists or content for use in policy rules b. The ability to apply the dictionaries across multiple rules and domains Example: You want to add 200 e-mail addresses to an existing list of 400 addresses that are being used in multiple policy rules. By using the new dictionaries feature, you do not have to search for and edit every policy rule that uses this list of addresses. You can just edit or replace the dictionary of addresses and all policy rules using this dictionary will be updated accordingly. • Other updates to the Administration Center include the following: a. Globalization of the Administration Center: The Administration Center and online help center are now available in 13 languages. b. Support: Help documentation has also been translated into 13 languages and telephone support is also available in these languages. c. Minor interface and terminology changes: Some terms, titles, and icons located throughout the Administration Center have been updated as part of an ongoing effort to improve the user experience and globalization of the Administration Center. Enhanced Policy Rule Syntax Options When creating policy rules, you now have two options for the syntax of the rule. First, you can use comma-separated values (CSV) mixed with the string-wildcard syntax, which is listed as Basic in the Administration Center Policy Rules editor and can be used for both manually entered content in the policy rule editor or as syntax for the Dictionary file uploaded through the Filters repository. Second, you can use a subset of characters specified in the Regular Expression syntax, which is listed as RegEx in the Policy Rules editor, for more complex rules. If you are not 5
  6. 6. familiar with RegEx syntax, you can select the Basic option, which will allow you to create simple expressions for content filtering and help you write correct match expressions by evaluating your match expressions format based on the context they are defined within. For example, only correct IP addresses will be accepted in the IP address field. If the rules you wish to create require more complexity, such as matching patterns of numbers and patterns of words, you can use a subset of RegEx syntax characters by selecting the RegEx option. With this option there are no context based validations; only syntax-specific validations will apply. Basic syntax When you select Basic in the Policy Rules editor, you will be able to list expressions using a CSV syntax separating the match expressions with commas. Additionally, you will be able to enhance match expressions with simple string-wildcard metacharacters. The same syntax applies to dictionary files uploaded through Filters. Basic syntax definition: Metacharacter Description Example , A comma is the choice abc, def, xyz matches abc or metacharacter, also known as an def or xyz alternation or a separator, and it matches the expression listed either before or after the comma. * An asterisk is the wildcard ab* matches aba or abaa or metacharacter and it represents abaaa or ab12345667, etc. zero or more characters. Note This character is equivalent to the (.*) in the RegEx syntax. ? The question mark represents ab? matches aba or abb or any single character. abc or ab1 or ab2, etc. Note This character is equivalent to the . in the RegEx syntax. A backslash is the escape *abc? matches *abc? operator. In order to match the literals , * ? or and to suppress their special meaning in the basic syntax, the escape operator needs to be placed in front of the 6
  7. 7. Metacharacter Description Example basic syntax operators. Note This character is equivalent to the in the RegEx syntax. /0 up to /23 A slash mark indicates Classless 99.99.99.0/23 matches IP Inter-Domain Routing (CIDR) ranges from 99.99.99.0 up to notation. This can be expressed 99.99.99.255 by adding a slash mark / followed by a number from 0 up to 23 after the last octet of an IP address. Note CIDR notation applies only to IP address expressions and cannot be used in other context. Note The total number of characters inserted into any Policy Rule field or dictionary cannot exceed 9,000. Dictionary file size limit is 2 MB. RegEx syntax When you select RegEx in the Policy Rules editor, you can specify more complex expressions that match patterns of text, numbers, or special characters. For example, you can match many different variations of a word such as viagra, vi@gra, vlagra, using a subset of RegEx characters. This will allow you to minimize the number of rules needed, and to create powerful matching expressions, such as scanning for credit card numbers, social security numbers, e-mail addresses, and similar strings of sensitive words or numbers. The RegEx option in the Policy Rules editor is a subset of the POSIX Basic and Extended Regular Expressions syntax, expressed in the following table. Character type Character Description Example Meta ^ The caret metacharacter ^abc matches matches the starting abc1234, but will not position within the string. match 1234abc Note 7
