Exchange online protection (EOP) vs Agents
MS online hosted EOP is next version of Forefront Onlilne protection for Exchange (FOPE).
exchange 2013 has most of the built-in anti-spam agents as Exchange 2010. However no longer a management interface for those features and managed using shell.
connection filtering agent (IP allow/block list), attachment filtering agent no longer available as in Exchange 2010
Online , cloud based protection is easier to control and configure and stronger. Usual you want to pair built-in feature with EOP or other 3rd party protection.
5 Anti-spam agents available on mailbox servers
They Need to be enabled. Not installed by default on mailbox server.
sender filter agent- compares sender to admin defined list of senders/sender domain from prohibited sending to the organization and take action on inbound message.
recipient filter agent - compares recipient to admin defined list of recipients block list from prohibited entering the organization. Compare recipient in messages to local recipient directory for validity of recipient. if not message is rejected.
sender ID agent - cheks IP of sender server and PRA (Purported responsible address) of the sender to determine if sender is spoofed.
Content filter agent - assesses the content of the message to qurantine or deleted.
Protocol anlysis agent - sender reputation that relies on IP of sending server and sender reputation level (SRL) to check for SPAM.
Enabling Anti-Spam agents
MS pushing admins away from agents to hosted service. To install perform through Exchange Management Shell which makes it cumbersome for admins.
- run the Install-AntiSpamAgents.ps1 script
- restart the MS Exchnage Transport Service
- Specify the internal SMTP servers in your organization
Anti-malware protection
built in solution enabled by default. It can be disabled or paired with other solution.
new definitions are check every hour.
summary of malware filter shown.
inbound/outbound spam email and attachment removal option
notification is send when delete the entire message is used.
customize the spam notifications
Scenarios
enable anti-spam agents on mailbox server
configure sender filtering block emails from two different known spammers as well as domain.
review technet settings to help enable and manage agents
test anti-mailware settings using EICAR.TXT antivirus test file
commands to install agents in shell.
restart Exchange transport service
for each agent, managed via shell. Not managed in Exchange Admin Center.
malware detection.
No comments:
Post a Comment