SlideShare a Scribd company logo

Ch06 edge transport

Download as PPTX, PDF
Shane Flooks
Shane Flooks

Develop skills to prepare for installing, configuring and performing ongoing maintenance of a Microsoft Exchange Server 2013 infrastructure. Help prepare for certification exam 70-341. Learn best practices.

Technology
1 of 25
Overview Edge Transport Server Role Edge Transport Server Installation and Synchronization Transport Agent Configuration 2
Edge Transport Server Overview Used to minimize the attack surface by handling all Internet-facing mail flow, providing additional layers of message protection and security. Installed in the network perimeter, and is not joined to the internal organization’s AD forest. Mail flow and recipient data is synchronized from the MB server to the Edge Transport server using EdgeSync. Install multiple ET servers for high availability. External MX records point to the ET servers. 3
ET Scenarios Internet mail flow ◦ Accepts mail from the Internet protecting the internal MB and CAS servers. ◦ Mail flows from the Internet to  ET  MB  CAS when the roles are separately installed. ◦ Mail flows from the Internet to  ET  FrontEnd Transport (FET) on CAS  Transport service on MB when CAS/MB are installed on the same server. Anti-spam and antivirus protection ◦ Blocks viruses and unsolicited email. Edge Transport rules ◦ Used to control the flow of messages by applying an action to messages meeting specified conditions. Address rewriting ◦ Presents a consistent email address appearance to external recipients. 4
Edge Transport Topology 5
Edge Transport Setup Support for Exchange 2013 Edge Transport started with SP1 Requirements ◦ x64 CPU, 4 GB RAM ◦ Preferred DNS set to the internal DNS server ◦ Standalone server ◦ DNS name suffix for the internal domain ◦ MB and ET servers must be able to locate each other using DNS name resolution ◦ ADLDS 6
Edge Transport Setup Once the Edge is installed you must create an Edge subscription file. This file is valid for 24 hours. Copy the Edge Subscription file to one of the mailbox servers in your site and run the following cmdlet to begin Edge synchronization. 7
Edge Transport Setup Start the Edge Synchronization process using the Start-EdgeSynchronization cmdlet on the MB server. Your Edge server is completely functional once Edge Synchronization has completed. Future changes to send/receive connectors are still completed on the MB server and then synchronized to the Edge server. Future synchronizations occur on a schedule: ◦ Configuration data: 3 minutes ◦ Recipient data: 5 minutes ◦ Topology data: 5 minutes 8
Transport Agents Inbound SMTP messages are processed for message hygiene by the ET server in a specific order using transport agents. All management is performed using EMS. 9
Connection Filtering Agents Connection filtering is an anti-spam feature available when using an Exchange 2013 Edge Transport server. ◦ IP Block List ◦ IP Block List Providers ◦ IP Allow List ◦ IP Allow List Providers Check to ensure the block list transport agent is configured. 10
Connection Filtering - IP Allow List The IP Allow list contains the IP addresses of email servers that you want to designate as trustworthy sources of email. ◦ You manually maintain the IP addresses in the IP Allow list. ◦ You can add individual IP addresses or IP address ranges. ◦ You can specify an expiration time that specifies how long the IP address entry will be allowed. When the expiration time is reached, the entry in the IP Allow list is disabled. ◦ Email from mail servers that you specify in the IP Allow list is exempt from processing by other Exchange anti-spam agents. 11
Connection Filtering - IP Allow List Adding a specific whitelist entry the Edge server will rate messages from the IP with a spam confidence level (SCL) of -1. Note that the command was entered at the Edge server, this is a requirement for the cmdlet to work. Message details before and after the IP allow list entry. 12
Connection Filtering - IP Block List 13
Sender Filtering You can select a specific sender or block entire domains including their subdomains. 14
Recipient Filtering Configures Exchange to only accept messages for existing recipients in your organization. Enabled using the “AddressBookEnabled” property on an Accepted Domain. By default, this is enabled on all authoritative accepted domains and disabled for internal and external relay domains. Check the AddressBookEnabled property using: 15 Although the Recipient Filter agent is also available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected. https://technet.microsoft.com/en-us/library/jj218660(v=exchg.150).aspx
Recipient Filtering Block specific recipients within your organization from receiving email using: The cmdlet displayed above also requires BlockListEnabled to be set to true. 16
