نمایش نتایج: از شماره 1 تا 5 از مجموع 5

موضوع: Installing and Configuring the Email Hygiene Solution on the TMG 2010 Firewall

  
  1. #1
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272

    Installing and Configuring the Email Hygiene Solution on the TMG 2010 Firewall

    کد:
    http://www.isaserver.org/tutorials/Installing-Configuring-Email-Hygiene-Solution-TMG-2010-Firewall-Part1.html
    Part 1: Installation


    Introduction

    You might or might not know it, but the TMG firewall was designed to be a comprehensive edge email hygiene solution for your network. You can install the Exchange Edge server on the TMG firewall to get the email control features included with the Exchange Edge solution, and you can also install Microsoft Forefront Protection for Exchange on the TMG firewall. The combination of Exchange Edge and Forefront Protection for Exchange is a mighty one-two punch against spam, malware, and information leakage for your organization.
    Way back in the early beta days of the TMG firewall, when it was little more than a glint in ISA Server’s eye, the Exchange and Forefront Protection features were built right into the installer. Things change over time – especially with beta software - and we find now that it is not quite as easy to get the email hygiene solution installed as it was when the product was in early beta. Not that it is really difficult, it’s just not as easy.
    Some folks believe in being prepared, but others prefer to start installing software without thoroughly reading the documentation first. Sure, you could read the docs first and get things to work right away, but I guess it takes some of the adventure out of the installation experience. Many IT pros also believe that when you purchase a product, there should be a complete and intuitive installer included. After all, a professional and user friendly installer is one of the benefits that set Microsoft solutions apart from those that you get from some other vendors.
    So, in defense of those who favor the RTFMLIAA (“read the freaking manual later, if at all) approach, let us get started and see if we can pick up where let off in the last article. In that article, we completed the installation of TMG Enterprise Edition on a Windows Server 2008 R2 server that had two NICs. Now our next objective is get the email protection features working.
    My first thought was to run the TMG installer program again and see if that would work. As you can see in Figure 1 below, at the bottom under “Additional Options,” there is an option to Install Microsoft Forefront Protection 2010 for Exchange Server. That sounds like a good place to start, so let’s click that option (oh, and you can obviously ignore, for the purposes of our excellent adventure, those admonitions to read the deployment guide and release notes first).

    Figure 1
    The License Agreement page pops up next. You know what you have to do here if you do not want the process to grind to a permanent halt, so put a checkmark in the I agree to the terms of the license agreement and privacy statement checkbox and click Next.

    Figure 2
    Uh oh... Looks as if it may grind to a halt (at least temporarily anyway). On the System updates required page, we get the following message, as shown in Figure 3:
    “No protectable server applications were detected. Client-only installation is not currently supported”
    What does that mean? “No protectable server applications”? Hmmm. Maybe that means Exchange Server? I know that’s a “server application” and it’s related to what I want to do. I thought about going to that link provided in the information text, but since I have not really set up the firewall yet to allow Internet access, I would have to go to another machine to check that URL. I am going to go with my guess that Exchange Edge needs to be installed.

    Figure 3
    After I click Next, a dialog box tells me to Update your system so that it meets the installation prerequisites (Figure 4). OK, guys and/or girls who write these dialog boxes: how about just telling us that we need to install Exchange Edge Services, instead of dropping these cryptic hints?

    Figure 4
    I rummaged around for my Exchange 2010 installer DVD and finally found it in a huge pile of DVDs that I am going to get around to filing in alphabetical order – some day. Having never installed Exchange 2010 before, I wondered how much of a challenge this was going to be. The installer dialog box appeared and showed a number of options. It appears that the first option we need to address is the Step 3: Choose Exchange language option, shown in Figure 5. Clicking it expanded the option and asked if I wanted to install the languages on the disk, or install additional languages. Since I did not feel like hunting down more languages, I told it to install the languages that were already on the DVD.

    Figure 5
    Having made that selection, nothing happened. I am not sure whether I was supposed to see something happen or not, but it was uneventful, looks like the next step is to click Step 4: Install Microsoft Exchange, as shown in Figure 6, so I did that.

