Home > Sample chapters

Microsoft Exchange Server 2007 Security Basics

Junk E-Mail

Junk e-mail is a huge issue. One client with whom this author recently worked installed its first e-mail filtering software and found that it had 46 percent fewer inbound e-mails.

Exchange Server 2007’s new Edge Transport role has new capabilities that can help to significantly reduce the amount of junk e-mail that enters your environment. The Edge Transport role server has the following agents that help to protect your e-mail infrastructure. The information in Table 19-2 is right from Microsoft’s Edge Transport server documentation.

Many of these features are discussed in the next chapter, Chapter 20, “Antivirus and Antispam,” and Chapter 21, “Securing Exchange Server 2007 Messages.”

Table 19-2 Edge Transport Agents

Agent name

Description

Connection Filtering Agent

Performs host IP address filtering based on IP Allow Lists, IP Allow List providers, IP Block Lists, and IP Block List providers.

Address Rewriting Inbound Agent

Modifies recipient SMTP addresses in inbound messages based on predefined address alias information. Address rewriting can be useful in scenarios where an organization wants to hide internal domains.

Edge Rule Agent

Processes all messages received over SMTP to enforce transport rules defined on the Edge Transport server.

Sender ID Agent

Determines whether the sending SMTP host is authorized to send messages for the SMTP domain of the message originator.

Recipient Filter Agent

Verifies that the recipients specified during the SMTP session through the RCPT TO: command are valid and not on the list of blocked SMTP addresses and domains.

Sender Filter Agent

Verifies that the sender specified in the MAIL FROM: command and in the message header is valid and not on the list of blocked SMTP addresses and domains.

Content Filter Agent

Uses Microsoft SmartScreen technology to assess the contents of inbound messages in order to assign an SCL rating for junk email processing based on transport and store thresholds.

Protocol Analysis Agent

Interacts with Connection Filtering, Sender Filtering, Recipient Filtering, and Sender ID agents to determine Sender Reputation Level (SRL) rating and to take action based on rating thresholds.

Attachment Filtering Agent

Filters messages based on attachment file name, file name extension, or MIME content type to block potentially harmful messages or remove critical attachments.

Address Rewriting Outbound Agent

Modifies sender SMTP addresses in outbound messages based on predefined address alias information. Address rewriting can be useful in scenarios where an organization wants to hide internal domains.

Forefront Security for Exchange Routing Agent

Responsible for connecting into the Transport stack to ensure that the scanning process scans messages prior to delivery to Hub Transport servers.