Sender ID Filtering DNS-based filtering where the Exchange server checks for Sender Policy Framework (SPF) DNS records for the sending organization. Spoofing is assumed if no SPF record is found. 17 Set-SenderIDConfig –SpoofedDomainAction Reject –BypassedDomains Microsoft.com
Content Filtering Filter and delete incoming messages based on keywords. Works with the Spam Confidence Level (SCL) to identify the likelihood of spam. The SCL is from 0-9 where 9 is most likely spam. 18
Sender Reputation Uses a non-configurable protocol analysis agent to analyze statistics from SMTP senders. SRL is maintained in memory and restarts when the Edge Transport server’s transport service is restarted. Sender Reputation Level (SRL) is calculated based on: ◦ EHLO/HELO analysis ◦ Reverse DNS lookup ◦ SCL ratings of a particular sender ◦ Open proxy test on the sending SMTP serer The SRL is a rating from 0-9 where 9 is most likely to be spam. Reputation begins at 0 and begins checking the SRL after receiving 20 messages. SRL threshold is set to 7 by default. https://technet.microsoft.com/en-us/library/bb124512%28v=exchg.150%29.aspx 19 Error in Apress Pro Exchange 2013 SP1 PowerShell Administration has the SRL ratings reversed: Pg. 294
Spam Confidence Levels (SCL) The SCL is stamped in the X-header of each message. A rating from -1 to 9 is interpreted by filters and the default action is taken on inbound messages. Note that a -1 doesn’t guarantee a message won’t be denied as a deny from another transport agent could still be applied. 20 SCL Rating Spam Confidence Interpretation Default Action -1 Non-spam coming from a safe sender, safe recipient, or safe listed IP address (trusted partner) Deliver the message to the recipients’ inbox. 0, 1 Non-spam because the message was scanned and determined to be clean Deliver the message to the recipients’ inbox. 5, 6 Spam Deliver the message to the recipients’ Junk Email folder. 9 High confidence spam Deliver the message to the recipients’ Junk Email folder.
Import/Export Edge Configuration Configuration of Edge Transports servers is local and not shared among ET servers. Multiple ET servers can be configured using cloned configuration during the installation of the ET server role. The exported configuration can also serve as a backup configuration during recovery. Subsequent changes will need to be made independently. Generate the clone data xml file: Copy the xml file to the new Edge Transport server and import the clone data prior to configuring the edge subscription using: 21 .ExportEdgeConfig.ps1 –CloneConfigData:”C:TempEdgeClonedConfig.xml” .ImportEdgeConfig.ps1 –CloneConfigData:”C:TempEdgeClonedConfig.xml” –IsImport $true – CloneConfigAnswer:”C:TempCloneAnswerFile.xml”
Load Balancing Traffic between Edge Transport servers and the internal Exchange 2013 mailbox servers (in the same site as the ET server) is automatically load balanced using a round-robin mechanism and vice versa. Inbound traffic from the Internet to the Edge Transport servers is load balanced using multiple MX records with weighting or a single MX record pointing to a load balancer. 22
Anti-Malware The Edge Transport server doesn’t provide any anti-malware or anti-virus, instead this is offered using message hygiene services in the cloud – Microsoft Exchange Online Protection. The Mailbox Server role however comes with a default anti-malware engine that can perform content scanning for viruses, scanning all inbound and outbound messages in transit. Malware definition files are downloaded once per hour or can be downloaded manually. Mailbox server antivirus is enabled by default. 23
Address Rewriting Addresses can be rewritten at the Edge Transport server so that they appear to be coming from a different domain. This is useful when you have a primary Active Directory domain and multiple subdomains. ◦ For instance, recipients sending emails from the subdomain sales.contoso.com can have their address rewritten removing the sales domain. This provides a consistent email address for all employees. Configuration is only completed using EMS on the ET server. Must configure both the Address Rewriting Outbound agent and the Address Rewriting Inbound agents on the ET server when you have more than a single recipient or domain. 24
References Microsoft TechNet: Exchange Server 2013 Prerequisites ◦ https://technet.microsoft.com/en-CA/library/bb691354%28v=exchg.150%29.aspx#WS2012Edge Microsoft TechNet: Edge Transport servers ◦ https://technet.microsoft.com/en-us/library/bb124701(v=exchg.150).aspx Microsoft TechNet: Manage Connection Filtering on Edge Transport Servers ◦ https://technet.microsoft.com/en-us/library/bb124376(v=exchg.150).aspx 25

