24 Hours of Exchange Server 2007 (Part 13 of 24): Maintaining Anti-Spam Systems Harold Wong [email_address] blogs.technet....
What We Will Cover <ul><li>Understanding anti-spam functionality </li></ul><ul><li>Deploying a defense-in-depth approach  ...
Agenda <ul><li>Review </li></ul><ul><li>Introduction to Anti-Spam Management </li></ul><ul><li>Understanding Individual Co...
Deploying the Edge Transport Server <ul><li>Message journaling requirements </li></ul><ul><li>Malicious software scanning ...
Deploying the Edge Transport Server <ul><li>SMTP Port 25 </li></ul><ul><li>LDAP Port 50636 </li></ul><ul><li>RDP Port 3389...
Deploying the Edge Transport Server <ul><li>SMTP Port 25 </li></ul><ul><li>LDAP Port 50636 </li></ul><ul><li>RDP Port 3389...
Configuring Internet Message Delivery <ul><li>Active Directory </li></ul><ul><li>Exchange mailbox database </li></ul><ul><...
Configuring Internet Message Delivery <ul><li>Connection filtering </li></ul><ul><li>Sender filtering </li></ul><ul><li>Re...
Configuring Internet Message Delivery <ul><li>Connection filtering </li></ul><ul><li>Sender filtering </li></ul><ul><li>Co...
Agenda <ul><li>Review </li></ul><ul><li>Introduction to Anti-Spam Management </li></ul><ul><li>Understanding Individual Co...
Exchange Server 2007 Anti-Spam Functionality Connection filtering  Sender filtering Recipient filtering Sender ID filterin...
Anti-Spam Mail Flow Connection filtering  Sender and recipient filtering Sender ID filtering Content filtering  Outlook ju...
The Defense-in-Depth Approach  Perimeter Firewall Edge  Transport Server Interior Firewall Hub Transport Server Mailbox Se...
Introduction to Anti-Spam Management <ul><li>Sender reputation filtering </li></ul><ul><li>Recipient ID filtering </li></u...
Introduction to Anti-Spam Management <ul><li>Connection filtering </li></ul><ul><li>Sender ID filtering </li></ul><ul><li>...
Introduction to Anti-Spam Management <ul><li>Perimeter firewall </li></ul><ul><li>Edge Transport server </li></ul><ul><li>...
Agenda <ul><li>Review </li></ul><ul><li>Introduction to Anti-Spam Management </li></ul><ul><li>Understanding Individual Co...
Connection Filtering  Yes Yes No Yes Yes IP allow list IP block list Safe provider list RBL No No No
Sender and Recipient Filtering Delete message Reject via SMTP Yes Yes On sender filter list On recipient block list No No
Sender ID Filtering Delete message Filter message No Yes No From blocked domain Allow sender ID failed On blocked sender l...
Content Filtering  Delete message Reject via SMTP Send to spam quarantine mailbox Microsoft update No No Yes Yes SCL excee...
<ul><li>Configuring Anti-Spam Filters </li></ul><ul><ul><li>Configure connection filtering </li></ul></ul><ul><ul><li>Conf...
Exchange Server Hosted Filtering  Illegitimate senders Spam quarantine Directory service Exchange hosted filtering
Other Strategies and Techniques  Sender reputation filtering Attachment filtering  Spam quarantine Outlook junk e-mail fil...
<ul><li>Enabling Hub Transport Filtering </li></ul><ul><ul><li>Set the Hub Transport to receive e-mail </li></ul></ul><ul>...
Understanding Individual Components <ul><li>IP Allow List </li></ul><ul><li>Safe Provider List </li></ul><ul><li>Real-time...
Understanding Individual Components <ul><li>Connection filtering </li></ul><ul><li>Sender filtering </li></ul><ul><li>Send...
Understanding Individual Components <ul><li>Sender filtering </li></ul><ul><li>Sender ID filtering </li></ul><ul><li>Conte...
Session Summary <ul><li>Understanding anti-spam functionality </li></ul><ul><li>Fighting spam with defense-in-depth </li><...
Questions and Answers <ul><li>Submit text questions using the “Ask” button.  </li></ul><ul><li>Don’t forget to fill out th...
 
