Logo
programming4us
programming4us
programming4us
programming4us
 Home
programming4us
 XP
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server
programming4us
 Windows Phone
 
Windows Server

Exchange Server 2010 : Managing Anti-Spam and Antivirus Countermeasures (part 4)

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
5/28/2011 11:33:01 AM
Practice: Configuring, Disabling, and Enabling S/MIME

In this practice session, you will use the registry editor to configure S/MIME for OWA and the EMS to disable and then enable it. Note that it is not essential to disable and enable S/MIME for OWA after reconfiguring the registry settings, but it is good practice to do so.

EXERCISE 1 Managing S/MIME for OWA

In this exercise, you will manage S/MIME for OWA by using the Regedit utility to edit the registry on the Exchange Server 2010 Client Access server VAN-EX1. You specify the time that OWA waits while connecting to retrieve a single CRL as part of a certificate validation operation. You specify the time that OWA waits to retrieve all CRLs when validating a certificate.

You require that any digitally signed email message that is sent from OWA be clear-signed. Carry out the following procedure:

  1. Log on to the Client Access server VAN-EX1 using the Kim Akers account.

  2. In the Run box, enter regedit.

  3. Navigate to the following registry key:

    HKLM\System\CurrentControlSet\Services\MSExchange OWA\SMIME

  4. Right-click the MIME key and click New, as shown in Figure 8.

    Figure 8. Adding an additional key to a registry key

  5. Click Key.

  6. In the new key under SMIME, enter CRLConnectionTimeout, as shown in Figure 9.

    Figure 9. Naming the new registry key

  7. Right-click the CRLConnectionTimeout key and click New.

  8. Click DWORD (32-Bit) Value.

  9. Type 120000, as shown in Figure 10. This specifies that OWA waits a maximum of 120 seconds while connecting to retrieve a single CRL as part of a certificate validation operation before the operation fails. Press Enter.

    Figure 10. Setting the value of the CRLConnectionTimeout key to 120000

  10. Right-click the MIME key and click New.

  11. Click Key.

  12. In the new key under SMIME, enter CRLRetrievalTimeout, as shown in Figure 11.

    Figure 11. Naming the CRLRetrievalTimeout registry key

  13. Right-click the CRLRetrievalTimeout key and click New.

  14. Click DWORD (32-Bit) Value.

  15. Type 20000 to specify that OWA waits a maximum of 20 seconds to retrieve all CRLs when validating a certificate. Press Enter.

  16. Right-click the MIME key and click New.

  17. Click Key.

  18. In the new key under SMIME, enter ClearSign, as shown in Figure 12.

    Figure 12. Naming the ClearSign registry key

  19. Right-click the ClearSign key and click New.

  20. Click DWORD (32-Bit) Value.

  21. Type 1 to require that any digitally signed email message that is sent from OWA is clear-signed. Press Enter.

  22. Close the registry editor.

EXERCISE 2 Disabling and Enabling S/MIME for OWA

By default, S/MIME is enabled. In this exercise, you use the EMS to disable S/MIME on the OWA virtual directory in the default IIS website on the Client Access server VAN-EX1. You then enable S/MIME on the same website. You should perform this exercise after you have completed Exercise 1. Carry out the following procedure:

  1. If necessary, log on to the Client Access server VAN-EX1 using the Kim Akers account.

  2. Start the EMS.

  3. Enter the following EMS command:

    Set-OWAVirtualDirectory -Identity "owa (Default Web Site)" -SMimeEnabled $false

  4. Enter the following EMS command:

    Set-OWAVirtualDirectory -Identity "owa (Default Web Site)" -SMimeEnabled $true

Practice: Configuring the Sender Filtering Agent

In this practice session, you will configure the Sender Filtering agent to block email from specific senders and specific domains. You will add a sender to a list of blocked senders without deleting the current list, and you will configure the Sender Filter agent to block messages that do not specify a sender in the MAIL FROM: SMTP header.

