Introduction

One of the optional components included with the ISA Server 2004 is the SMTP Message Screener. The SMTP Message Screener can inspect SMTP messages at the application layer relay or reject messages based on parameters you configure. The SMTP Message Screener can evaluate incoming SMTP mail based on the following characteristics:

Sender mail account and sender domain name

Attachments name, attachment extension and attachment size

Keywords included in the subject line and body of text/plain and text/html messages

For example, a common attachment extension for Internet worms is the .pif extension. Since very few or no legitimate e-mail messages contain attachments with the .pif extension, you can configure the filter to match messages with attachments with this extension and perform one of the following actions:

Delete the message

Hold the message

Forward the message to a specified e-mail account

The SMTP Message Screener is an integral part of your e-mail defense in-depth scheme. Internet worms and viruses, in addition to spam, represent some of the most significant risks to your network. Worms and viruses can attack network servers, services and workstations throughout the Internal network. Spam clogs Internal network bandwidth and consumes employee time, costing many thousands, even millions, of dollars per month in employee productivity.

E-mail defense in depth allows you to distribute the processing of incoming and outgoing e- mail messages. SMTP message evaluation is a processor-intensive activity, and the more machines the load is distributed to, the more efficient the process. You can use the ISA Server 2004 SMTP Message Screener together with the Exchange SMTP Gateway Server to provide an ideal level of e-mail defense in depth.

In the example discussed in this document, we will configure the ISA Server 2004 firewall as an inbound and outbound SMTP relay. The inbound SMTP relay component will accept incoming mail from external SMTP servers destined for e-mail domains that you manage on your Exchange Server. The outbound SMTP relay is used to screen e-mail send out from the Exchange Server to e-mail domains on the Internet (e-mail domains that you do not host or control).

To achieve these goals, you will perform the following steps:

Restore the system to its post-installation state

Assign a second IP address to the Internal interface of the ISA Server 2004 firewall

Install and configure the SMTP Service

Install the SMTP Message Screener

Create the SMTP Server Publishing Rules

Configure SMTP Message Screener logging

Test SMTP Filtering

ISA Server 2004 Configuration Guide

185

Page 186 Page 188
Page 187
Image 187
Microsoft manual ISA Server 2004 Configuration Guide 185
Page 186 Page 188
Top Page Image Contents