Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Implementing Edge Services for an Exchange 2010 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)

- Windows 10 Product Activation Keys Free 2019
- How to active Windows 8 without product key
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
3/21/2011 5:44:09 PM
Connection filtering combats spam by blocking and/or allowing email messages from specific networks, IP addresses, and IP ranges. Email that is routed through Receive Connectors is processed by the Connection Filtering Agent. These messages are received from the Internet and travel inbound to the Edge Transport server for delivery to the recipient. The connection filtering agents (IP Block List, IP Allow List, IP Block List Providers, and IP Allow List Providers) are all enabled by default and can be configured using the Exchange Management Console or Exchange Management Shell.

An IP Allow List is a manual list of servers you trust to send email to your organization, more specifically those for which email communication cannot be disrupted. An IP Block List works in reverse, blocking email from specific email servers without further processing or retaining copies of the message. IP Block and Allow List Providers make it easier to stop email from known malicious entities or ensure that communication continues for others. This is usually a free service and allows administrators to easily subscribe to these lists and benefit from them.

One example of a real-time block list provider is The Spamhaus Project at www.spamhaus.org. Spamhaus maintains the Spamhaus Block List (SBL) and provides it as a free service for anyone to use. Spamhaus records their block entries in the SBL domain name system (DNS) zone, and that list is updated at regular intervals and then mirrored to servers around the world with direct hourly feeds to major Internet service providers (ISPs).

Note

If the message matches an entry from the IP Allow List, the message is assigned a Spam Confidence Level (SCL) rating of 0 regardless of any matches from the IP Block List.


Note

Changes described in this section are applied only to the local system. This is important to know if you have more than one Edge Transport server in your environment because the change will need to be made locally on all other Edge Transport servers.


To disable the IP Block List, IP Allow List, IP Block List Providers, and IP Allow List Providers agents using the Exchange Management Console, right-click the appropriate agent icon in the action pane and select Disable.

To disable these same agents using the Exchange Management Shell, run the set- < IPAllowListConfig, IPAllowListProvider, IPAllowListProvidersConfig, IPBlockListConfig, IPBlockListProvider, or IPBlockListProvidersConfig> command with the -Enabled $false parameter. For example:

"set-IPBlockListConfig -Enabled $false".

When configuring an IP Block List or IP Allow List, entities to block must be entered manually by the administrator because these lists are created and maintained locally on the server. Unless specified otherwise by the organization, reject email messages received from addresses on IP Block Lists to avoid further processing, increased system overhead, and consumed disk space.

Tip

The IP Block List is administered by and applies only to the organization the Edge server is routing mail for. The IP Block List can be used to define IP addresses that consistently send messages carrying a malicious payload or unacceptable content to the organization, whereas an IP Block List Provider might not identify these messages, which can occur for several reasons.


Configuring an IP Allow List Using the Exchange Management Console

Email administrators can configure Allow Lists on an Edge Transport server to ensure messages from desired source mail senders or organizations are not filtered and blocked at the Edge server. Administrators can define single IP addresses, IP addresses and subnet masks, and/or IP ranges from which to allow email messages.

Tip

In addition to IP v4, Exchange Server 2010’s Edge Transport role supports filtering using IP v6 addresses and ranges.


Note

In some organizations, the Edge Transport server might sit behind another Simple Mail Transfer Protocol (SMTP) server that receives email from the Internet. In scenarios like this, the SMTP address of each upstream email server must be added to the Transport Configuration object in an Active Directory forest before connection filtering can be used. The SMTP addresses listed in the Transport Configuration object in Active Directory are replicated to the Edge Transport servers via EdgeSync.


To configure an IP Allow List using the Exchange Management Console, do the following:

1.
Launch the Exchange Management Console.

2.
Select Edge Transport in the console tree.

3.
Double-click the IP Allow List item in the action pane.

4.
In the IP Allow List Properties window, select the Allowed Addresses tab.

5.
Click the Add button or the down arrow and choose the IP address option to add a Classless Internet Domain Routing (CIDR) IP v4 or v6 address or range (for example, 192.168.1.10, 192.168.1.10/24, or 2001:DB8:0:C000::/54).

6.
Click OK to add the IP address or address range.

7.
The IP addresses or address ranges are shown in the IP Address(es) section of the Allowed Addresses tab in the IP Allow List Properties window.

Note

You must first obtain the IP address or address ranges of the email server or servers for those you want included in the IP Allow List.

8.
Click Apply to save changes or click OK to save changes and close the window.

Note

Entries in an IP Allow List cannot be scheduled to expire.

Alternatively, an IP address and subnet mask, or IP address range can be defined for filtering. To define an allowed IP address and subnet mask, do the following:

1.
In the IP Allow List Properties window, select the Allowed Addresses tab.

2.
Click the down arrow and select IP and Mask.

3.
In the Add Allowed IP Address – IP and Mask window, enter the IP address in the IP Address field (for example, 192.168.1.10).

4.
Enter the subnet mask of the IP address in the IP Mask field (for example, 255.255.255.0).

5.
Click OK to add the IP address and IP mask.

To define an allowed IP address range, do the following:

1.
In the IP Allow List Properties window, select the Allowed Addresses tab.

2.
Click the down arrow and select IP Range.

3.
In the Add Allowed IP Address – IP Range window, enter the first IP address in the Start Address field (for example, 192.168.1.1).

4.
Enter the last IP address in the address range in the End Address field (for example, 192.168.255.255).

5.
Click OK to add the IP address range.

Any defined IP addresses, IP addresses and subnet masks, and/or IP address ranges are shown in the IP Address(es) section of the Allowed Addresses tab of the IP Allow List Properties window.

Several list providers are available; the criteria for being added to or removed from their databases along with how often those databases are updated is different. For example, Microsoft provides updates twice per week for their Intelligent Message Filter, which is used with content filtering and the heuristics rules specific to phishing attempts. To configure an IP Allow List Providers using the Exchange Management Console, complete the following steps:

1.
Launch the Exchange Management Console.

2.
Select Edge Transport in the console tree.

3.
Double-click the IP Allow List Providers item in the action pane.

4.
In the IP Allow List Providers Properties window, select the Providers tab.

5.
Click the Add button to define an IP Allow List Provider.

6.
Enter the name of the provider in the Provider Name field.

7.
Enter the IP address or fully qualified domain name (FQDN) in the Lookup Domain field.

8.
Select Match Any Return Code to identify all delivery status notifications (DSN) and respond to them accordingly.

9.
Select Match Specific Mask and Reponses to specify an IP address or subnet mask and respond accordingly or to list multiple IP addresses or subnet masks and respond accordingly.

10.
Click OK when you are finished; the newly created provider entry will be displayed in the IP Allow List Providers Properties window.

Configuring an IP Block List Using the Exchange Management Console

The IP Block List is configured using the same procedures as the IP Allow List; however, an entry made in the IP Block List can be scheduled to expire, whereas an entry in the IP Allow List cannot. By default, new entries are set to never expire.

Note

You must first obtain the IP address or address ranges of the email server or servers that you want included in the IP Block List.


To configure an IP Block List using the Exchange Management Console, do the following:

1.
Launch the Exchange Management Console.

2.
Select Edge Transport in the console tree.

3.
Double-click the IP Block List item in the action pane.

4.
In the IP Block List Properties window, select the Blocked Addresses tab.

5.
Click Add to make a new entry.

6.
In the Add Blocked IP Address window, enter the CIDR information for the blocked addresses and select Block Until Date and Time.

7.
Specify a date and time to expire the entry, and click OK.

Known spam servers and IP addresses sending malicious email should be double-checked for compliance before the expiration date comes due. Consider keeping maintenance logs or check entries frequently to avoid letting unwanted and previously blocked email messages (back) into your organization.

Other -----------------
- Exchange Server 2010 : Installing and Configuring the Edge Transport Server Components
- Installing Exchange Server 2010
- Preparing Your Environment for Exchange Server 2010
- Windows Server 2008 R2 : DirectAccess Scenario (part 6) - Monitoring the DirectAccess Server
- Windows Server 2008 R2 : DirectAccess Scenario (part 5) - Testing DirectAccess
- Windows Server 2008 R2 : DirectAccess Scenario (part 4) - Configuring DirectAccess Feature
- Windows Server 2008 R2 : DirectAccess Scenario (part 3) - Certificate Autoenrollment & IP-HTTP Certificate
- Windows Server 2008 R2 : DirectAccess Scenario (part 2) - Using a GPO to Configure Firewall Rules & Custom Certificate Template for IP-HTTPS
- Windows Server 2008 R2 : DirectAccess Scenario (part 1) - Configuring the Infrastructure
- Installing Exchange Server 2010 : Deploying Active Directory from Scratch (part 3)
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server