Module 4: Secure Mail Relay
© 2009, Microsoft. All rights reserved. All other trademarks are the property of their respective owners.
Module Overview
Secure Mail Relay overview
Solution components
Deployment considerations
Secure Mail Relay overview
Solution components
Deployment considerations
Lesson 1 – Secure Mail Relay Overview
E-mail Threats
~98% of all e-mail is spam/maliciousOver 400 billion unwanted e-mails in H2 2008
Estimated cost is $130 billionin 2009Causes 90% of NDRsRisk of software vulnerabilities
4
1H06 2H06 1H07 2H07 1H08 2H08
0%
20%
40%
60%
80%
100%
Percentage of incoming messages filtered by Forefront Online Protection for Exchange, 1H06-2H08
5
The SolutionFilter unwanted e-mail as early as possible
Percentage of incoming messages blocked by Forefront™ Protection for Exchange using edge-blocking and content
filtering, 1H06-2H08
1H06 2H06 1H07 2H07 1H08 2H08
0%
20%
40%
60%
80%
100%
Edge Filtered Content Filtered Unfiltered
Mail Protection – ISA Server 2006Simple protocol inspection only
Checks valid commands, maximum length
SMTP ServerExternal Network SMTP Filter
Mail Protection – Forefront Threat Management Gateway
Full featured SMTP hygieneExchange Edge Transport for SMTP stack
Requires valid license
Integrated with Microsoft® Forefront™ Protection 2010 for Exchange Server
AntimalwareAntispamAntiphishing
Also supports generic SMTP mail servers
E-mail Protection FeaturesProtection at the edge
Protects mail at the edge of the organization with Forefront Protection 2010 for Exchange Server
Advanced protection and premium antispamMultiple scan engines to protect against malware and provide a premium antispam solution
Integrated managementEasy management of Microsoft Exchange Server Edge role and Forefront Protection 2010 for Exchange Server through Forefront TMG
Array deploymentSupport for managing and load balancing traffic among multiple servers
9
Admin Interface
Lesson 2 – Solution Components
11
Solution ComponentsMicrosoft Products
Forefront Protection 2010 for Exchange Server
Microsoft® Exchange Server® 2007 (or 2010) Edge Transport
Forefront Threat Management Gateway
Windows Server® 2008 x64
Feature Ownership
Feature Exchange Edge Role
FPE 2010
IP Allow / Block Lists IP Allow / Block List Providers (custom) (FF DNSBL)
Sender / Recipient Filtering, Sender ID Sender Reputation Basic Content Filtering (SmartScreen) Premium Antispam (Cloudmark) File Filtering Message Body Filtering Antivirus and Antispyware
Forefront TMG cannot manage Subject Line, Sender-Domain, or Allowed Senders in FPE
Mail Protection – Forefront Threat Management Gateway
Internal Network
Forefront Security for Exchange (FSE)
``
Exchange Edge Role
External Network
TMG Filter Driver
Network Inspection System (NIS)
Receive Connector Send Connector
Multi-layer Filters
Multi-layer Filters
Anti-virus Engines
14
EdgeSync ServiceExchange Server service running on Exchange Hub Transport rolePulls data from GC and writes to AD LDS on Forefront TMG (TCP port 50636)Configures:
SMTP Routes (Exchange Connectors)Accepted DomainsGlobal Address ListSafe Sender Lists
15
Partner SMTP Server
TLS encrypted
connection
Typical Deployment Topology
myorg.com Internal SMTP
Server
Any SMTP
Servers
Internet
Internal Network
Forefront TMG
SMTP Traffic
SMTP Traffic
EdgeSync(Exchange Server Only)
Array
MX pointing to Forefront TMG external IP address
Lesson 3 – Configuring SMTP Protection
17
SMTP Protection InstallationIn each member of the Forefront TMG array:
Install Active Directory® Lightweight Directory Services (AD LDS)Install Exchange Server 2007 SP1 (or 2010) Edge Transport roleInstall Forefront Protection 2010 for Exchange ServerInstall Forefront Threat Management Gateway 2010
18
SMTP Protection Configuration StepsRun e-mail policy wizard
Configure SMTP routesConfigure spam filteringConfigure virus and content filtering
Enable and configure EdgeSync
Configure SMTP Routes
Defines how Forefront TMG routes traffic from and to the organization SMTP serversAt least two routes required:
Internal_Mail_Servers define the IP addresses and SMTP domains of the internal mail serversExternal_Mail_Servers define which mail is allowed to enter the organization and the external FQDN/IP address that will receive mail
Configure Spam FilteringDefines spam filtering policy
Connection-level filtering IP Allow List IP Allow List Providers IP Block List Block List Providers
Protocol-level filteringConfiguring Recipient Filtering Configuring Sender Filtering Configuring Sender ID Configuring Sender Reputation
Content-level filtering
21
Spam FilteringConnection-level Filtering
22
Spam FilteringProtocol-level Filtering
Spam FilteringContent-level Filtering
Virus and Content FilteringConfigures antivirus, file attachment, and message body filtering
Virus filter – Engine selection policy and remediation actionsFile filters – Unwanted file attachments based on file type, filename, and prefixMessage body filters – Identify unwanted e-mail messages by applying keyword lists to the contents of the message body
Virus and Content Filtering
Virus and Content FilteringConfiguration
27
Replicating Configuration to Exchange Server and FPE
Administrator
1. TMG UI
2. Store to DB
3. Array members load
new configuration
Exchange Edge Service
4. Configure services using PowerShell API
FPE Service
Questions
Lab 4: Secure Mail Relay
In this lab, you will:
Configure EdgeSyncDefine an e-mail policyVerify antimalware and antispam protection
Exercises 7 and 8
Estimated Completion Time: 60 min
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Forefront, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.