Programming4us
         
 
 
Applications Server

Securing Exchange Server : Configure Message Hygiene Options (part 2) - Protect Against Unwanted Mail Sources

1/18/2011 5:30:40 PM

2. Protect Against Unwanted Mail Sources

In addition to protecting your organization from messages that are considered spam or that have inappropriate content, you can also protect against specific mail sources. This is useful in situations where there is a specific attack against your organization or if there are senders you want to ignore at the organization level.

2.1. Block Mail from Specific IP Addresses

You can choose to block all messages sent from a specific set of IP addresses using an IP block list. IP block lists are typically configured on Edge Transport servers, since they are Internet-facing. However, if you install the antispam features on a Hub Transport server, you can configure IP block lists on the Hub Transport server as well.

When adding IP addresses to the IP block list, you can add a single address, a subnet, or a range of addresses. To block an IP address, you use the Add-IPBlockListEntry cmdlet in the EMS. The following command blocks connections from the 10.0.0.1 address. In this command, the IPAddress parameter is specified to indicate that we are blocking a single IP.

Add-IPBlockListEntry -IPAddress 10.0.0.1

When blocking a subnet or a range of IP addresses, you should use the IPRange parameter. The following example blocks everything coming from 10.0.0.1–10.0.0.100:

Add-IPBlockListEntry -IPRange 10.0.0.1-10.0.0.100

After you have configured the IP addresses to block, you can run the Get-IPBlockListEntry cmdlet to view the configuration. To remove IP addresses from the block list, use the Remove-IPBlockListEntry parameter and specify the blocked IP address entry that you want to remove.

2.2. Verify That Senders Are Valid

In Exchange, you can also block mail from specific senders. You can set up a filter based on the sender's IP address or domain name. In addition, you can check whether the sender of the message is valid and whether the message is spoofed. This functionality is exposed in the two Exchange features called Sender Filtering and Sender ID.

Sender Filtering and Sender ID are enabled as part of the antispam feature set in Exchange. These two features work together to ensure that the headers on an email message are not spoofed (that is, they verify that the message is really from who it says it's from) and that the message is from a sender you want to accept mail from.

2.2.1. Prevent Spoofed Messages

To ensure that messages aren't being spoofed, you can configure Sender ID. Sender ID will compare the sender's address against the Sender Policy Framework (SPF) record in the sender's DNS domain name. The Sender ID status is set on the message to indicate the results of the SPF record lookup. This status is used in the calculation of the SCL of messages.

You can also configure the Transport server to perform certain actions based on the Sender ID status. You can have the server reject the message, delete the message, or just stamp the Sender ID value on the message. By default, Exchange just stamps the value onto the message.

You can configure these settings in the EMC by using the following steps:

  1. Open the EMC and browse to either the Organization Configuration => Hub Transport node or the Organization Configuration => Edge Transport node in the Console tree, depending on which server you are using for transporting Internet email.

  2. In the Work area, click the Anti-spam tab to open a list of available antispam options.

  3. Double-click on Sender ID in the list. The Sender ID Properties dialog box is displayed.

  4. Click the Action tab.

  5. Select the option that represents what you want to happen after a Sender ID check takes place. In Figure 1, the Reject Message option is being configured. This will send a rejection notice to the sender of the message.

  6. Click the OK button to close the Properties dialog box and make the change.

Figure 1. Configuring the Sender ID action

You can also configure the Transport server to reject spoofed messages by using the Set-SenderIDConfig cmdlet with the SpoofedDomainAction parameter. You can set this parameter to either Reject, Delete, or StampStatus. The following command will ensure that messages from spoofed domains are deleted:

Set-SenderIDConfig -SpoofedDomainAction Reject

2.2.2. Block Messages from Certain People or Organizations

Now that you've verified that the message isn't spoofed, you can choose to block messages from people or organizations that you don't want to hear from. To do this, you use the Sender Filtering feature. You can configure Sender Filtering to either flat-out deny the message or to accept the message and mark that it's from a blocked sender. The SCL of the message will be updated appropriately.

To configure which senders are blocked, use the following steps in the EMC:

  1. Open the EMC and browse to either the Organization Configuration => Hub Transport node or the Organization Configuration => Edge Transport node in the Console tree, depending on which server you are using to receive mail from the Internet.

  2. In the Work area, click on the Anti-spam tab to open a list of available antispam options.

  3. Double-click on Sender Filtering in the list. The Sender Filtering Properties dialog box is displayed.

  4. Click the Blocked Senders tab.

  5. Click the Add button to add senders to the list that you want to block. This launches the Add Blocked Senders dialog box.