Recommended

Ch05 high availability
Ch05 high availabilityCh05 high availability
Ch05 high availabilityShane Flooks
 
Ch03 cas
Ch03 casCh03 cas
Ch03 casShane Flooks
 
Exchange 2013 Architecture Details
Exchange 2013 Architecture DetailsExchange 2013 Architecture Details
Exchange 2013 Architecture DetailsHuy Phạm
 
Microsoft exchange server 2013 installation steps
Microsoft exchange server 2013 installation stepsMicrosoft exchange server 2013 installation steps
Microsoft exchange server 2013 installation stepssebin246
 
Exchange 2013 Migration & Coexistence
Exchange 2013 Migration & CoexistenceExchange 2013 Migration & Coexistence
Exchange 2013 Migration & CoexistenceMicrosoft Technet France
 
10135 a 07
10135 a 0710135 a 07
10135 a 07Bố Su
 
Clustering of Exchnage server
Clustering of Exchnage serverClustering of Exchnage server
Clustering of Exchnage serverLohit Ahuja
 
Exchange 2010 Poster
Exchange 2010 PosterExchange 2010 Poster
Exchange 2010 PosterPaulo Freitas
 

Recommended

Ch05 high availability
Ch05 high availabilityCh05 high availability
Ch05 high availabilityShane Flooks
 
Ch03 cas
Ch03 casCh03 cas
Ch03 casShane Flooks
 
Exchange 2013 Architecture Details
Exchange 2013 Architecture DetailsExchange 2013 Architecture Details
Exchange 2013 Architecture DetailsHuy Phạm
 
Microsoft exchange server 2013 installation steps
Microsoft exchange server 2013 installation stepsMicrosoft exchange server 2013 installation steps
Microsoft exchange server 2013 installation stepssebin246
 
Exchange 2013 Migration & Coexistence
Exchange 2013 Migration & CoexistenceExchange 2013 Migration & Coexistence
Exchange 2013 Migration & CoexistenceMicrosoft Technet France
 
10135 a 07
10135 a 0710135 a 07
10135 a 07Bố Su
 
Clustering of Exchnage server
Clustering of Exchnage serverClustering of Exchnage server
Clustering of Exchnage serverLohit Ahuja
 
Exchange 2010 Poster
Exchange 2010 PosterExchange 2010 Poster
Exchange 2010 PosterPaulo Freitas
 
clustering and load balancing
clustering and load balancingclustering and load balancing
clustering and load balancingPrabhat gangwar
 
Http2
Http2Http2
Http2Islam Gamal
 
TechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web AccessTechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web AccessMicrosoft TechNet
 
Exl393 exchange 2013 architecture schnoll (rm221)
Exl393 exchange 2013 architecture schnoll (rm221)Exl393 exchange 2013 architecture schnoll (rm221)
Exl393 exchange 2013 architecture schnoll (rm221)Khalid Al-Ghamdi
 
Exchange 2013 Architecture Poster
Exchange 2013 Architecture PosterExchange 2013 Architecture Poster
Exchange 2013 Architecture PosterRian Yulian
 
Web server administration
Web server administrationWeb server administration
Web server administrationsawsan slii
 
10135 b 11
10135 b 1110135 b 11
10135 b 11Wichien Saisorn
 
Mule enricher component
Mule enricher component Mule enricher component
Mule enricher component Gandham38
 