Upcoming SlideShare
Loading in …5
×

24 Hours Of Exchange Server 2007 ( Part 13 Of 24)

2,484 views

Published on

Maintaining Anti-Spam Systems

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,484
On SlideShare
0
From Embeds
0
Number of Embeds
80
Actions
Shares
0
Downloads
250
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

24 Hours Of Exchange Server 2007 ( Part 13 Of 24)

  1. 1. 24 Hours of Exchange Server 2007 (Part 13 of 24): Maintaining Anti-Spam Systems Harold Wong [email_address] blogs.technet.com/haroldwong Audio: please try Streaming Internet Audio first If that doesn’t work, use: (800) 618-7506: Pin 5800
  2. 2. What We Will Cover <ul><li>Understanding anti-spam functionality </li></ul><ul><li>Deploying a defense-in-depth approach </li></ul><ul><li>Configuring the anti-spam components </li></ul>
  3. 3. Agenda <ul><li>Review </li></ul><ul><li>Introduction to Anti-Spam Management </li></ul><ul><li>Understanding Individual Components </li></ul>
  4. 4. Deploying the Edge Transport Server <ul><li>Message journaling requirements </li></ul><ul><li>Malicious software scanning approaches </li></ul><ul><li>Message storage requirements </li></ul><ul><li>Message processing throughput </li></ul>Which of the following is not a key consideration when planning for an Edge Transport server?
  5. 5. Deploying the Edge Transport Server <ul><li>SMTP Port 25 </li></ul><ul><li>LDAP Port 50636 </li></ul><ul><li>RDP Port 3389 </li></ul><ul><li>All of the above </li></ul>When securing the Edge Transport server, what ports should be open on the Internet facing network adapter?
  6. 6. Deploying the Edge Transport Server <ul><li>SMTP Port 25 </li></ul><ul><li>LDAP Port 50636 </li></ul><ul><li>RDP Port 3389 </li></ul><ul><li>All of the above </li></ul>When securing the Edge Transport server, what ports should be open on the Corporate facing network adapter?
  7. 7. Configuring Internet Message Delivery <ul><li>Active Directory </li></ul><ul><li>Exchange mailbox database </li></ul><ul><li>Exchange storage group </li></ul><ul><li>Active Directory Application Mode (ADAM) </li></ul>Where is the recipient and configuration data stored for Exchange Server 2007?
  8. 8. Configuring Internet Message Delivery <ul><li>Connection filtering </li></ul><ul><li>Sender filtering </li></ul><ul><li>Recipient filtering </li></ul><ul><li>Content filtering </li></ul>Which of the following examines the remote IP address of an inbound message to filter spam attacks?
  9. 9. Configuring Internet Message Delivery <ul><li>Connection filtering </li></ul><ul><li>Sender filtering </li></ul><ul><li>Content filtering </li></ul><ul><li>All of the above </li></ul>Which of the following uses Microsoft SmartScreen ® technology with the Intelligent Message Filter?
  10. 10. Agenda <ul><li>Review </li></ul><ul><li>Introduction to Anti-Spam Management </li></ul><ul><li>Understanding Individual Components </li></ul>
  11. 11. Exchange Server 2007 Anti-Spam Functionality Connection filtering Sender filtering Recipient filtering Sender ID filtering Content filtering Sender reputation filtering Attachment filtering Outlook junk e-mail filtering
  12. 12. Anti-Spam Mail Flow Connection filtering Sender and recipient filtering Sender ID filtering Content filtering Outlook junk e-mail filtering
  13. 13. The Defense-in-Depth Approach Perimeter Firewall Edge Transport Server Interior Firewall Hub Transport Server Mailbox Server Client Access Server Outlook E-mail Filtering
  14. 14. Introduction to Anti-Spam Management <ul><li>Sender reputation filtering </li></ul><ul><li>Recipient ID filtering </li></ul><ul><li>Attachment filtering </li></ul><ul><li>Connection filtering </li></ul>Q1: Which of the following is not a type of Exchange Server 2007 anti-spam filtering?