    Figure 6
    Okay! Something happened this time: the Exchange Server 2010 Setup Introduction page appeared, as shown in Figure 7. After reading the short bit of PR, and noting the steps ahead of me listed in the left pane (and heartened by the fact that none of them looked too complex), I clicked Next.

    Figure 7
    On the License Agreement page, shown in Figure 8, I selected the I accept the terms in the license agreement option and clicked Next.

    Figure 8
    On the Error Reporting page, shown in Figure 9, we’re asked if we want to make the product better by reporting application errors to Microsoft. That sounds like a good idea, since a better product will make my life easier. Let’s go ahead and select the Yes (Recommended) option and click Next.

    Figure 9
    On the Installation Type page, shown in Figure 10, we are presented with two options:

    • Typical Exchange Server Installation – this option installs multiple Exchange Server roles on the same machine. These roles include Hub Transport, Client access, Mailbox and the Exchange Management Tools. This is the most popular option, but it is not the best one for our purposes this time.
    • Custom Exchange Server Installation – this option allows you to select which Exchange Server roles you want installed on the machine. Since we only want the Exchange Edge server role installed on the TMG firewall, we’ll select this option.

    Select the Custom Exchange Server Installation option and click Next.

    Figure 10
    On the Server Role Selection page, shown in Figure 11, put a checkmark in the Edge Transport Role checkbox. So far, this has been remarkably easy. Let’s hope it continues this way. Click Next.

    Figure 11
    On the Customer Experience Improvement Program page, shown in Figure 12, we are asked if we want to participate in the Customer Experience Improvement Program. Who would not want an improved customer experience? That is a no-brainer. I go ahead and select the Join the Exchange Customer Experience Improvement Program (CEIP) option. Note that if for some reason in the future you do not want to belong to this program any more, you can always leave the CEIP program.

    Figure 12
    On the Readiness Checks page, shown in Figure 13, there’s not much for you to do, except watch as the installer checks the machine to make sure it is ready for installation of the Exchange Edge role. No decisions to make here.

    Figure 13
    After your system passes the checks, the Install button will cease to be grayed out, as shown in Figure 14, and you can click it to start the installation.

    Figure 14
    Next comes the “Progress” report, shown in Figure 15, which shows the list of steps that will be performed as Exchange is installed. Looks like there’s a lot to do for the installation, but although this appears to be a long list, it only took a few minutes for my installation to complete.

    Figure 15
    You might be wondering exactly how long it took to install. Just 4 minutes and 34 seconds. Of course, your mileage may vary, depending on your system hardware and the components you chose to install. In this case, installation was successful and now there is a checkmark in the Finalize this installation using the Exchange Management Console checkbox, shown in Figure 16. I was not sure what to do about this; from what I understood, the entire configuration and management of the Exchange Edge server role is supposed to be done from the TMG firewall console. However, having already committed to being the adventuresome sort for the duration of this installation, I decided to leave the checkmark in the checkbox and see what the console looks like.

    Figure 16
    There it is, in Figure 17: the Exchange 2010 Management Console. It looks interesting (and probably is even more interesting to Exchange administrators). However, I am a TMG firewall admin and I do not want to muck around too much here if I do not have to. Therefore, I am going to close the Exchange Management Console and go back to the TMG installer.

    Figure 17
    After closing the console, I noticed that the Exchange installer was still running so I took a look at the options again and noticed that Step 5: Get critical updates for Microsoft Exchange was still available (as you can see in Figure 18). It seems like a very good idea to get critical updates, so let us click that option.

    Figure 18
    Oops. The ugly red error message shown in Figure 19 popped up, telling me that Windows could not search for new updates. There could be a number of reasons for this failure. The most likely reason in this case is that the firewall has not been set up for outbound access yet, and that includes support for outbound access from the firewall itself. No big deal; we will take care of that later. Right now we just want to get the email hygiene components installed, so we will continue without installing those updates (but do not forget to do it later).

    Figure 19
    Now we are back to the TMG installer. Click the Install Microsoft Forefront Protection 2010 for Exchange Server link that’s shown in Figure 20.

    Figure 20
    On the License Agreement page,shown in Figure 21, put a checkmark in the I agree to the terms of the license agreement and privacy statement checkbox and click Next. At this point, you might be feeling an odd sense of déjà vu. Have we not been here before?

