The Forefront Security for Exchange SP1 (FSE SP1) Technical Writing Team has done a good job outlining the considerations and merits for using Forefront Security for Exchange SP1 to reduce Anti-Virus and Spam using the combination of Anti-Virus Products inherant to FSE SP1.  In the article, titled 'Protecting Your Microsoft Exchange Organization with Microsoft Forefront Security for Exchange Server' the perspective of Inbound Scanning, Outbound Scanning and Internal Scanning (i.e. never leaving through an Outbound SMTP Gateway to another SMTP Namespace) is addressed.  Being a 'visual learner' I summarize a portion of the Microsoft Technet Article with the following Diagrams offered as part of the article content:

 
Figure 1 - Inbound Scanning 

If we follow the inbound SMTP messages we see in a configuration where each of the respective Exchange 2007 Messaging Servers includes FSE SP1 that the Edge Transport Server Role will pickup the bulk of Spam and Virus laden e-mail while the Hub Transport and Mailbox Server Roles do not require FSE SP1 scanning.

 
Figure 2 - Outbound Scanning

 The outbound SMTP messages are transferred to the Mailbox Server Role then immediately (based upon Exchange 2007 Mail Routing requirements) passed to the Hub Transport Server Role for Scanning and Stamping and then to the Edge Transport Server role for outbound delivery to the intended mail Target.

 
Figure 3 - Internal Scanning

For an SMTP message sent within an Organization from a Sender to a Recipient in the same SMTP Domain follows routing through the Mailbox Server 1 Role (Sender Malbox) to the Hub Transport Server for Scanning and Stamping to the Mailbox Server 2 Role (Recipient Mailbox) for delivery.  

Finally, if we add Forefront Online Security for Exchange Services outside of the Corporate Network (in the Diagrams where the 'Internet Cloud' resides) we can even further reduce on-premise Scanning for Anti-Virus and Spam in a measurable way.  Take some time to review this article.  It's worth the effort and offers real insight into how reducing Spam and Virus-laden e-mail can increase productivity!

Free Video Lessons on Windows 2008 SP2 Failover Cluster Nodes for Highly Available File Services and other Advanced IT Training Topics as well - http://www.exchangesummit.net


 

 

Lynn Lunik
Chief Security Architect
IT Pro Secure Corporation
blog@itprosecure.com

Blog Tags: Amazon Web Services, Forefront Client SecurityForefront Endpoint Protection 2010, Hyper-VVirtual PC 2007,  SCOM2k7, SQL2k8, Windows 7Windows 2008Exchange 2007, Exchange 2010Failover Clustering – ITPS, Failover Clustering – LL

   

      

 

10:45 - Jul 26, 2009



Trackbacks

No Trackbacks

Comments

No Comments