  15. 15. Introduction to Anti-Spam Management <ul><li>Connection filtering </li></ul><ul><li>Sender ID filtering </li></ul><ul><li>Content filtering </li></ul><ul><li>Outlook junk e-mail filtering </li></ul>Q2: Which anti-spam filtering feature includes the spam quarantine?
  16. 16. Introduction to Anti-Spam Management <ul><li>Perimeter firewall </li></ul><ul><li>Edge Transport server </li></ul><ul><li>Internal firewall </li></ul><ul><li>Connection filtering </li></ul>Q3: What is considered the first line of defense against spam attacks?
  17. 17. Agenda <ul><li>Review </li></ul><ul><li>Introduction to Anti-Spam Management </li></ul><ul><li>Understanding Individual Components </li></ul>
  18. 18. Connection Filtering Yes Yes No Yes Yes IP allow list IP block list Safe provider list RBL No No No
  19. 19. Sender and Recipient Filtering Delete message Reject via SMTP Yes Yes On sender filter list On recipient block list No No
  20. 20. Sender ID Filtering Delete message Filter message No Yes No From blocked domain Allow sender ID failed On blocked sender list Yes No Yes Query SPF on sender’s DNS DNS
  21. 21. Content Filtering Delete message Reject via SMTP Send to spam quarantine mailbox Microsoft update No No Yes Yes SCL exceeds deletion SCL exceeds rejection No Apply content filter Assign SCL rating Yes SCL exceeds quarantine Safelist Aggregation
  22. 22. <ul><li>Configuring Anti-Spam Filters </li></ul><ul><ul><li>Configure connection filtering </li></ul></ul><ul><ul><li>Configure sender and recipient filtering </li></ul></ul><ul><ul><li>Configure sender ID filtering </li></ul></ul>demonstration
  23. 23. Exchange Server Hosted Filtering Illegitimate senders Spam quarantine Directory service Exchange hosted filtering
  24. 24. Other Strategies and Techniques Sender reputation filtering Attachment filtering Spam quarantine Outlook junk e-mail filtering
  25. 25. <ul><li>Enabling Hub Transport Filtering </li></ul><ul><ul><li>Set the Hub Transport to receive e-mail </li></ul></ul><ul><ul><li>Set the Hub Transport to manage spam </li></ul></ul>demonstration
  26. 26. Understanding Individual Components <ul><li>IP Allow List </li></ul><ul><li>Safe Provider List </li></ul><ul><li>Real-time Block List </li></ul><ul><li>Spam Quarantine List </li></ul>Q1: Which of the following is not a feature of connection filtering?
  27. 27. Understanding Individual Components <ul><li>Connection filtering </li></ul><ul><li>Sender filtering </li></ul><ul><li>Sender ID filtering </li></ul><ul><li>Sender reputation filtering </li></ul>Q2: Which of the following filters do not query outside servers or services?
  28. 28. Understanding Individual Components <ul><li>Sender filtering </li></ul><ul><li>Sender ID filtering </li></ul><ul><li>Content filtering </li></ul><ul><li>Sender reputation filtering </li></ul>Q3: Which of the following component level filtering includes safelist aggregation?
  29. 29. Session Summary <ul><li>Understanding anti-spam functionality </li></ul><ul><li>Fighting spam with defense-in-depth </li></ul><ul><li>Understanding the eight anti-spam filters </li></ul>
  30. 30. Questions and Answers <ul><li>Submit text questions using the “Ask” button. </li></ul><ul><li>Don’t forget to fill out the survey. </li></ul><ul><li>For upcoming and previously live webcasts: www.microsoft.com/webcasts </li></ul><ul><li>Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781 </li></ul><ul><li>Today's webcast was presented using Microsoft ® Office Live Meeting. Get a free 14-day trial by visiting: www.microsoft.com/presentlive   </li></ul>

×