    Figure 21
    Next comes the Service Restart page, shown in Figure 22. Notice that the installer will need to stop and restart the Microsoft Exchange Transport service. No problem with that, since we are not using it yet. Click Next.

    Figure 22
    On the Installation Folders page, shown in Figure 23, you can select the location for both the Program folder and Data folder. The Data folder holds things like quarantined files and archived files. Best practices likely states that you put the data files on a separate partition or physical disk, but I am not aware of any hard and fast guidance on this issue at this time. For now, I am going to go with the defaults and click Next.

    Figure 23
    The antispam engine for Forefront Protection for Exchange downloads definitions updates independently from other engines and definition updates that are used by the TMG firewall. These updates take the place of an HTTPS transport, so if you have a proxy server in front of the TMG firewall, you might want to enter the proxy information in the dialog box shown in Figure 24. In this example, we don’t have a proxy server in front of the firewall, so we will click Next.

    Figure 24
    On the Antispam Configuration page shown in Figure 25, you can choose to turn on the antispam feature now or wait and turn it on later. This is a little misleading, since if we tell the installer to turn it on now, it’s not automatically enabled in the TMG firewall console, as we will see later in this article. However, I suspect that if we do not turn it on now via this dialog box, we will have to turn it on later from another location – which means that we will have to find that option! Let’s be safe rather than sorry and turn it on now. Click Next.
    Note:
    Just FYI, the FPE antispam feature works in concert with the Exchange Edge antispam features – and specifically takes advantage of Cloudmarkantispam technology.

    Figure 25
    Just in case we did not make the right decision the first time, we now get another chance to participate in a Customer Experience Improvement Program. Put a checkmark in the Join the Customer Experience Improvement Program checkbox shown in Figure 26 and click Next.

    Figure 26
    Confirm your selections on the Confirm Settings page. You might want to scroll through this information because some of it is interesting – and some of it is a little confusing. For example, if you check Figure 27 below, you’ll see some detailed instructions on getting engine updates working immediately. This is a bit confusing because it’s not clear whether these instructions are for FPE-only customers, or for TMG+FPE customers. At this point, I think we’re safe to wait for the installation to complete and then go into the TMG firewall console and see if there are any hints there as to what we should do next.
    Click Next.

    Figure 27
    The dialog box shown in Figure 28 appears while FPE installs on the TMG firewall.

    Figure 28
    On the Installation results page shown in Figure 29, we can see that the installation was successful. There is an option here to Launch the Forefront Online Protection for Exchange Gateway installation program. This is an interesting option because it relates to the FOPE product. In case you haven’t heard of FOPE, it’s a cloud based anti-malware, anti-spam and email policy compliance solution. Tom’s worked with it quite a bit and has told me great things about it. What is not clear here is why we would want to use FOPE together with the TMG based email hygiene solution, since it seems they would essentially duplicate each other’s efforts. While FOPE is very good, we have already invested in the TMG firewall and so we’re not really interested in paying more for duplication of services – but I’ll be looking into this more closely and will report back to you when I find out what scenarios would benefit from such a combination.
    Meanwhile, Click Finish.

    Figure 29
    Now let’s see the results of our efforts. Open the TMG Firewall console and click on the E-Mail Policy node in the left pane of the console, as shown in Figure 30. In the middle pane, click on the E-Mail Policy tab. Here you can see a note suggesting toenable protection from e-mail based threats; click Configure E-mail Policy. What this tells me is that despite clicking “Finish,” we are really not quite finished yet. Installation is complete, but we still have some configuration tasks ahead of us. Let’s forge ahead.

    Figure 30
    Click the Spam Filtering tab in the middle pane to invoke the dialog box shown in Figure 31. Here we see a number of spam filtering options, many of which look like they are directly related to what Exchange Edge brings to the table. Very nice! However, it also appears that the spam filtering settings are Disabled at this time. Do not worry; we will enable them – in the next article.

    Figure 31
    Meanwhile, on the Virus and Content Filtering tab in the middle pane of the console, shown in Figure 32, you’ll see a number of options that are related to the FPE component of the email hygiene solution. Note that at this time that both Content Filtering and Virus Filtering are Disabled. We’ll have to fix that next time, too.