Web technology Unit-I Part D - message format
Web technology Unit-I Part D - message formatWeb technology Unit-I Part D - message format
Web technology Unit-I Part D - message formatSSN College of Engineering, Kalavakkam
 
24 Hours Of Exchange Server 2007 ( Part 7 Of 24)
24 Hours Of Exchange Server 2007 ( Part 7 Of 24)24 Hours Of Exchange Server 2007 ( Part 7 Of 24)
24 Hours Of Exchange Server 2007 ( Part 7 Of 24)guestef2a2b
 
Web server
Web serverWeb server
Web serverTouhid Arastu
 
Cryoserver Configuring Groupwise
Cryoserver Configuring GroupwiseCryoserver Configuring Groupwise
Cryoserver Configuring Groupwisecryoserver
 
Http/2
Http/2Http/2
Http/2GeekNightHyderabad
 
Upgrading to Exchange 2016
Upgrading to Exchange 2016Upgrading to Exchange 2016
Upgrading to Exchange 2016Thomas Stensitzki
 
The constrained application protocol (co ap) implementation-part5
The constrained application protocol (co ap) implementation-part5The constrained application protocol (co ap) implementation-part5
The constrained application protocol (co ap) implementation-part5Hamdamboy (함담보이)
 
UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...
UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...
UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...Louis Göhl
 
Mail server
Mail serverMail server
Mail serverPatruni Chidananda Sastry
 
HyperText Transfer Protocol
HyperText Transfer ProtocolHyperText Transfer Protocol
HyperText Transfer Protocolponduse
 
1.0 vs2.0
1.0 vs2.01.0 vs2.0
1.0 vs2.0Ramnaresh Mantri
 
File Sever
File SeverFile Sever
File SeverJagdeep Singh Malhi
 
10135 a 06
10135 a 0610135 a 06
10135 a 06Bố Su
 
IBM SmartCloud Notes Mail Routing - 21st Oct
IBM SmartCloud Notes Mail Routing - 21st OctIBM SmartCloud Notes Mail Routing - 21st Oct
IBM SmartCloud Notes Mail Routing - 21st OctVinayak Tavargeri
 

More Related Content

What's hot

clustering and load balancing
clustering and load balancingclustering and load balancing
clustering and load balancingPrabhat gangwar
 
TechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web AccessTechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web AccessMicrosoft TechNet
 
Exl393 exchange 2013 architecture schnoll (rm221)
Exl393 exchange 2013 architecture schnoll (rm221)Exl393 exchange 2013 architecture schnoll (rm221)
Exl393 exchange 2013 architecture schnoll (rm221)Khalid Al-Ghamdi
 
Exchange 2013 Architecture Poster
Exchange 2013 Architecture PosterExchange 2013 Architecture Poster
Exchange 2013 Architecture PosterRian Yulian
 
Web server administration
Web server administrationWeb server administration
Web server administrationsawsan slii
 
Mule enricher component
Mule enricher component Mule enricher component
Mule enricher component Gandham38
 
24 Hours Of Exchange Server 2007 ( Part 7 Of 24)
24 Hours Of Exchange Server 2007 ( Part 7 Of 24)24 Hours Of Exchange Server 2007 ( Part 7 Of 24)
24 Hours Of Exchange Server 2007 ( Part 7 Of 24)guestef2a2b
 
Cryoserver Configuring Groupwise
Cryoserver Configuring GroupwiseCryoserver Configuring Groupwise
Cryoserver Configuring Groupwisecryoserver
 
The constrained application protocol (co ap) implementation-part5
The constrained application protocol (co ap) implementation-part5The constrained application protocol (co ap) implementation-part5
The constrained application protocol (co ap) implementation-part5Hamdamboy (함담보이)
 
UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...
UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...
UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...Louis Göhl
 
HyperText Transfer Protocol
HyperText Transfer ProtocolHyperText Transfer Protocol
HyperText Transfer Protocolponduse
 

What's hot (20)

clustering and load balancing
clustering and load balancingclustering and load balancing
clustering and load balancing
 
Http2
Http2Http2
Http2
 
TechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web AccessTechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web Access
 
