Module 9

Planning and Configuring Message

Hygiene
Module Overview

Planning Messaging Security

Implementing an Antivirus Solution for Exchange
Server 2013
• Implementing an Anti-Spam Solution for
Exchange Server 2013
Lesson 1: Planning Messaging Security

Defining Message Security Requirements

SMTP Gateway Solution
Planning Restrictions to Message Flow
Planning SMTP Connector Security
Planning Secure Message Routing Between Partner
Organizations
Planning Client-Based Messaging Security
• Demonstration: Configuring Secure Message
Routing Between Partner Organizations
Defining Message Security Requirements

Security requirements Protection technology

Exchange Server 2013 Antimalware, anti-spam, security

permissions, local firewall

Perimeter network Firewall, reverse proxy, SMTP

Gateway, antimalware, anti spam

Internal client Antimalware, security permissions,

local firewall

External client Antimalware, security permissions,

local firewall
SMTP Gateway Solution

• The SMTP Gateway solution:

• Should have antimalware and anti-spam protection
• Must be configured with a FQDN
• Should be installed in perimeter network
• Requires a minimal number of ports opened on the
internal and external firewalls
• Must be configured with the IP addresses for DNS
servers that can resolve DNS names on the Internet
Planning Restrictions to Message Flow

• Restricting mail flow options:

• Message delivery restrictions
• Transport rules
• Message moderation
• Data loss prevention
Planning SMTP Connector Security

• SMTP connector security options:

Protocol Layer Purpose

IPsec Network-based Encrypts server-to-

server or client-to-server
traffic
VPN Network-based Encrypts site-to-site
traffic

TLS Session-based Encrypts server-to-

server traffic

• SMTP email can be additionally secured by using

authentication and authorization on the SMTP
connector
Planning Secure Message Routing Between
Partner Organizations

• Uses mutual TLS with business partners to enable

secured message paths over the Internet

• To set up mutual TLS:

• Generate a certificate request for TLS certificates
• Import and enable the certificate on the
Mailbox server
• Configure outbound Domain Security
• Configure inbound Domain Security
Planning Client-Based Messaging Security

Method Type of Security Provided

Digital • Authentication: The message was sent by the person or
signatures organization who claims to have sent it
• Nonrepudiation: Helps to prevent the sender from
disowning the message
• Data integrity: Any alteration of the message invalidates
the signature
Message • Only the intended recipient can view the contents
encryption

• S/MIME Infrastructure requirements:

• The sender must have a valid certificate installed
• All target addresses must have a public certificate
available either locally or in Active Directory
• Can use either an internal or public CA
Demonstration: Configuring Secure Message
Routing Between Partner Organizations

• In this demonstration, you will see how to

configure secure message routing between
partner organizations
Lesson 2: Implementing an Antivirus Solution for
Exchange Server 2013

Overview of Antivirus Solution Requirements

Options for Implementing an Antivirus Solution in
Exchange Server 2013
Antivirus Solution Features in Exchange Server 2013
What Is Exchange Online Protection?
Best Practices for Deploying an Antivirus Solution
• Demonstration: Configuring Antimalware
Protection for Exchange Server
Overview of Antivirus Solution Requirements

• Antivirus solution requirements:

• Protection from malware
• Protection from spam
• Designed for Exchange Server 2013
• Corporate antivirus solution
Options for Implementing an Antivirus Solution
in Exchange Server 2013

• Exchange Server 2013 antivirus solution options:

• Built-in antimalware protection
• Hosted, cloud-based solution or hybrid solution
• Corporate antivirus solution
• Antivirus solution in the perimeter network
Antivirus Solution Features in Exchange Server
2013

• Exchange antimalware protection features

include:
• Options for enable, disable, or bypass
• Download engine and definition updates
• Scanning is performed during send or receive
• Actions when malware is detected:
• Delete entire message
• Delete all attachments and use default alert text
• Delete all attachments and use custom alert text
• Notify the administrator and the sender
What Is Exchange Online Protection?