    Figure 32
    Summary

    In this article, Part 1 of our two part series on installing and configuring the TMG firewall’s email hygiene solution, we installed Exchange Edge Server on the TMG firewall. After installing the Edge Server role on the firewall, we used the TMG installer to get FPE installed. The installation was successful and did not take very long to complete. However, we still have some configuration tasks in front of us before we can actually use the solution. In part 2, we will configure the settings in the TMG management console and then test inbound and outbound mail access to make sure it really works. See you then! –Deb.






    موضوعات مشابه:

  2. #2
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272
    کد:
    http://www.isaserver.org/tutorials/Installing-Configuring-Email-Hygiene-Solution-TMG-2010-Firewall-Part2.html
    Part 2: E-Mail Policy


    Introduction

    In the first part of this series on the TMG firewall’s email hygiene solution, we went over the installation process required to make the TMG firewall an email gateway. Now that the email gateway components are installed, we can take a look at how to configure the email protection policy. We’ll start with enabling E-Mail Policy. This turns on the basic E-Mail protection features included with the TMG Email Gateway solution. After turning on email protection, you’ll have a working anti-spam and anti-malware solution right away. However, as you will see in subsequent articles in this series, you have quite a few options that you can customize so that email protection will meet the specific requirements for your organization.
    As a reminder, TMG uses a two-pronged approach to email protection:

    • Forefront Protection for Exchange 2010 – FPE is a anti-spam and anti-malware application, and also performs content filtering
    • Exchange Edge Server – Exchange Edge Server can perform anti-spam and connection filtering duties

    The combination of Exchange Edge Server and Forefront Protection for Exchange is what makes the TMG firewall such a power weapon in your arsenal against spam and email borne malware.
    Let’s get started! There is a lot of material to cover.
    Enabling Email Protection


    Open the TMG firewall console and expand the computer name in the left pane of the console. There you will see a brand new node that wasn’t included in previous versions of the firewall – the E-Mail Policy node. Click on the E-Mail Policy node shown in Figure 1.

    Figure 1
    After clicking on the E-Mail Policy node, you’ll see three tabs in the middle pane:

    • E-Mail Policy. Here you’ll configure settings to get email protection enabled.
    • Spam Filtering. Here you’ll configure the anti-spam settings after email protection is enabled.
    • Virus and Content Filtering. Here you’ll configure the anti-malware and content filtering settings for email protection.

    Let’s get email protection started by clicking the Configure E-Mail Policy link as seen in Figure 2 below.

    Figure 2
    This starts the Welcome to the E-Mail Policy Wizard page shown in Figure 3. Click Next.

    Figure 3
    The next page is the Internal Mail Server Configuration page shown in Figure 4. Here you need to tell the TMG firewall the name and IP address of your internal SMTP server; this is the SMTP server on your internal network that is configured to accept incoming email from the Internet. It is also the internal SMTP server that will send outbound email to the Internet.
    Click the Add button next to the Internal mail servers section. This brings up the Computer dialog box. Enter the name of the SMTP server and the IP address of the server. Alternatively, you can use the Browse button to find the server and the IP address and name will be entered for you. Note that you can have multiple mail servers on the Internal network for which you want to accept incoming mail.
    Click OK.

    Figure 4
    Now click the second Add button, which is next to the Accepted authoritative domains section. This brings up the Add Authoritative Domain dialog box shown in Figure 5. Enter the name of a domain for which you want to accept incoming email. If you have multiple email domains for which you want to accept email, then click the Add button again and add another domain.
    Note:
    Any email that’s sent to your organization through the TMG firewall that does not have a destination email domain in the list will be rejected. This prevents your organization from acting as an open SMTP relay that can be exploited by spammers.

    Figure 5
    Click Next on the Internal Mail Server Configuration page, as shown in Figure 6.

    Figure 6
    On the Internal E-Mail Listener Configuration page, shown in Figure 7, select the Network from which you want to accept outbound mail. If you have multiple IP addresses on that NIC, you can click the Select Addresses button and select a specific IP address that you want to accept the outbound mail from your internal SMTP server.
    Click Next.

