Post on 09-May-2015
description
24 Hours of Exchange Server 2007 24 Hours of Exchange Server 2007 (Part 13 of 24): Maintaining Anti-(Part 13 of 24): Maintaining Anti-Spam SystemsSpam Systems
Harold Wongharold.wong@microsoft.comblogs.technet.com/haroldwong
Audio: please try Streaming Internet Audio firstIf that doesn’t work, use:
(800) 618-7506: Pin 5800
What We Will CoverWhat We Will Cover
• Understanding anti-spam functionalityUnderstanding anti-spam functionality
• Deploying a defense-in-depth approach Deploying a defense-in-depth approach
• Configuring the anti-spam componentsConfiguring the anti-spam components
AgendaAgenda
• ReviewReview
• Introduction to Anti-Spam ManagementIntroduction to Anti-Spam Management
• Understanding Individual ComponentsUnderstanding Individual Components
Deploying the Edge Transport Deploying the Edge Transport ServerServer
1.1. Message journaling requirementsMessage journaling requirements
2.2. Malicious software scanning approachesMalicious software scanning approaches
3.3. Message storage requirementsMessage storage requirements
4.4. Message processing throughputMessage processing throughput
Which of the following is not a key considerationwhen planning for an Edge Transport server?
Deploying the Edge Transport Deploying the Edge Transport ServerServer
1.1. SMTP Port 25SMTP Port 25
2.2. LDAP Port 50636LDAP Port 50636
3.3. RDP Port 3389RDP Port 3389
4.4. All of the aboveAll of the above
When securing the Edge Transport server, what ports should be open on the Internet facingnetwork adapter?
Deploying the Edge Transport Deploying the Edge Transport ServerServer
1.1. SMTP Port 25SMTP Port 25
2.2. LDAP Port 50636LDAP Port 50636
3.3. RDP Port 3389RDP Port 3389
4.4. All of the aboveAll of the above
When securing the Edge Transport server, what ports should be open on the Corporatefacing network adapter?
Configuring Internet Message Configuring Internet Message DeliveryDelivery
1.1. Active DirectoryActive Directory
2.2. Exchange mailbox databaseExchange mailbox database
3.3. Exchange storage groupExchange storage group
4.4. Active Directory Application Mode (ADAM)Active Directory Application Mode (ADAM)
Where is the recipient and configuration data stored for Exchange Server 2007?
Configuring Internet Message Configuring Internet Message DeliveryDelivery
1.1. Connection filteringConnection filtering
2.2. Sender filteringSender filtering
3.3. Recipient filteringRecipient filtering
4.4. Content filteringContent filtering
Which of the following examines the remote IP address of an inbound message to filter spam attacks?
Configuring Internet Message Configuring Internet Message DeliveryDelivery
1.1. Connection filteringConnection filtering
2.2. Sender filteringSender filtering
3.3. Content filteringContent filtering
4.4. All of the aboveAll of the above
Which of the following uses Microsoft SmartScreen® technology with the Intelligent Message Filter?
AgendaAgenda
• ReviewReview
• Introduction to Anti-Spam ManagementIntroduction to Anti-Spam Management
• Understanding Individual ComponentsUnderstanding Individual Components
Exchange Server 2007 Anti-Exchange Server 2007 Anti-Spam FunctionalitySpam Functionality
Connection filtering Connection filtering
Sender filteringSender filtering
Recipient filteringRecipient filtering
Sender ID filteringSender ID filtering
Content filtering Content filtering
Sender reputation filteringSender reputation filtering
Attachment filteringAttachment filtering
Outlook junk e-mail filtering Outlook junk e-mail filtering
Anti-Spam Mail FlowAnti-Spam Mail Flow
Connection filtering Connection filtering
Sender and recipient filteringSender and recipient filtering
Sender ID filteringSender ID filtering
Content filtering Content filtering
Outlook junk e-mail filtering Outlook junk e-mail filtering
The Defense-in-Depth Approach The Defense-in-Depth Approach
PerimeterPerimeterFirewallFirewall
Edge Edge TransportTransportServerServer
InteriorInteriorFirewallFirewall
HubHubTransportTransportServerServer
MailboxMailboxServerServer
ClientClientAccessAccessServerServer
OutlookOutlookE-mailE-mailFilteringFiltering
Introduction to Anti-Spam Introduction to Anti-Spam ManagementManagement
1.1. Sender reputation filteringSender reputation filtering
2.2. Recipient ID filteringRecipient ID filtering
3.3. Attachment filteringAttachment filtering
4.4. Connection filteringConnection filtering
Q1: Which of the following is not a type of Exchange Server 2007 anti-spam filtering?
