Wednesday, March 18, 2015

Anti-spam/malware protection

built-in anti-spam feature by pushing configuration into the shell.  Exchange 2013 added anti-malware feature.

Exchange online protection (EOP) vs Agents

MS online hosted EOP is next version of Forefront Onlilne protection for Exchange (FOPE). 

exchange 2013 has most of the built-in anti-spam agents as Exchange 2010. However no longer a management interface for those features and managed using shell.

connection filtering agent (IP allow/block list), attachment filtering agent no longer available as in Exchange 2010

Online , cloud based protection is easier to control and configure and stronger.  Usual you want to pair built-in feature with EOP or other 3rd party protection.

5 Anti-spam agents available on mailbox servers

They Need to be enabled. Not installed by default on mailbox server.

sender filter agent- compares sender to admin defined list of senders/sender domain from prohibited sending to the organization and take action on inbound message.

recipient filter agent -  compares recipient to admin defined list of recipients block list from prohibited entering the organization. Compare recipient in messages to local recipient directory for validity of recipient. if not message is rejected.

sender ID agent - cheks IP of sender server and PRA (Purported responsible address) of the sender to determine if sender is spoofed. 

Content filter agent - assesses the content of the message to qurantine or deleted.

Protocol anlysis agent - sender reputation that relies on IP of sending server  and sender reputation level (SRL) to check for SPAM.


Enabling Anti-Spam agents

MS pushing admins away from agents to hosted service. To install perform through Exchange Management Shell which makes it cumbersome for admins.

  • run the Install-AntiSpamAgents.ps1 script
  • restart the MS Exchnage Transport Service
  • Specify the internal SMTP servers in your organization

Anti-malware protection

built in solution enabled by default.  It can be disabled or paired with other solution.

new definitions are check every hour.

summary of malware filter shown.













inbound/outbound spam email and attachment removal option

notification is send when delete the entire message is used.
















customize the spam notifications













Scenarios

 enable anti-spam agents on mailbox server

configure sender filtering block emails from two different known spammers as well as domain.

review technet settings to help enable and manage agents

test anti-mailware settings using EICAR.TXT antivirus test file


















commands to install agents in shell.















restart Exchange transport service









































for each agent, managed via shell.  Not managed in Exchange Admin Center.
























































































































malware detection.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)