    Figure 7
    On the External E-Mail Listener Configuration page, shown in Figure 8, put a checkmark in the checkbox for the Network on which you want to accept incoming email. In most cases, this is going to be the External Network. If you have multiple IP addresses on that interface, you can click the Select Addresses button and select a specific IP address at which you want to accept the incoming mail. In the FQDN or IP address text box on this page, enter the Fully Qualified Domain Name that you want the TMG firewall to use as a response to SMTP session initiation messages, such as HELO or EHLO. Make sure the reverse DNS record for this name resolves to the correct IP address, which is the address on which the incoming mail is being received.
    Click Next.

    Figure 8
    Email Policy Options


    On the E-Mail Policy Configuration page, shown in Figure 9, you can enable the following options:

    • Spam filtering: This turns on Forefront Protection for Exchange antispam technology and uses multiple methods of anti-spam filtering to protect your organization from spam. It also takes advantage of anti-spam technology built into Exchange Edge Server.
    • Virus and content filtering: This turns on Forefront Protection for Exchange anti-virus protection, and uses multiple anti-virus engines to protect you from email borne malware; in addition, it can perform content filtering so that key words and phrases can be detected to block inappropriate content.
    • Connectivityfor EdgeSync traffic: You can subscribe to the Exchange Edge component on the TMG firewall with your Exchange organization. This allows you to do recipient filtering, so that mail addressed to users that are not in your organization will be rejected at the email gateway.

    For the strongest protection, put checkmarks in each of these boxes and click Next.

    Figure 9
    If you select the Enable connectivity for EdgeSync traffic, you have more work to do. There are two steps that you’ll need to take and we’ll see how to do those in this article. The help file entries for the two steps – To create an Edge Subscription file and Using the Exchange Management Console to import the Edge Subscription file– are seen in Figures 10 and 11 below.

    Figure 10

    Figure 11
    Click Finish on the last page of the Completing the E-Mail Policy Wizard page, shown in Figure 12.

    Figure 12
    A Microsoft Forefront Threat Management Gateway dialog box like the one shown in Figure 13 will appear next, asking if you want to enable System Policy Rules required for receiving and forwarding SMTP traffic. Yes, we want to do that, so click Yes.

    Figure 13
    Configuring Email Policy


    At this point, we are ready to examine and configure email policy. Now you can click the Apply button to save your configuration, or you can wait until you are done. It is up to you. I like to click Apply more often than not, because I do not want to lose the configuration changes I have made in the event that the console hangs up. While I have not had any problems with the console hanging up with the TMG firewall, you never know when something bad might happen – and it is always better to be safe than sorry.
    You can now see, in the middle pane of the console on the E-Mail Policy tab, the following settings:

    • Email Policy: Enabled
    • Spam Filtering: Enabled
    • Virus and Content Filtering: Enabled
    • Edge Subscription: Enabled
    • Protection Manager Integration: Disabled
    • E-Mail Policy Integration Mode: Enabled

    Note that Forefront Protection Manager (formerly known as “Stirling”) can not be configured at this time because Forefront Protection Manger is in a state of flux. We will revisit this issue when FPM is more stable and the product group has a better idea of how it’s going to end up.
    For now, double click the External_Mail_Servers entry, as seen in Figure 14 below.

    Figure 14
    This opens the External_Mail_Servers Properties dialog box, shown in Figure 15, where you can make updates to the External Mail Server settings. On the Listener tab, you can see the Networks and FQDN settings you made in the wizard.

    Figure 15
    If you click the E-Mail Policy link in the top of the middle pane (“Enabled” in Figure 14), you will see the E-Mail Policy dialog box that is shown in Figure 16. Here you can enable or disable Email Policy and protection. You will see similar options for the other links in the top section of the middle pane when you are in the E-Mail Policy tab.

    Figure 16
    At this point, you have a working configuration and now you can configure your MX records to send mail to the TMG firewall’s external interface. The default settings will work fine and will provide a high level of protection. However, as I mentioned earlier, you can customize the configuration to a major extent, and we will look at those customization options in subsequent articles in this series.
    Troubleshooting


    If you find that incoming mail is not reaching the TMG firewall after you make the changes to your MX records, consider some of the following issues in your troubleshooting approach:

    • Check the TTL on your current MX record, and also the A record that the MX record is pointing to – this will let you know how fast your changes will “propagate” over the Internet.
    • If there is a firewall or NAT device in front of the TMG firewall, make sure that it is forwarding incoming TCP port 25 messages to the IP address that you configured when you ran the wizard for the incoming email IP address
    • If you have problems with outgoing mail, make sure that you’ve configure your SMTP server to use the TMG firewall as a “smart host” or configured the Exchange 2007/2010 connectors to use the TMG firewall for outbound connections.
    • Check the Services console on the TMG firewall to make sure that all the TMG firewall services, as well as the Exchange and Forefront Protection for Exchange services have started.