Exl393 exchange 2013 architecture schnoll (rm221)
Exl393 exchange 2013 architecture schnoll (rm221)Exl393 exchange 2013 architecture schnoll (rm221)
Exl393 exchange 2013 architecture schnoll (rm221)
 
Exchange 2013 Architecture Poster
Exchange 2013 Architecture PosterExchange 2013 Architecture Poster
Exchange 2013 Architecture Poster
 
Web server administration
Web server administrationWeb server administration
Web server administration
 
10135 b 11
10135 b 1110135 b 11
10135 b 11
 
Mule enricher component
Mule enricher component Mule enricher component
Mule enricher component
 
Web technology Unit-I Part D - message format
Web technology Unit-I Part D - message formatWeb technology Unit-I Part D - message format
Web technology Unit-I Part D - message format
 
24 Hours Of Exchange Server 2007 ( Part 7 Of 24)
24 Hours Of Exchange Server 2007 ( Part 7 Of 24)24 Hours Of Exchange Server 2007 ( Part 7 Of 24)
24 Hours Of Exchange Server 2007 ( Part 7 Of 24)
 
Web server
Web serverWeb server
Web server
 
Cryoserver Configuring Groupwise
Cryoserver Configuring GroupwiseCryoserver Configuring Groupwise
Cryoserver Configuring Groupwise
 
Http/2
Http/2Http/2
Http/2
 
Upgrading to Exchange 2016
Upgrading to Exchange 2016Upgrading to Exchange 2016
Upgrading to Exchange 2016
 
The constrained application protocol (co ap) implementation-part5
The constrained application protocol (co ap) implementation-part5The constrained application protocol (co ap) implementation-part5
The constrained application protocol (co ap) implementation-part5
 
UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...
UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...
UNC309 - Getting the Most out of Microsoft Exchange Server 2010: Performance ...
 
Mail server
Mail serverMail server
Mail server
 
HyperText Transfer Protocol
HyperText Transfer ProtocolHyperText Transfer Protocol
HyperText Transfer Protocol
 
1.0 vs2.0
1.0 vs2.01.0 vs2.0
1.0 vs2.0
 
File Sever
File SeverFile Sever
File Sever
 

Similar to Ch06 edge transport

10135 a 06
10135 a 0610135 a 06
10135 a 06Bố Su
 
IBM SmartCloud Notes Mail Routing - 21st Oct
IBM SmartCloud Notes Mail Routing - 21st OctIBM SmartCloud Notes Mail Routing - 21st Oct
IBM SmartCloud Notes Mail Routing - 21st OctVinayak Tavargeri
 
10135 a 05
10135 a 0510135 a 05
10135 a 05Bố Su
 
Intranet Messaging Project Report -phpapp02
Intranet Messaging Project Report -phpapp02Intranet Messaging Project Report -phpapp02
Intranet Messaging Project Report -phpapp02dvicky12
 
Getting Started in Zimbra Collaboration-Day2.pptx
Getting Started in Zimbra Collaboration-Day2.pptxGetting Started in Zimbra Collaboration-Day2.pptx
Getting Started in Zimbra Collaboration-Day2.pptxNajoejoe
 
DSNs & X.400 assist in ensuring email reliability
DSNs & X.400 assist in ensuring email reliabilityDSNs & X.400 assist in ensuring email reliability
DSNs & X.400 assist in ensuring email reliabilityIOSR Journals
 
DSNs & X.400 assist in ensuring email reliability
DSNs & X.400 assist in ensuring email reliabilityDSNs & X.400 assist in ensuring email reliability
DSNs & X.400 assist in ensuring email reliabilityIOSR Journals
 
window server 2008 mail configuration
window server 2008 mail configurationwindow server 2008 mail configuration
window server 2008 mail configurationanwarkade1
 
3150710_CN_GTU_Study_Material_Presentations_Unit-2_13082021073829PM.pdf
3150710_CN_GTU_Study_Material_Presentations_Unit-2_13082021073829PM.pdf3150710_CN_GTU_Study_Material_Presentations_Unit-2_13082021073829PM.pdf
3150710_CN_GTU_Study_Material_Presentations_Unit-2_13082021073829PM.pdfKrishnaShah908060
 
CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015 CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015 CoLaboraDK
 
Arun prjct dox
Arun prjct doxArun prjct dox
Arun prjct doxBaig Mirza
 
How to deploy Exchange Online Protection
How to deploy Exchange Online ProtectionHow to deploy Exchange Online Protection
How to deploy Exchange Online ProtectionPeter Schmidt
 
Ch02 installing exchange
Ch02 installing exchangeCh02 installing exchange
Ch02 installing exchangeShane Flooks
 

Similar to Ch06 edge transport (20)

10135 a 06
10135 a 0610135 a 06
10135 a 06
 
IBM SmartCloud Notes Mail Routing - 21st Oct
IBM SmartCloud Notes Mail Routing - 21st OctIBM SmartCloud Notes Mail Routing - 21st Oct
IBM SmartCloud Notes Mail Routing - 21st Oct
 
10135 a 05
10135 a 0510135 a 05
10135 a 05
 
How Email Works
How Email WorksHow Email Works
How Email Works
 
Intranet Messaging Project Report -phpapp02
Intranet Messaging Project Report -phpapp02Intranet Messaging Project Report -phpapp02
Intranet Messaging Project Report -phpapp02
 
Getting Started in Zimbra Collaboration-Day2.pptx
Getting Started in Zimbra Collaboration-Day2.pptxGetting Started in Zimbra Collaboration-Day2.pptx
Getting Started in Zimbra Collaboration-Day2.pptx
 
10135 b 06
10135 b 0610135 b 06
10135 b 06
 
DSNs & X.400 assist in ensuring email reliability
DSNs & X.400 assist in ensuring email reliabilityDSNs & X.400 assist in ensuring email reliability
DSNs & X.400 assist in ensuring email reliability
 
DSNs & X.400 assist in ensuring email reliability
DSNs & X.400 assist in ensuring email reliabilityDSNs & X.400 assist in ensuring email reliability
DSNs & X.400 assist in ensuring email reliability
 
B017211114
B017211114B017211114
B017211114
 
Linux10 sendmail
Linux10 sendmailLinux10 sendmail
Linux10 sendmail
 
window server 2008 mail configuration
window server 2008 mail configurationwindow server 2008 mail configuration
window server 2008 mail configuration
 
3150710_CN_GTU_Study_Material_Presentations_Unit-2_13082021073829PM.pdf
3150710_CN_GTU_Study_Material_Presentations_Unit-2_13082021073829PM.pdf3150710_CN_GTU_Study_Material_Presentations_Unit-2_13082021073829PM.pdf
3150710_CN_GTU_Study_Material_Presentations_Unit-2_13082021073829PM.pdf
 
CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015 CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015
 
Arun prjct dox
Arun prjct doxArun prjct dox
Arun prjct dox
 
How to deploy Exchange Online Protection
How to deploy Exchange Online ProtectionHow to deploy Exchange Online Protection
How to deploy Exchange Online Protection
 
Electronic Mail
Electronic MailElectronic Mail
Electronic Mail
 
Lab08Email
Lab08EmailLab08Email
Lab08Email
 
Ch02 installing exchange
Ch02 installing exchangeCh02 installing exchange
Ch02 installing exchange
 
Internet mail server
Internet mail server Internet mail server
Internet mail server
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Ch06 edge transport