EXERCISE 1 Block Email from Specific Senders and Specific Domains

In this exercise, you will specify individual senders, a domain, and a domain, including its subdomains. Carry out the following procedure:

  1. Log on to the Edge Transport server VAN-EX2 using the Local Administrator account and start the EMS.

  2. To configure the Sender Filter agent to block messages from the specific email addresses [email protected] and [email protected], enter the following command:

    Set-SenderFilterConfig -BlockedSenders
    [email protected],[email protected]

  3. To configure the Sender Filter agent to block messages from the specific domain fabricam.com, enter the following command:

    Set-SenderFilterConfig -BlockedDomains fabricam.com

  4. To configure the Sender Filter agent to block messages from the treyresearch.com domain and all its subdomains, enter the following command:

    Set-SenderFilterConfig -BlockedDomainsAndSubdomains treyresearch.com

    As shown in Figure 13, these Sender Filter configuration commands do not generate an output. If the commands complete without error, the configuration changes have been made.

    Figure 13. Sender Filter configuration commands

EXERCISE 2 Add a Sender to a List of Blocked Senders

In this exercise, you will add a sender to a list of blocked senders without removing the current blocked senders from the list. When you specify values by using parameters such as BlockedSenders, BlockedDomains, and BlockedDomainsAndSubdomains, these replace the existing list of blocked senders. To preserve the existing list, you can use a temporary Shell variable to add an address or a domain to the blocked senders list. The following exercise uses the temporary variable $ExerciseListing to add the sender [email protected] to the blocked senders list. You should perform this exercise after you have completed Exercise 1. Carry out the following procedure:

  1. If necessary, log on to the Edge Transport server VAN-EX2 using the Local Administrator account and start the EMS.

  2. Place the existing Sender Filter list in the variable $ExerciseListing by entering the following command:

    $ExerciseListing = Get-SenderFilterConfig

  3. Add the sender [email protected] to the variable $ExerciseListing by entering the following command:

    $ExerciseListing.BlockedSenders += "[email protected]"

  4. Use the variable $ExerciseListing to update the Sender Filter list by entering the following command:

    Set-SenderFilterConfig -BlockedSenders $ExerciseListing.BlockedSenders

    As shown in Figure 14, the Sender Filter configuration commands to update the Sender Filter list do not generate an output. If the commands complete without error, the configuration change has been made.

    Figure 14. Updating a Sender Filter list

EXERCISE 3 Configure the Sender Filter Agent to Block Messages That Do Not Specify a Sender in the MAIL FROM: SMTP Header

In this exercise, you will configure the Sender Filter agent to block messages that do not specify a sender in the MAIL FROM: SMTP header. Messages that meet this condition are likely to be spam. You should perform this exercise after you have completed Exercises 1 and 2. Carry out the following procedure:

  1. If necessary, log on to the Edge Transport server VAN-EX2 using the Local Administrator account and start the EMS.

  2. Configure the Sender Filter agent to block messages that do not specify a sender in the MAIL FROM: SMTP header by entering the following command:

    Set-SenderFilterConfig -BlankSenderBlockingEnabled $true

    The command to configure the Sender Filter agent to block messages that do not specify a sender in the MAIL FROM: SMTP header does not generate an output. If the command completes without error, the configuration change has been made.
Other -----------------
- SharePoint 2010 : The SharePoint Object Model (part 3) - Programmatically Using SQL Snapshots
- SharePoint 2010 : The SharePoint Object Model (part 2) - Export, Import, and Associated Types & Site Collection Backup and Restore
- SharePoint 2010 : The SharePoint Object Model (part 1) - Extending Catastrophic Backup and Restore Through the SharePoint API
- BizTalk 2010 Recipes : Business Activity Monitoring - Setting Up BAM Alerts
- BizTalk 2010 Recipes : Business Activity Monitoring - Using the BAM Portal
- Exchange Server 2010 : Ensuring Message Integrity (part 3) - Configuring Permissions on Active Directory Objects & Rights Management Services Federation
- Exchange Server 2010 : Ensuring Message Integrity (part 2) - Using TLS and MTLS & Implementing Domain Security
- Exchange Server 2010 : Ensuring Message Integrity (part 1) - Using S/MIME Extensions
- Windows Server 2003 : Designing a Security Infrastructure - Securing a Wireless Network
- Windows Server 2003 : Designing a Security Infrastructure - Planning a Security Update Infrastructure
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server