    Summary


    In this, Part 2 of our series on TMG firewall’s email hygiene solution, we went over the procedures required to get the Email Protection components up and running. We configured the incoming SMTP listener, which is used to accept incoming mail, and we configure the outgoing SMTP listener, which is used to send outbound mail. We also enabled the Forefront Protection for Exchange and the Exchange Edge components so that anti-spam and anti-virus protection is enabled.
    In the next article in this series, we will go into deeper detail about the spam filtering configuration on the TMG firewall. There are a number of configuration options that we will discuss in that article, including anti-spam features such as IP allow lists, IP allow list providers, IP block lists, IP block list providers, content filtering, recipient filtering, sending filtering, sender ID configuration and sender reputation configuration. I want to make it a fun and informative one, so do not miss it! See you next week. –Deb





  3. #3
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272
    کد:
    http://www.isaserver.org/tutorials/Installing-Configuring-Email-Hygiene-Solution-TMG-2010-Firewall-Part3.html
    Part 3: Configuring Antispam Policy


    Introduction

    In part 2 of our series on the TMG firewall’s email hygiene solution, we saw how to turn the feature on. When the feature is turned on, it starts working right away (assuming that you have configured the supporting infrastructure to support the TMG email gateway). In this, part 3 of the series, we will take a look at what’s available when configuring the anti-spam features.
    Configure Spam Filtering


    Click the Spam Filtering tab in the middle pane of the console. Here you can see the Configure Spam Filters collection of options. Here you will find the following:

    • IP Allow List: This enables you to configure a collection of IP addresses that messages are always accepted from
    • IP Allow List Providers: This enables you to configure the address of one or more IP Allow List providers
    • IP Block List: This enables you to configure a list of addresses from which you never want to receive mail
    • Content Filtering: Enables you to block email based on the content of the messages
    • Recipient Filtering: This allows you to control delivery of mail based on the recipient
    • Sender Filtering: This allows you to control deliver of mail based on sender
    • Sender ID: Control whether you allow or deny mail based on the presence of a Sender ID record
    • Sender Reputation: Enables you to allow or deny mail based on a sender reputation value.

    Let us get started by clicking on the IP Allow List option.

    Figure 1
    IP Allow List


    In the IP Allow List dialog box, click on the Allowed Addresses tab. Here you can add an address, or range of addresses, from which you will always accept messages.

    Figure 2
    IP Allow List Providers

    Click the IP Allow List Providers option in the middle pane of the console. In the IP Allow List Providers dialog box, click the Providers tab. Here you can configure a list of IP Allow List Providers. Click the Add button to add an entry. If you want to enter a single address, you can enter the same address for the Start and End fields.

    Figure 3
    In the IP List Provider dialog box, you can enter the following information:

    • Provider name. Enter the name of the IP Allow List provider in this text box. This is just for identification, it’s not a value that’s used by the system
    • Lookup domain. This is the name of the domain of your IP Allow List provider
    • Match any return code. This option enables the system to treat any IP address status code as a match


    Figure 4
    IP Block List


    Click the IP Block List option in the middle pane of the TMG firewall console. This brings up the IP Block List dialog box. Click the Blocked Addresses tab. Here you can click the Add button to add one or more addresses from which you never want to receive mail. Messages from those addresses will then be blocked.
    Note that in the Blocked IP Address – IP Range dialog box you have the option to:

    • Never let this address expire or
    • Block until date and time

    This is useful if you should want to temporarily block mail from a range, perhaps due to a spam flood, but you want to allow delivery again once the problem has been fixed.

    Figure 5
    Click on the Providers tab. The Providers tab has options similar to what we saw on the IP Allow List dialog box and you make entries here in the same way.

    Figure 6
    The IP List Provider dialog box again is very similar to that for the IP Allow List option, showing provider name, DNS suffix and status columns. To add a provider, click the Add button.