  • 1.
  • 2. Overview Edge Transport Server Role Edge Transport Server Installation and Synchronization Transport Agent Configuration 2
  • 3. Edge Transport Server Overview Used to minimize the attack surface by handling all Internet-facing mail flow, providing additional layers of message protection and security. Installed in the network perimeter, and is not joined to the internal organization’s AD forest. Mail flow and recipient data is synchronized from the MB server to the Edge Transport server using EdgeSync. Install multiple ET servers for high availability. External MX records point to the ET servers. 3
  • 4. ET Scenarios Internet mail flow ◦ Accepts mail from the Internet protecting the internal MB and CAS servers. ◦ Mail flows from the Internet to  ET  MB  CAS when the roles are separately installed. ◦ Mail flows from the Internet to  ET  FrontEnd Transport (FET) on CAS  Transport service on MB when CAS/MB are installed on the same server. Anti-spam and antivirus protection ◦ Blocks viruses and unsolicited email. Edge Transport rules ◦ Used to control the flow of messages by applying an action to messages meeting specified conditions. Address rewriting ◦ Presents a consistent email address appearance to external recipients. 4
  • 6. Edge Transport Setup Support for Exchange 2013 Edge Transport started with SP1 Requirements ◦ x64 CPU, 4 GB RAM ◦ Preferred DNS set to the internal DNS server ◦ Standalone server ◦ DNS name suffix for the internal domain ◦ MB and ET servers must be able to locate each other using DNS name resolution ◦ ADLDS 6
  • 7. Edge Transport Setup Once the Edge is installed you must create an Edge subscription file. This file is valid for 24 hours. Copy the Edge Subscription file to one of the mailbox servers in your site and run the following cmdlet to begin Edge synchronization. 7
  • 8. Edge Transport Setup Start the Edge Synchronization process using the Start-EdgeSynchronization cmdlet on the MB server. Your Edge server is completely functional once Edge Synchronization has completed. Future changes to send/receive connectors are still completed on the MB server and then synchronized to the Edge server. Future synchronizations occur on a schedule: ◦ Configuration data: 3 minutes ◦ Recipient data: 5 minutes ◦ Topology data: 5 minutes 8
  • 9. Transport Agents Inbound SMTP messages are processed for message hygiene by the ET server in a specific order using transport agents. All management is performed using EMS. 9
  • 10. Connection Filtering Agents Connection filtering is an anti-spam feature available when using an Exchange 2013 Edge Transport server. ◦ IP Block List ◦ IP Block List Providers ◦ IP Allow List ◦ IP Allow List Providers Check to ensure the block list transport agent is configured. 10
  • 11. Connection Filtering - IP Allow List The IP Allow list contains the IP addresses of email servers that you want to designate as trustworthy sources of email. ◦ You manually maintain the IP addresses in the IP Allow list. ◦ You can add individual IP addresses or IP address ranges. ◦ You can specify an expiration time that specifies how long the IP address entry will be allowed. When the expiration time is reached, the entry in the IP Allow list is disabled. ◦ Email from mail servers that you specify in the IP Allow list is exempt from processing by other Exchange anti-spam agents. 11
  • 12. Connection Filtering - IP Allow List Adding a specific whitelist entry the Edge server will rate messages from the IP with a spam confidence level (SCL) of -1. Note that the command was entered at the Edge server, this is a requirement for the cmdlet to work. Message details before and after the IP allow list entry. 12
  • 13. Connection Filtering - IP Block List 13
  • 14. Sender Filtering You can select a specific sender or block entire domains including their subdomains. 14
  • 15. Recipient Filtering Configures Exchange to only accept messages for existing recipients in your organization. Enabled using the “AddressBookEnabled” property on an Accepted Domain. By default, this is enabled on all authoritative accepted domains and disabled for internal and external relay domains. Check the AddressBookEnabled property using: 15 Although the Recipient Filter agent is also available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected. https://technet.microsoft.com/en-us/library/jj218660(v=exchg.150).aspx
  • 16. Recipient Filtering Block specific recipients within your organization from receiving email using: The cmdlet displayed above also requires BlockListEnabled to be set to true. 16