Introduction to Anti-Spam Introduction to Anti-Spam ManagementManagement
1.1. Connection filteringConnection filtering
2.2. Sender ID filteringSender ID filtering
3.3. Content filteringContent filtering
4.4. Outlook junk e-mail filteringOutlook junk e-mail filtering
Q2: Which anti-spam filtering feature includes the spam quarantine?
Introduction to Anti-Spam Introduction to Anti-Spam ManagementManagement
1.1. Perimeter firewallPerimeter firewall
2.2. Edge Transport serverEdge Transport server
3.3. Internal firewallInternal firewall
4.4. Connection filteringConnection filtering
Q3: What is considered the first line of defense against spam attacks?
AgendaAgenda
• ReviewReview
• Introduction to Anti-Spam ManagementIntroduction to Anti-Spam Management
• Understanding Individual ComponentsUnderstanding Individual Components
YesYes
No
YesYesYesYes
Connection Filtering Connection Filtering
IPIPallowallowlistlist
IPIPblockblock
listlist
SafeSafeproviderprovider
listlistRBLRBL
No NoNo
Sender and Recipient FilteringSender and Recipient Filtering
YesYesYesYes
OnOnsendersender
filterfilterlistlist
OnOnrecipientrecipient
blockblocklistlist
No No
Delete message Reject via SMTP
Sender ID FilteringSender ID Filtering
No
YesYesNoNo
FromFromblockedblockeddomaindomain
AllowAllowsender IDsender ID
failedfailed
OnOnblockedblockedsendersender
listlist
Yes
No
Delete message Filter message
Yes
Query SPF onQuery SPF onsender’s DNSsender’s DNS
DNS
No No
YesYesYesYes
Content Filtering Content Filtering
SCLSCLexceedsexceedsdeletiondeletion
SCLSCLexceedsexceedsrejectionrejection
No
Apply content filter Apply content filter Assign SCL ratingAssign SCL rating
Delete message Reject via SMTP Send to spam quarantine mailbox
YesYes
SCL SCL exceedsexceeds
quarantinequarantine
Safelist Safelist AggregationAggregation
Microsoftupdate
Configuring Anti-Spam FiltersConfiguring Anti-Spam Filters
Configure connection filteringConfigure connection filtering Configure sender and recipient filteringConfigure sender and recipient filtering Configure sender ID filteringConfigure sender ID filtering
demonstrationdemonstration
DirectoryDirectoryserviceservice
Exchange Server Hosted Exchange Server Hosted Filtering Filtering
Illegitimate sendersIllegitimate senders Spam quarantineSpam quarantine
ExchangeExchangehostedhostedfilteringfiltering
Other Strategies and Techniques Other Strategies and Techniques
Sender reputation filteringSender reputation filtering
Attachment filtering Attachment filtering
Spam quarantineSpam quarantine
Outlook junk e-mail filtering Outlook junk e-mail filtering
Enabling Hub Transport FilteringEnabling Hub Transport Filtering
Set the Hub Transport to receive e-mailSet the Hub Transport to receive e-mail Set the Hub Transport to manage spamSet the Hub Transport to manage spam
demonstrationdemonstration
Understanding Individual Understanding Individual ComponentsComponents
1.1. IP Allow ListIP Allow List
2.2. Safe Provider ListSafe Provider List
3.3. Real-time Block List Real-time Block List
4.4. Spam Quarantine ListSpam Quarantine List
Q1: Which of the following is not a feature of connection filtering?
Understanding Individual Understanding Individual ComponentsComponents
1.1. Connection filteringConnection filtering
2.2. Sender filteringSender filtering
3.3. Sender ID filteringSender ID filtering
4.4. Sender reputation filteringSender reputation filtering
Q2: Which of the following filters do not query outside servers or services?
Understanding Individual Understanding Individual ComponentsComponents
1.1. Sender filteringSender filtering
2.2. Sender ID filteringSender ID filtering
3.3. Content filteringContent filtering
4.4. Sender reputation filteringSender reputation filtering
Q3: Which of the following component level filtering includes safelist aggregation?
Session SummarySession Summary
• Understanding anti-spam functionalityUnderstanding anti-spam functionality
• Fighting spam with defense-in-depthFighting spam with defense-in-depth
• Understanding the eight anti-spam filtersUnderstanding the eight anti-spam filters
Questions and AnswersQuestions and Answers
• Submit text questions using the “Ask” button. Submit text questions using the “Ask” button. • Don’t forget to fill out the survey.Don’t forget to fill out the survey.• For upcoming and previously live webcasts: For upcoming and previously live webcasts:
www.microsoft.com/webcasts
• Got webcast content ideas? Contact us at: Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781
• Today's webcast was presented using MicrosoftToday's webcast was presented using Microsoft®® Office Live Meeting. Get a free 14-day trial by Office Live Meeting. Get a free 14-day trial by visiting: visiting: www.microsoft.com/presentlive