    Figure 7
    If you click on the Error Messages button, you’ll see the IP Block List Provider Error Message dialog box. This feature is undocumented at this time, but apparently it allows you to create error messages that will be returned to the providers whose messages are blocked.

    Figure 8
    You can use a default error message or you can create a custom message. If you choose to do the latter, you type the content of the message into the text box and then click OK.
    Content Filtering


    Click the Content Filtering option in the middle pane of the console. This brings up the Content Filtering dialog box. Click the Custom Words tab. On the Custom Words tab, click the Add button. In the Add Word or Phrase dialog box you can enter a key word or phrase that, when it appears in a message, will cause the message to be allowed or blocked. Note that there are two Add buttons in this dialog box: one to always allow when the word appears and one to always block when the word or phrase appears.

    Figure 9
    What if you want to always get mail from certain senders even if their messages do contain the key words or phrases? No problem – you just need to create an exception.
    Click on the Exceptions tab. When you click the Add button, you can enter in the Add E-mail address dialog box an email address for a sender for which you do not want to filter email messages.

    Figure 10
    Click the SCL Thresholds tab. This stands for “Spam Confidence Level.” The Content Filter agent uses Microsoft SmartScreen technology to examine each message and assign it an SCL rating. The rating is a number from 0 to 9. The higher the number, the more likely it is that the message is spam. The Content Filter processes messages after Exchange 2010’s other anti-spam agents have already been applied, which reduces the number of messages that need to be examined by the Content Filter. For information about the order in which the anti-spam agents are applied, follow this link.
    You can adjust the SCL threshold actions to suit your organization’s needs. The thresholds are the SCL values at which an action (delete, reject or quarantine) takes place.
    Here you have three important options:

    • Delete messages that have an SCL rating great than or equal to
    • Reject messages that have an SCL rating greater than or equal to
    • Quarantine messages that have an SCL rating great than or equal to

    When you enable these options, the default value is 9. This means most messages that arrive at the Content Filtering stage will go through to the users’ mailboxes. If, for example, you set the Delete value to 7, all messages with an SCL rating of 7 or above would be deleted.
    When messages are deleted, the sending system is not notified. When messages are rejected, the Content Filter sends a rejection notice to the sending system.
    You also have the option to send rejected messages to a Quarantine mailbox address. You’ll need to check the quarantine mailbox periodically and decide what to do with the messages there.

    Figure 11
    If a message’s SCL is below the values set for Delete, Reject and Quarantine, the message still has to make it over the hurdle of the Junk mail filter, which puts messages in the user’s Junk Mail folder where the individual users can review them and decide whether to mark them as “not junk.” If the SCL value is lower than the Junk mail threshold, that message makes it to the user’s Inbox.
    You don’t set the Junk Mail threshold here; you can do that with the Set-Mailbox cmdlet in the Exchange Management Shell. For more about the Set-Mailbox cmdlet, follow this link.


    Recipient Filtering


    You can also filter mail by recipient. Click the Recipient Filtering option in the middle pane of the TMG firewall console. This opens the Recipient Filtering dialog box. Click on the Blocked Recipients tab. Here you have the option to Block messages sent to recipients not listed in the Global Address List. This allows you to prevent delivery to addresses such as administrator@yourdomain.com .
    You also can enable the block the following recipients option. This allows you to prevent outside mail from being delivered to addresses that should only be used internally within your organization. After enabling that option you can then click the Add button to add the email address of the recipient you want to block.

    Figure 12
    Sender Filtering


    You can block mail based on the sender. The Sender Filter agent uses the MAIL FROM: SMTP header to determine which messages to block. You can block single senders, entire domains or domains with all subdomains. It’s important to note that the MAIL FROM: SMTP header could be spoofed, thereby circumventing sender filtering. You can use Sender ID (discussed in the next section) to prevent spoofed mail from getting through.
    Click the Sender Filtering option in the middle pane of the TMG firewall console. In the Sender Filtering dialog box, click the Blocked Senders tab. Here you can click the Add button to open the Blocked sender dialog box. Here you can choose to enter the address of a individual sender, or you can block an entire email domain, with the option to block subdomains too.