  • 17. Sender ID Filtering DNS-based filtering where the Exchange server checks for Sender Policy Framework (SPF) DNS records for the sending organization. Spoofing is assumed if no SPF record is found. 17 Set-SenderIDConfig –SpoofedDomainAction Reject –BypassedDomains Microsoft.com
  • 18. Content Filtering Filter and delete incoming messages based on keywords. Works with the Spam Confidence Level (SCL) to identify the likelihood of spam. The SCL is from 0-9 where 9 is most likely spam. 18
  • 19. Sender Reputation Uses a non-configurable protocol analysis agent to analyze statistics from SMTP senders. SRL is maintained in memory and restarts when the Edge Transport server’s transport service is restarted. Sender Reputation Level (SRL) is calculated based on: ◦ EHLO/HELO analysis ◦ Reverse DNS lookup ◦ SCL ratings of a particular sender ◦ Open proxy test on the sending SMTP serer The SRL is a rating from 0-9 where 9 is most likely to be spam. Reputation begins at 0 and begins checking the SRL after receiving 20 messages. SRL threshold is set to 7 by default. https://technet.microsoft.com/en-us/library/bb124512%28v=exchg.150%29.aspx 19 Error in Apress Pro Exchange 2013 SP1 PowerShell Administration has the SRL ratings reversed: Pg. 294
  • 20. Spam Confidence Levels (SCL) The SCL is stamped in the X-header of each message. A rating from -1 to 9 is interpreted by filters and the default action is taken on inbound messages. Note that a -1 doesn’t guarantee a message won’t be denied as a deny from another transport agent could still be applied. 20 SCL Rating Spam Confidence Interpretation Default Action -1 Non-spam coming from a safe sender, safe recipient, or safe listed IP address (trusted partner) Deliver the message to the recipients’ inbox. 0, 1 Non-spam because the message was scanned and determined to be clean Deliver the message to the recipients’ inbox. 5, 6 Spam Deliver the message to the recipients’ Junk Email folder. 9 High confidence spam Deliver the message to the recipients’ Junk Email folder.
  • 21. Import/Export Edge Configuration Configuration of Edge Transports servers is local and not shared among ET servers. Multiple ET servers can be configured using cloned configuration during the installation of the ET server role. The exported configuration can also serve as a backup configuration during recovery. Subsequent changes will need to be made independently. Generate the clone data xml file: Copy the xml file to the new Edge Transport server and import the clone data prior to configuring the edge subscription using: 21 .ExportEdgeConfig.ps1 –CloneConfigData:”C:TempEdgeClonedConfig.xml” .ImportEdgeConfig.ps1 –CloneConfigData:”C:TempEdgeClonedConfig.xml” –IsImport $true – CloneConfigAnswer:”C:TempCloneAnswerFile.xml”
  • 22. Load Balancing Traffic between Edge Transport servers and the internal Exchange 2013 mailbox servers (in the same site as the ET server) is automatically load balanced using a round-robin mechanism and vice versa. Inbound traffic from the Internet to the Edge Transport servers is load balanced using multiple MX records with weighting or a single MX record pointing to a load balancer. 22
  • 23. Anti-Malware The Edge Transport server doesn’t provide any anti-malware or anti-virus, instead this is offered using message hygiene services in the cloud – Microsoft Exchange Online Protection. The Mailbox Server role however comes with a default anti-malware engine that can perform content scanning for viruses, scanning all inbound and outbound messages in transit. Malware definition files are downloaded once per hour or can be downloaded manually. Mailbox server antivirus is enabled by default. 23
  • 24. Address Rewriting Addresses can be rewritten at the Edge Transport server so that they appear to be coming from a different domain. This is useful when you have a primary Active Directory domain and multiple subdomains. ◦ For instance, recipients sending emails from the subdomain sales.contoso.com can have their address rewritten removing the sales domain. This provides a consistent email address for all employees. Configuration is only completed using EMS on the ET server. Must configure both the Address Rewriting Outbound agent and the Address Rewriting Inbound agents on the ET server when you have more than a single recipient or domain. 24
  • 25. References Microsoft TechNet: Exchange Server 2013 Prerequisites ◦ https://technet.microsoft.com/en-CA/library/bb691354%28v=exchg.150%29.aspx#WS2012Edge Microsoft TechNet: Edge Transport servers ◦ https://technet.microsoft.com/en-us/library/bb124701(v=exchg.150).aspx Microsoft TechNet: Manage Connection Filtering on Edge Transport Servers ◦ https://technet.microsoft.com/en-us/library/bb124376(v=exchg.150).aspx 25