24 Hours Of Exchange Server 2007 ( Part 13 Of 24)

24 Hours of Exchange Server 2007 24 Hours of Exchange Server 2007 (Part 13 of 24): Maintaining Anti-(Part 13 of 24): Maintaining Anti-Spam SystemsSpam Systems

Harold [email protected]/haroldwong

Audio: please try Streaming Internet Audio firstIf that doesn’t work, use:

(800) 618-7506: Pin 5800

mailto:[email protected]

What We Will CoverWhat We Will Cover

• Understanding anti-spam functionalityUnderstanding anti-spam functionality

• Deploying a defense-in-depth approach Deploying a defense-in-depth approach

• Configuring the anti-spam componentsConfiguring the anti-spam components

AgendaAgenda

• ReviewReview

• Introduction to Anti-Spam ManagementIntroduction to Anti-Spam Management

• Understanding Individual ComponentsUnderstanding Individual Components

Deploying the Edge Transport Deploying the Edge Transport ServerServer

1.1. Message journaling requirementsMessage journaling requirements

2.2. Malicious software scanning approachesMalicious software scanning approaches

3.3. Message storage requirementsMessage storage requirements

4.4. Message processing throughputMessage processing throughput

Which of the following is not a key considerationwhen planning for an Edge Transport server?


1.1. SMTP Port 25SMTP Port 25

2.2. LDAP Port 50636LDAP Port 50636

3.3. RDP Port 3389RDP Port 3389

4.4. All of the aboveAll of the above

When securing the Edge Transport server, what ports should be open on the Internet facingnetwork adapter?


1.1. SMTP Port 25SMTP Port 25

2.2. LDAP Port 50636LDAP Port 50636

3.3. RDP Port 3389RDP Port 3389


When securing the Edge Transport server, what ports should be open on the Corporatefacing network adapter?

Configuring Internet Message Configuring Internet Message DeliveryDelivery

1.1. Active DirectoryActive Directory

2.2. Exchange mailbox databaseExchange mailbox database

3.3. Exchange storage groupExchange storage group

4.4. Active Directory Application Mode (ADAM)Active Directory Application Mode (ADAM)

Where is the recipient and configuration data stored for Exchange Server 2007?


1.1. Connection filteringConnection filtering

2.2. Sender filteringSender filtering

3.3. Recipient filteringRecipient filtering

4.4. Content filteringContent filtering

Which of the following examines the remote IP address of an inbound message to filter spam attacks?






Which of the following uses Microsoft SmartScreen® technology with the Intelligent Message Filter?

AgendaAgenda

• ReviewReview



Exchange Server 2007 Anti-Exchange Server 2007 Anti-Spam FunctionalitySpam Functionality

Connection filtering Connection filtering

Sender filteringSender filtering

Recipient filteringRecipient filtering

Sender ID filteringSender ID filtering

Content filtering Content filtering

Sender reputation filteringSender reputation filtering

Attachment filteringAttachment filtering

Outlook junk e-mail filtering Outlook junk e-mail filtering

Anti-Spam Mail FlowAnti-Spam Mail Flow

Connection filtering Connection filtering

Sender and recipient filteringSender and recipient filtering

Sender ID filteringSender ID filtering

Content filtering Content filtering


The Defense-in-Depth Approach The Defense-in-Depth Approach

PerimeterPerimeterFirewallFirewall

Edge Edge TransportTransportServerServer

InteriorInteriorFirewallFirewall

HubHubTransportTransportServerServer

MailboxMailboxServerServer

ClientClientAccessAccessServerServer

OutlookOutlookE-mailE-mailFilteringFiltering

Introduction to Anti-Spam Introduction to Anti-Spam ManagementManagement

1.1. Sender reputation filteringSender reputation filtering

2.2. Recipient ID filteringRecipient ID filtering

3.3. Attachment filteringAttachment filtering


Q1: Which of the following is not a type of Exchange Server 2007 anti-spam filtering?



2.2. Sender ID filteringSender ID filtering


4.4. Outlook junk e-mail filteringOutlook junk e-mail filtering

Q2: Which anti-spam filtering feature includes the spam quarantine?