  6. In the Add Blocked Senders dialog box, add individual email addresses that you want to block, or if you want to block an entire domain, select the Domain option and type the name of the domain, as shown in Figure 2.

  7. When back in the Sender Filtering Properties dialog box, add any additional addresses that you want to block and then click OK to close the Properties dialog box. This configuration is illustrated in Figure 3.

Figure 2. Blocking mail from an entire domain namespace

Figure 3. Setting the list of blocked senders on a Transport server

You can also use the Set-SenderFilterConfig cmdlet in the EMS to enable Sender Filtering and configure the addresses that you are blocking. You can block an entire domain using the BlockedDomains parameter or a single sender using the BlockedSenders parameter. The following command enables Sender Filtering and blocks messages from anyone in the tailspintoys.com domain:

Set-SenderFilterConfig -Enabled $true -BlockedDomains 

tailspintoys.com

2.3. Prevent Internet Users from Sending Email to Distribution Groups

You may have distribution groups inside your organization that you only want internal employees to have access to send email to. You can block these distribution groups from receiving Internet email by using Recipient Filtering to block messages from the Internet that are destined to a certain address. For example, suppose you have a distribution list called finance@contoso.com that you don't want people on the Internet to send mail to. You can use the following steps in the EMC to ensure that Internet users can't send mail to the finance@contoso.com distribution group:

  1. Open the EMC and browse to either the Organization Configuration => Hub Transport node or the Organization Configuration => Edge Transport node in the Console tree, depending on which server you are setting up the recipient filtering on.

  2. In the Work area, click the Antispam tab to open a list of available antispam options.

  3. Double-click on Recipient Filtering in the list. The Recipient Filtering Properties dialog box is displayed.

  4. Click the Blocked Recipients tab.

  5. Select the check box Block Messages Sent To The Following Recipients. Type the address of the distribution group in the field below the check box and then click the Add button (Figure 12.9).

  6. Click OK to close the Properties dialog box and make the change.

Figure 4. Blocking Internet-based mail to an internal distribution group

You can also add the distribution group to the recipient filtering list in the EMS. Use the Set-RecipientFilterConfig cmdlet with the BlockedRecipients parameter. The following EMS command accomplishes the same thing that we just performed in the EMC:

Set-RecipientFilterConfig -BlockListEnabled $true 
-BlockedRecipients finance@contoso.com

Other -----------------
- Securing Exchange Server : Configure Message Hygiene Options (part 1) - Battle Unwanted Mail
- Recovering from a Disaster in an Exchange Server 2010 Environment - Recovering from a Boot Failure
- Recovering from a Disaster in an Exchange Server 2010 Environment - Recovering from a Disk Failure
- Exchange Server 2010 : Manage Permissions (part 2) - Delegate Role-Based Permissions
- Exchange Server 2010 : Manage Permissions (part 1) - Understand the Exchange Server 2010 Administrative Model
- Recovering from a Disaster in an Exchange Server 2010 Environment : Recovering from a Site Failure
- Recovering from a Disaster in an Exchange Server 2010 Environment : Preparing for a More Easily Recoverable Environment
- Exchange Server 2010: Configure Security for Exchange Servers (part 2)
- Exchange Server 2010: Configure Security for Exchange Servers (part 1)
- Designing the Right Data Storage Structure for Exchange Server 2010 (part 3)
 
 
Most View
- Programming WCF Services : Queued Services - Delivery Failures (part 1) - Configuring the Dead-Letter Queue
- SQL server 2012 : T-SQL Enhancements - Windowing (OVER Clause) Enhancements
- Windows Phone 7: Posting to Facebook or Windows Live
- Windows Phone 7: Linking Contacts
- Managing Windows Server 2012 Storage and File Systems : Storage Management (part 6) - Configuring storage - Using the MBR and GPT partition styles, Using the disk storage types
- Windows Phone 7 : Using the Touch Screen (part 4) - Sprite Hit Testing - Elliptical Hit Tests, Building the Hit Tests into the Game Framework
- Windows Phone 8 : Phone Hardware - Using Motion (part 1)
- SQL Server 2008 : Developing Custom Managed Database Objects (part 4) - Developing Managed User-Defined Types
- SQL Server 2008 Scheduling and Notification : Managing Operators
- SQL Azure : Connecting to a SQL Azure Database (part 1) - Connecting Using ADO.NET
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS