This section describes how you can use Forefront Protection 2010 for Exchange Server (FPE) to help prevent spam e-mail from entering Microsoft Exchange messaging environments.
You can enable FPE antispam technology in the Exchange Edge and Exchange Hub roles. The Edge role, however, is the preferred location for antispam scanning, because it enables FPE to reject spam early in the process without putting an unnecessary load on the network layers. The technology includes a series of agents that are registered with Exchange and are invoked at specific points in the SMTP pipeline. FPE can also be integrated with Forefront Online Protection for Exchange (FOPE) to provide an additional layer of filtering for your messaging environment.
|If you are using FOPE to filter your e-mail traffic, you can configure FPE to bypass spam scanning of messages that were already scanned by FOPE. For more information, see Bypassing virus and spam scanning for messages already scanned.|
FPE uses several kinds of filtering in order to identify and mitigate spam e-mail:
- Connection Filtering—FPE examines the
IP address of the original sender. FPE has user configurable static
IP block and allow lists and a dynamic DNS block list maintained by
Microsoft that can filter up to 90% of spam e-mail. For more
information, see Using connection
- Sender Filtering—FPE examines the SMTP
sender information. This filter enables administrators to configure
allowed and blocked senders by domains and e-mail addresses. For
more information, see Configuring sender
- Sender ID Filtering—FPE uses a Sender
ID framework to validate that the sender is not spoofing the
identity of another sender. For more information, see Configuring sender ID
- Recipient Filtering—FPE can also be
configured to allow and block e-mail messages to certain recipients
in your organization. In addition, FPE has the capability, through
Active Directory Domain Service queries, to validate that the
recipient exists in the company’s Active Directory Domain Service.
For more information, see Configuring recipient
- Content Filtering—FPE also examines
the content of the message itself, including subject line and the
message body. FPE uses a third-party antispam engine to scan all
e-mail for spam. For more information, see Configuring content
- Backscatter Filtering—FPE includes new
technology that enables administrators to prevent false
Non-Delivery Reports (NDR) generated from spoofed sender addresses
from entering their environment. For more information, see Configuring backscatter
During the first two phases in the antispam pipeline, FPE can reject a message if the message originated from a block-listed IP address or a blocked or spoofed sender. FPE can also be configured to reject a message if it is intended for an invalid or blocked recipient. During the final phase, FPE determines the confidence level that a message is spam. FPE allows you to set a threshold of confidence, which determines the mitigation action FPE takes during content filtering. Messages above the threshold can be rejected or deleted, and messages below the threshold can be quarantined or forwarded to Microsoft Office Outlook. Suspect messages that are forwarded to Office Outlook can be scanned again depending upon the Office Outlook settings.
|If you are unable to set antispam settings through the FPE Administrator Console, please verify that the Exchange Server Administrator’s password has not expired or been changed.|
|When antispam filtering is enabled, you must also ensure that the internal SMTP servers list is populated in the Microsoft Exchange Server Management Shell. This step is important if there are any incumbent Message Transfer Agents (MTA) between the internet and the FPE-protected Exchange server where the antispam agents are enabled. Information about configuring the internal SMTP servers list can be found in the following Microsoft Exchange documentation topics: Anti-spam agents are enabled, but the list of internal SMTP servers is empty (http://go.microsoft.com/fwlink/?LinkId=156597) and Set-TransportConfig cmdlet (http://go.microsoft.com/fwlink/?LinkId=156599).|
For more information about enabling the FPE antispam features, see Enabling antispam protection.