1.1. Perimeter firewallPerimeter firewall

2.2. Edge Transport serverEdge Transport server

3.3. Internal firewallInternal firewall


Q3: What is considered the first line of defense against spam attacks?

AgendaAgenda

• ReviewReview



YesYes

No

YesYesYesYes

Connection Filtering Connection Filtering

IPIPallowallowlistlist

IPIPblockblock

listlist

SafeSafeproviderprovider

listlistRBLRBL

No NoNo

Sender and Recipient FilteringSender and Recipient Filtering

YesYesYesYes

OnOnsendersender

filterfilterlistlist

OnOnrecipientrecipient

blockblocklistlist

No No

Delete message Reject via SMTP

Sender ID FilteringSender ID Filtering

No

YesYesNoNo

FromFromblockedblockeddomaindomain

AllowAllowsender IDsender ID

failedfailed

OnOnblockedblockedsendersender

listlist

Yes

No

Delete message Filter message

Yes

Query SPF onQuery SPF onsender’s DNSsender’s DNS

DNS

No No

YesYesYesYes

Content Filtering Content Filtering

SCLSCLexceedsexceedsdeletiondeletion

SCLSCLexceedsexceedsrejectionrejection

No

Apply content filter Apply content filter Assign SCL ratingAssign SCL rating

Delete message Reject via SMTP Send to spam quarantine mailbox

YesYes

SCL SCL exceedsexceeds

quarantinequarantine

Safelist Safelist AggregationAggregation

Microsoftupdate

Configuring Anti-Spam FiltersConfiguring Anti-Spam Filters

Configure connection filteringConfigure connection filtering Configure sender and recipient filteringConfigure sender and recipient filtering Configure sender ID filteringConfigure sender ID filtering

demonstrationdemonstration

DirectoryDirectoryserviceservice

Exchange Server Hosted Exchange Server Hosted Filtering Filtering

Illegitimate sendersIllegitimate senders Spam quarantineSpam quarantine

ExchangeExchangehostedhostedfilteringfiltering

Other Strategies and Techniques Other Strategies and Techniques

Sender reputation filteringSender reputation filtering

Attachment filtering Attachment filtering

Spam quarantineSpam quarantine


Enabling Hub Transport FilteringEnabling Hub Transport Filtering

Set the Hub Transport to receive e-mailSet the Hub Transport to receive e-mail Set the Hub Transport to manage spamSet the Hub Transport to manage spam

demonstrationdemonstration

Understanding Individual Understanding Individual ComponentsComponents

1.1. IP Allow ListIP Allow List

2.2. Safe Provider ListSafe Provider List

3.3. Real-time Block List Real-time Block List

4.4. Spam Quarantine ListSpam Quarantine List

Q1: Which of the following is not a feature of connection filtering?






Q2: Which of the following filters do not query outside servers or services?






Q3: Which of the following component level filtering includes safelist aggregation?

Session SummarySession Summary

• Understanding anti-spam functionalityUnderstanding anti-spam functionality

• Fighting spam with defense-in-depthFighting spam with defense-in-depth

• Understanding the eight anti-spam filtersUnderstanding the eight anti-spam filters

Questions and AnswersQuestions and Answers

• Submit text questions using the “Ask” button. Submit text questions using the “Ask” button. • Don’t forget to fill out the survey.Don’t forget to fill out the survey.• For upcoming and previously live webcasts: For upcoming and previously live webcasts:

www.microsoft.com/webcasts

• Got webcast content ideas? Contact us at: Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781

• Today's webcast was presented using MicrosoftToday's webcast was presented using Microsoft®® Office Live Meeting. Get a free 14-day trial by Office Live Meeting. Get a free 14-day trial by visiting: visiting: www.microsoft.com/presentlive

http://www.microsoft.com/webcasts

http://go.microsoft.com/fwlink/?LinkId=41781

http://www.microsoft.com/presentlive

24 Hours Of Exchange Server 2007 ( Part 13 Of 24)

Technology

Transcript of 24 Hours Of Exchange Server 2007 ( Part 13 Of 24)