• Exchange Online Protection has following

features:
• Web-based management console
• Multi-engine antimalware
• Real-time response
• Email availability
• Reporting
Best Practices for Deploying an Antivirus
Solution

• When you implement an antivirus solution, you

should:
• Implement multiple layers of antivirus such as:
• Exchange on premise antimalware protection
• Antivirus installed on firewall or SMTP gateway server
• Antivirus installed on the client computers
• Exchange Online Protection
• Maintain regular antivirus updates
• Regularly monitor antimalware reports
• Regularly read about latest Internet security threats
Demonstration: Configuring Antimalware
Protection for Exchange Server

• In this demonstration, you will see how to

configure antimalware protection for Exchange
Server
Lesson 3: Implementing an Anti-Spam Solution
for Exchange Server 2013

Overview of Anti-Spam Solutions

Overview of Spam-Filtering Features
Applying Exchange Server 2013 Spam Filters
What Is Sender and Recipient Filtering?
What Is Sender ID Filtering?
What Is Sender Reputation Filtering?
Understanding the SCL in Exchange Server 2013
What Is Content Filtering?
Best Practices for Deploying an Anti-Spam Solution
• Demonstration: Configuring Anti-Spam Features
Overview of Anti-Spam Solutions

• Organizations should evaluate following anti-

spam requirements:
• Ease of configuration
• Protection from malware
• Exchange Server 2013 built-in anti-spam features
• Exchange Online Protection or hybrid solution
• SMTP gateway anti-spam solution
• End user notification for quarantined messages
Overview of Spam-Filtering Features

Feature Filters messages based on:

Content Filtering The message contents
Sender ID The IP address of the sending server
from which the message was received

Sender Filtering The Sender in the MAIL FROM: SMTP

header
Recipient Filtering The Recipients in the RCPT TO: SMTP
header
Sender Reputation Several characteristics of the sender,
accumulated over a period of time
Applying Exchange Server 2013 Spam Filters
What Is Sender and Recipient Filtering?

• Sender filtering:
• Evaluates the sender SMTP address, email address,
domain, or domain with subdomains
• Can be configured to reject email
• Can be configured to process email to another anti-
spam agent

• Recipient filtering:
• Evaluates recipient the SMTP address
• Can be configured to reject email to a non-existing
user or to a specific internal user
• Can be configured to process email to another anti-
spam agent
What Is Sender ID Filtering?

DNS Server
Mailbox
Server
SMTP
Server
22

11
Internet
33 44

• You can configure it to:

• Reject messages and issue an NDR
• Delete messages without sending an NDR
• Stamp the messages with the SenderID result, and
continue processing
What Is Sender Reputation Filtering?

• Sender Reputation filtering filters messages

based on information about recent email
messages received from specific senders

• The Protocol Analysis agent assigns an SRL that

is based on:
• Sender open proxy test
• HELO/EHLO analysis
• Reverse DNS lookup
• Analysis of SCL ratings on messages from a
particular sender
Understanding the SCL in Exchange Server 2013

• SCL is a numerical value between 0 and 9:

• 0 - the message is highly unlikely to be spam
• 9 - the message is very likely to be spam

• SCL thresholds and actions:

• SCL delete threshold
• SCL reject threshold
• SCL quarantine threshold
• SCL junk email folder threshold
What Is Content Filtering?

• Content Filtering analyzes the content of each

email message and assigns an SCL to the
message

• You can configure content filtering to:

• Delete, reject, or quarantine messages that
exceed an SCL value
• Block or allow messages based on a custom word list
• Allow exceptions so that messages sent to specified
recipients are not filtered

• Quarantined messages are sent to a quarantine

mailbox
Best Practices for Deploying an Anti-Spam
Solution

• Consider following best practices:

• Regularly update anti-spam definitions
• Monitor anti-spam reports
• Regularly read about latest Internet security and spam
threats
• Regularly evaluate end users’ feedback
• Regularly evaluate anti-spam configuration
• Use multi-layered anti-spam protection
Demonstration: Configuring Anti-Spam Features
on Exchange Server 2013

• In this demonstration, you will learn how to

configure anti-spam features on Exchange Server
2013
Lab: Planning and Configuring Message Security

Exercise 1: Configure Antimalware Options in

Exchange Server 2013
Exercise 2: Configuring Anti-Spam Options on
Exchange Server
• Exercise 3: Validating Antimalware and Anti-Spam
Configuration
Logon Information
Virtual Machines: 20341B-LON-DC1
20341B-LON-CAS1
20341B-LON-MBX1
User name: Adatum\Administrator
Password: Pa$$w0rd

Estimated Time: 45 minutes

Lab Scenario

You are a messaging administrator in A. Datum

Corporation, which is a large multinational
organization. Your organization has deployed
Exchange Server 2013 internally, and now you
must configure options for message security.
 
Lab Review

What anti-spam agents are available in Exchange

Server 2013?
• What is the purpose of the SCL threshold?
Module Review and Takeaways

Review Question(s)
Real-world Issues and Scenarios
Tools
Best Practice
• Common Issues and Troubleshooting Tips