  8. 8. Character type Character Description Example Used in combination with the dollar sign character, the caret has the same functionality as the exact match option. Meta $ The dollar sign abc$ matches metacharacter matches the 1234abc, but will not ending position of the match abc1234 string, or the position just before a string-ending newline. Note In combination with the caret character, the dollar sign offers the same functionality as the exact match option. Meta * The star matches the ab*x matches abx or preceding element zero or abbx or abbbx or more times. abbbbx, etc. Important This character should be used with caution; match expressions using this character might match more than intended. Meta + The plus metacharacter ab+x matches abbx or matches the preceding abbbx or abbbbx or element one or more times. abbbbbx, etc. Important This character should be used with caution; match expressions using 8
  9. 9. Character type Character Description Example this character might match more than intended. Meta . The period metacharacter ab.x matches ab1x or matches any single ab2x or ab3x or ab4x, character except newline. etc. Meta ? The question mark matches ab? matches a or ab the preceding element zero or one times. Meta | The pipe is a choice, or abc|def|xyz matches alternation, character, abc or def or xyz or which matches the abc12345, but will not expression either before or match a123c or axm after the operator, starting from the first (left) string and stopping when a match is found. Meta The backslash causes x*1.5+9x=y RegEx metacharacters to matches x*1.5+9x=y be treated as literal characters in the context of the rule. Class w The backslash with w123 matches a123 lowercase w matches any or bbb123 or word character, including c_c123xxx, but will not alphanumeric characters match @123 with "_"). Class d The backslash with dabc matches 123abc lowercase d matches any or 12345abcxxx or decimal digit. 1abc1, but will not match abc123 or @abc123 Class s The backslash with abcsdef matches abc lowercase s matches any def white-space character. If you are unfamiliar with RegEx syntax, we recommend that you use the Basic option or Important test rules by using the Test policy rule action before using them with policy rule actions 9
  10. 10. such as Reject, Encrypt, Redirect. The Administration Center Policy Rules support only a subset of RegEx characters. The total number of RegEx characters inserted into any Policy Rule field cannot exceed 9,000. For more information about both syntax options, see the Policy Rule Syntax section in the Administration Center User Guide. New Policy Rules E-mail Header Match Option The Policy Rules editor now offers e-mail message header fields as a match option for policy rules. You can create rules for scanning the header field name and field value using Basic or RegEx syntax. The following is an overview of the e-mail header match options. For more information, see the Policy Rule Match Options section of the Administration Center User Guide. E-mail part Match for Syntax Additional match option Header Field name Basic none Field value Basic or RegEx Case sensitive match The following image shows the new header policy editor options. Custom Policy Rules Filters The Filters repository lets you add and manage large lists of values for multiple policy rules. This includes the following: 10
  11. 11. • Upload large lists. Called Dictionaries, these lists can contain IP addresses, domains, e-mail addresses, keywords, and file names and extensions that you want to quickly use in various policy rules. Utilizing these lists can be faster than manually entering hundreds of keywords or e-mail addresses in the policy rule editor. • Download dictionaries. Dictionaries can be downloaded from within the Filters tab by clicking the dictionary name. • Replace dictionaries. Any dictionary can be replaced, even if it is currently associated with a policy rule. In this case, all policy rules using the dictionary that is replaced will be updated with the new values. • Delete dictionaries. Dictionaries can be used in multiple policy rules. Therefore, deleting them from the Filters repository would cause a change of behavior in the associated policy rules and a potentially undesirable impact on the message flow. Therefore, dictionaries that are currently associated with any policy rule cannot be deleted from the Filters repository (see the Usage column on the Filters tab). To safely delete dictionaries, browse all policy rules using the dictionaries by navigating to the specific policy rules via the link on the Usage column, and unlink the dictionaries from the appropriate policy rules. Only then can the dictionaries be deleted from the Filters tab. • Audit dictionary actions. Any time a dictionary is added, deleted, or moved, a record of the action will be saved in the Audit Trail. This will ensure that any outcomes associated with adding, deleting, or moving a dictionary can be tracked to the root cause. Note The maximum permissible file size for dictionaries is 2 MB and each file can support 9,000 characters. Additionally, dictionary files support only Basic syntax. For more information about the supported syntax, see Basic Syntax in Policy Rule Syntax. How to import a dictionary 1. From the Administration tab, select the Filters subtab 2. In the Tasks pane, select Import Dictionary 3. In the Import Dictionary box, select Browse next to Dictionary file: 4. Find and select the file (e.g. CSV or TXT file format) in your network or computer files and then select Open 5. If desired, change the name of the dictionary file in the Dictionary name: field (otherwise, whatever name you gave the file when you saved it to your own files will be used in this dialog box and once the dictionary has been uploaded). 6. Select the appropriate type of content that your dictionary contains (e.g. domain names, e-mail addresses) from the Dictionary contents menu. 7. If desired, add any comments/notes about the dictionary in the Comments field. 8. Select Import. 11
  12. 12. How to replace a dictionary 1. From the Administration tab, select the Filters subtab 2. In the Tasks pane, select Import Dictionary 3. In the Import Dictionary box, select Browse next to Dictionary file: 4. Find and select the file (e.g. CSV or TXT file format) in your network or computer files and then select Open 5. Change the name of the dictionary file in the Dictionary name: field to match the file name of the dictionary you want to replace. 6. Select the check box Replace Dictionary if exists. 7. Select the appropriate type of content that your dictionary contains (e.g. domain names, e-mail addresses) from the Dictionary contents menu. This content type needs to match the content of the dictionary you want to replace. 8. If desired, add any comments/notes about the dictionary in the Comments field. 9. Select Import. How to add a dictionary to a rule 1. Select the Policy Rules subtab. 2. Select the rule you want to apply the dictionary to by clicking the appropriate rule ID, or create a new rule. 3. Expand the policy editor fields for the appropriate message component (e.g. Body) by selecting the down-arrow icon next to the component title. 4. Select your uploaded dictionary from the Dictionary combo box. Note You can either have a match expression in the textbox, or select Dictionary. If you select Dictionary, the textbox will be de-activated, and any match expressions entered in this textbox will be deleted upon saving of the policy rule. 5. Add additional settings to the policy rule and select Save. How to delete a dictionary 1. Select the Filters subtab. 2. Select the dictionary you want to delete by clicking the checkbox next to the name of the appropriate dictionary. Important If the dictionary you wish to delete is currently in use by any policy rules, browse all policy rules associated with this dictionary (by navigating to the specific policy rule by selecting Usage within the Filters tab) and unlink the 12
  13. 13. dictionary from these policy rules. Then you can return to the Filters tab and delete the dictionary. 3. Select the appropriate dictionary and click Delete. How to audit a dictionary-related action 1. Select the Tools tab. 2. Select the Audit Trail subtab. 3. Browse the Audit Trail for the PatternFiles events. Information related to the creation, replacement, and deletion of dictionaries is recorded here. For more information about dictionaries, see the Filters section of the Administration Center User Guide. Updated Match Option for Outbound Forced TLS Rules The Policy Rules editor now offers a check box to allow opportunistic transport layer security (TLS) for messages sent to recipients not specifically identified by the policy rule. If the Enable Opportunistic TLS for unspecified recipients check box is unchecked, then outbound messages will be bifurcated. This means that authenticated Transport Layer Security (TLS) will be enforced for the delivery of all recipients on the message, where any of the recipients match the Policy Filter rule and the recipient mail transfer agent (MTA) is configured to accept TLS- based connections (including valid public certificates). If one of the recipients has an MTA that does not support TLS connections, then the message to this recipient will be rejected. Checking this box will still enforce authenticated TLS on the recipient who matches the rule, but also allows all other recipients to be transmitted using Opportunistic TLS if all attempts to enforce TLS fail. The Microsoft Forefront Online Protection for Exchange service will always use the highest level of encryption available for transmission of the messages, and, if not available, step down. Examples: Policy Rule Apply Message Containing Recipients Rule Behavior Opportunistic Note TLS for unspecified Example domain recipients acquisition.com supports TLS connections, and alpha.com does not. Traffic Scope: Not selected c@acquisition.com; d@alpha.com Message to Outbound c@acquisition.com Domain Scope: will be transmitted via contoso.com TLS; message to 13
