Exchange 2010 with Forefront Protection 2010 for Exchange queries
Don't suppose any of you good goooooooood people happen to use FPE [note, thats not a typo of FEP, its a diff product for those not aware ;)]?
To save me re-writing the thread I started on the MS forums, i'm being lazy and just copying and pasting it 'ere.
Any ideas (on where i'm being a dense fool) or any thoughts of those that have it set up and come across it or something similar would be most gratefully received :)
Here's the URL to the MS Thread:
Like other ppl, I have a few questions regarding FP 2010 for Exchange - the SCP -1 issue, integration, backscatter, and more
I seem to be going around and around, reading the same sites, and not actually getting the answers so time to post a thread I think.
Firstly, here's the setup in order, from External to Internal:
- Perimeter Firewall (Enterprise level firewall, that does scan email traffic initially)
- Linux Mail Server - running Postfix - This has some older AV / Spam checks on it, and is the mail server that we were using prior to Exchange. It still exists as we are still in the migration period (although most of the users are migrated) and it handles entries for some other domains - mainly just aliases to the main AD domain (with Exchange). We have got this server set to deliver email to the Exchange HT server in the event that it cant deliver it to this server (not the best setup i know but its a working solution as we progress with the migration of the remaining users)
- Exchange 2010 HT server (we DONT have a Exchange EDGE server at this time) - this is the only server I've configured with FPE at the moment (want to get this correct first before putting FPE on the MBX servers). For info, we have this setup as a seperate server to any of the other Exchange roles (all Exchange servers are Exchange 2010 SP1)
The issues I've run in to at present:
1. No matter what I try, I cant seem to get any email coming into Exchange from External (to exchange) to be flagged as anything other than the following in the message headers:
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0
- populating the InternalSMTPServers in Exchange with the IP of the firewall
- populating the InternalSMTPServers in Exchange with the IP of the firewall, and the linux mail server
- leaving the InternalSMTPServers in Exchange empty
- with the above combinations, I've also tried include these IP combinations (and leaving it empty) in the "IP addresses used to identify external addresses" option located in the FPE console > Policy Management > Global Settings > Advanced Options, but hasnt made a difference.
Note: I've not restarted any services after making any of these changes and nothing specifies that you need to do that. I see in the Event Viewer that the configuration has been saved / changed when making these changes at each attempt, plus I cant just start randomly restarting the Exchange / FPE services continuously due to the organisation being very dependant on E-Mmail delivery (i'd have to do it late at night I wager).
The Antimalware side of things and File Filtering works however, as I have entries for these, but nothing seems to work in getting this antispam feature working.
This kind of leads me onto question 2....
2. Do you have to enable or disable anything in Exchange itself in order for the anti spam of FPE to work? How does FPE integrate with Exch in this way?
To explain a bit more, prior to trying FPE, I did attempt some while ago to set up the built in Anti Spam feature in Exchange but when trying to get it to install (using the script) it failed and I never got around to actually getting this resolved. Wondering whether this would have any bearing on it.
After setting up FPE, I've noticed that when I use the Exchange Management Console on the HT server, it has Anti Spam tabs (fonud at Org Configuration > Hub Transport and Server Configuration > Hub Transport), whereas it doesnt show these when using the EMC on any of the other exchange servers.
Is this down to FPE being installed? Does FPE actually install and turn on the native Exchange Anti Spam system and integrate into that, as these tabs and options within dont indicate FPE in any way, so I've no idea now whether they are meant to be used or not :(
3. Backscatter - I've enabled this and generated the key etc, but other than the Statistics in Server Security Views > Spam Details, I cant find any place showing logs of the messages that have been blocked. Is there some reason for this? The count seems quite high considering i only setup FPE last friday night and while I'm aware the first 24hrs to expect quite a number of them while it trains itself, the number seems to have increased steadily - it tells me 1227 messages have been blocked by the backscatter agent. It was about 400-500ish 24hrs later, but it still seems quite high considering we do have AV / spam / RBL checks in place in the firewall / linux mail server.
4. A side note but i've noticed a few things that I'd love to see in FPE in the future... does anyone know whether the FPE team welcome feedback (other than the surveys) where I could suggest to them some improvements?
Any help on the above would be really welcome, as it seems like a really good comprehensive tool, and most of it is easy enough to work out, but seems to be lacking as far as helping you actually integrate it when you are using different scenario's to what is expected.