Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Implementing Edge Services for an Exchange 2010 Environment : Using Sender/IP Reputation to Filter Content

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
3/21/2011 9:00:05 PM
Sender Reputation when combined with the other antispam technologies in Edge Services can help reduce unwanted email very efficiently and effectively. Sender Reputation, simply put, allows administrators to answer the question, “Can I trust who sends us email, and if I can’t, why should I process it?” The Sender Reputation Agent answers this question for you by learning from values obtained in email messages to determine whether the source of the messages is legitimate or if it is sending junk.

Configuring Sender/IP Reputation

Email that is routed through Receive Connectors is processed by the Sender Reputation Agent. These messages are received from the Internet and travel inbound to the Edge Transport server for delivery to the recipient. The Sender Reputation Agent is enabled by default and can be configured using the Exchange Management Console or Exchange Management Shell.

Note

Changes described in this section are applied only to the local system. This is important if you have more than one Edge Transport server in your environment.


To disable the Sender Reputation Agent using the Exchange Management Console, right-click the agent icon in the action pane, and select Disable. To disable the Sender Reputation Agent using the Exchange Management Shell, run the set-SenderReputationConfig command with the -Enabled $false parameter:

"set-SenderReputationConfig -Enabled $false"

The General tab of the Agent Properties window displays a brief description of the agent and its capabilities, its current status, and the last time the agent’s settings were modified.

The Sender Reputation Agent works by evaluating several items in an email message(s) and then assigns a score, known as the Sender Reputation Level (SRL). The SRL works very similarly to the SCL assigned to messages themselves. The SRL gets assigned to the IP address from which the email message(s) are originating. The Sender Reputation Agent adds the IP address to the IP Block List when the SRL corresponds with the tolerance threshold you have set for this action. The SRL can be adjusted from 0 to 9. You can also configure the amount of time (in hours, 0 to 48) the flagged IP address should remain on your IP Block List.

The SRL for an IP address is derived from the following four items: an open proxy test, HELO/EHLO validation check, reverse DNS lookup, and SCL ratings derived from messages received from the sending IP address. The Sender Reputation Agent takes the cumulative results of these items into account when composing the SRL.

An open proxy test determines whether the receiving Edge Transport server can communicate back to itself through the network on which the sending IP address resides. Open proxies are easy to establish and are commonly used by spammers to conceal the true identity of the server sending email. When email messages are routed through an open proxy, the information contained in the message changes to reflect that of the local host—that is, the network on the “other side” of the proxy server.

Note

Performing an open proxy test is enabled by default. This setting can be changed on the Sender Confidence tab of the Sender Reputation Properties window.


The HELO/EHLO SMTP commands are another item often forged by spammers. Their purpose is to provide the domain name or IP address from which the message originated. Spoofing the From address, using the same domain in the To and From fields, and forging the sending IP address are very common spam tricks.

A reverse DNS lookup is performed to determine if the domain name registered with the sending IP address is the same as that provided with the HELO/EHLO commands.

Note

Although there are a couple of similarities, this is not the same as SenderID and the use of SPF records.


The SCL of a message is the last item taken into account by the Sender Reputation Agent when calculating a SRL for a particular IP address. The Sender Reputation Agent tabulates SCL scores obtained from messages previously received from the same IP address.

Configuring the Sender Reputation Agent Using the Exchange Management Console

The Sender Reputation Agent can be configured using the Exchange Management Console interface. To configure the sender reputation from EMC, do the following:

1.
Launch the Exchange Management Console.

2.
Select Edge Transport in the console tree.

3.
Double-click the Sender Reputation agent.

4.
The General tab provides a quick overview of the Sender Reputation Agent, along with the last time the agent’s settings were modified.

5.
The Sender Confidence tab allows you to enable (default) or disable the open proxy test. This typically remains enabled.

6.
The Action tab allows you to set the block threshold for SRL on a scale of 0 to 9. (The default setting is 7, the maximum.)

7.
The Action tab also allows you to configure how long (0 to 48 hours) the IP address should remain on the Edge Transport server’s IP Block List. (The default setting is 24 hours.)

8.
Click Apply to save changes or click OK to save changes and close the window.

Configuring Sender Reputation Using the Exchange Management Shell

Sender Reputation can also be configured through the Exchange Management Shell. Each shell command has its own parameters you can set based on the action(s) performed by the command. There are two commands: Get- and Set-.

The Get- command is used to retrieve the configuration of Sender Reputation. For example, entering Get-SenderReputationConfig displays the Sender Reputation configuration on the local system.

The Set- command allows an administrator to enable or disable the agent and modify the configuration of the agent. The following example enables sender reputation on email received on external SMTP connections, activates the open proxy detection test, and configures the blocking options.

Set-SenderReputationConfig -Enabled $true -ExternalMailEnabled $true -OpenProxyDetectionEnabled $true 
-ProxyServerName proxy1.companyabc.com -ProxyServerPort 8080 -SenderBlockingEnabled $true -SenderBlockingPeriod 48 -SRLBlockThreshold 8
Other -----------------
- Implementing Edge Services for an Exchange 2010 Environment : Filtering Content in a Message Attachment
- Implementing Edge Services for an Exchange 2010 Environment : Using Content Filtering to Allow and Reject Domain-Level Content
- Implementing Edge Services for an Exchange 2010 Environment : Fine-Tuning Content Filtering
- Windows Server 2003 : Configuring Remote Access Connections (part 2) - Configuring Remote Access Authentication
- Windows Server 2003 : Configuring Remote Access Connections (part 1) - Using Remote Access Client Addressing
- Windows Server 2008 R2 : Remote Desktop Services - Why Implement Remote Desktop Services
- Windows Server 2008 R2 : Server-to-Client Remote Access and DirectAccess - Connection Manager
- Manage the Active Directory Domain Services Schema : Activate Attributes
- Manage the Active Directory Domain Services Schema : Deactivate Attributes
- Manage the Active Directory Domain Services Schema : Create Attributes
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
programming4us
Natural Miscarriage
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Game Trailer