  14. 14. Policy Rule Apply Message Containing Recipients Rule Behavior Opportunistic Note TLS for unspecified Example domain recipients acquisition.com supports TLS connections, and alpha.com does not. Action: Force d@alpha.com will be TLS rejected, since Sender domain: alpha.com does not acquisition.com support TLS connections (or does not have a valid public certificate) Traffic Scope: Selected c@acquisition.com;d@alpha.com Message to Outbound c@acquisition.com Domain Scope: will be transmitted via contoso.com TLS; message to Action: Force d@alpha.com will be TLS transmitted via SMTP Recipient (unencrypted domain: channel) acquisition.com Globalization of the Administration Center To support the growing set of international customers, the Administration Center site is now available in the following languages: Simplified Chinese Traditional Chinese Dutch French French Canadian German Italian Japanese Korean Portuguese Portuguese (Brazil) 14
  15. 15. Spanish Supported browsers for these languages are limited to the following: • Internet Explorer 7 • Internet Explorer 8 • Firefox Version 3 • Safari Version 3 In order to view the Administration Center in one of the 13 supported languages, your Internet browser’s language preferences must be configured to accept the appropriate language(s). To set language preferences for Internet Explorer 7, do the following: 1. Using Internet Explorer 7, open a browser 2. On the Tools menu, click Internet Options 3. Click the General tab 4. Select Languages 5. Select Language Preference 6. Add the language you would like to see when using the Administration Center To set language preferences for Internet Explorer 8, do the following: 1. Using Internet Explorer 8, open a browser 2. On the Tools menu, click Internet Options 3. On the General tab, click Languages 4. In the Language Preference box, click Add 5. Add the language you would like to see when using the Administration Center To set language preferences for Firefox 3, do the following: 1. Using Firefox 3, open a browser 2. On the Tools menu, click Options 3. Click the Content tab 4. Select Languages 5. Click the Choose button 6. Choose the language you would like to see when using the Administration Center 15
  16. 16. To set language preferences for Safari 3 (using the Mac OS X system preferences) do the following: 1. Using Safari 3, open a browser 2. Select System preferences 3. Select International 4. Select Language 5. Select the language you would like to see when using the Administration Center The following areas of the Administration Center will not be localized for the 9.3 release: • Reports: The output of scheduled reports; that is, the Reports pages will be localized, but the generated reports from these pages will not. The output of ad-hoc View reports. The e-mail message that accompanies scheduled reports. • Administration Center Upload Notifications: Only the network server option will be localized, as the Directory Synchronization Tool is out of scope for this release. • Policy Rules: The details sections of the policy and dictionary list views will have a combination of English and a local language. When content is entered into the following Policy Rules fields, it may not be translated into the local language: • Rule ID input • Domain scope input • Usage input • Copy admin e-mail address • Sender IP address • Sender domains • Sender e-mail address • All header information • Recipient domains • Recipient e-mail address • Attachment file extensions • Message subject • Message body • Maximum number of recipients • Maximum size • Character sets • Audit Trail: Any content entered in the user e-mail address and domain fields in the Audit Trail will not be translated. The Activity field will be a combination of English and local language. 16
  17. 17. • SMTP Connectivity Checker: Some areas within the SMTP Connectivity Checker pages will not be translated into local language. These include: IP address E-mail address Customer Name • Miscellaneous company information: A variety of company information fields, located throughout the Administration Center, will also not be translated into local languages. These include, but are not limited to: company, domains, IP addresses, subscription types, e-mail addresses, and footers. Support in Local Languages Support and help documentation is also now available in Chinese, Dutch, French, German, Italian, Japanese, Korean, Portuguese, and Spanish. Local language telephone support is also available for these languages. To receive telephone support in one of these languages, follow the instructions for using translation services when you call Microsoft technical support at (866) 291-7726. Minor Interface/Terminology Changes As part of an ongoing effort to improve the usability of the Administration Center, Microsoft made changes to the appearance of some features and also changes to some terminology. These changes are summarized here. Policy Rules Tab The Direction category has been renamed to Traffic Scope, in order to better indicate that this category represents whether the policy rule is for inbound, outbound, or disabled message traffic. The Scope category has been renamed to Domain Scope in order to specify that this category reflects the domains associated with the policy rule. A variety of other minor terminology changes have also been made to the Policy Rules editor field titles in order to provide a more user-friendly experience. The following image shows the updated Policy Rules tab: 17
  18. 18. 18

×