    Figure 13
    Click the Action tab and you will see that you have two options when there is a sender match:

    • Reject the message
    • Stamp the message with blocked sender and continue processing

    The second option enables other components of the email solution to make decisions based on this header information. The fact that this message is marked as being from a blocked sender will be used in calculating the SCL rating.

    Figure14
    Sender ID


    The Sender ID agent uses the RECEIVED SMTP header to send a query to the DNS of the sending system to verify that the IP address the message came from is authorized to send mail from the domain listed in the headers. The only problem is that the domain admins must publish sender policy framework (SPF) records on their DNS servers. To find out more about using Sender ID, follow this link.


    To configure Sender ID, click the Sender ID optionin the middle pane of the TMG firewall console. Click the Action tab. Here you have three actions you can choose from if the Sender ID check fails for the message:

    • Reject message
    • Stamp the message with Sender ID and continue processing
    • Delete message

    When the message is rejected, it sends an SMTP error to the sending server. When you select the delete option, the message is deleted without informing the sending server. When the message is stamped as having failed the Sender ID check, that information is used by the Outlook Junk Mail filter in calculating the SCL rating.

    Figure 15
    Sender Reputation


    Sender Reputation uses information that has published about the sender to calculate a Sender Reputation Level (SRL). To configure Sender Reputation, click on the Sender Reputation option in the middle pane of the TMG firewall console.
    The Sender Reputation Level works much like the Spam Confidence Level, in that a value from 0 to 9 is calculated for each sender and you can configure a threshold at which the sender is blocked from sending messages into the organization. The sender is added to the Blocked Senders list, and you can configure a time period for which the sender stays on the list.
    In the Sender Reputation dialog box, click on the Sender Confidence tab. Here you have the option to Perform an open proxy test when determining sender confidence level.
    This is an interesting option. It connects to the sender’s IP address with an outbound SMTP message. If the TMG firewall finds out that the SMTP server will allow it to send the message to itself, the determination is that the sending SMTP server is an open SMTP relay. Open SMTP relays can be used by spammers to send spam to any email domain in the world, and should immediately raise a red flag about what’s happened to the messages as they traverse such a server.
    You typically see open SMTP relays when someone misconfigures a server, or when someone has been infected with malware that acts as an SMTP relay. In either case, you’ll not want to be receiving mail from an open SMTP relay so you should leave this option enabled.

    Figure 16
    In configuring the thresholds, the best thing to do is use the default values first, and then increase the block threshold over time until you reach a point where you are receiving false positives, then you can dial down the value.
    Note that you also have a customizable Threshold Action. This value allows you to configure how long to block the sending SMTP server before allowing mail to be received from it again. This allows a bit more flexibility, as often the problems are temporary, and you don’t want to permanently block the sender.

    Figure 17
    Summary


    In this, part 3 of our article series on the TMG firewall’s email hygiene solution, we went over some of the configuration options available for fine tuning the spam blocking feature. There are a number of options, and not all of them need configuration. The most interesting and useful ones are related to Sender Reputation, Recipient Filtering and Content Filtering. The vast majority of spam is sent over well-known spam servers, so blocking mail based on sender reputation is a powerful method for reducing over 95% of the spam messages you receive. Recipient filtering is also an effective method, because spammers send a large amount of spam to email addresses that do not exist in your organization. Finally, the content filtering feature allows for sophisticated analysis of messages to come up with a SCL value which can be used to determine if a message is spam, and this is especially useful when the sending server is a hijacked desktop computer that’s part of a botnet. In the next part in this series, we will take a look at the virus and content filtering options. See you then! – Deb





  4. #4
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272
    کد:
    http://www.isaserver.org/tutorials/Installing-Configuring-Email-Hygiene-Solution-TMG-2010-Firewall-Part4.html

    Part 4: Configuring Virus and Content Filtering


    Introduction

    In Part 3 in this series on the TMG email hygiene solution, we went over the details of the anti-spam feature configuration. In this part 4, we will take a look at the Virus and Content Filtering features.
    Virus and Content Filtering


    In the TMG firewall console, click on the Email Policy node in the left pane. In the middle pane of the console, click the Virus and Content Filtering tab. This exposes the three content filtering options available for TMG email protection. These are:

    • File Filtering: File filtering allows you to control which file attachments are allowed into and out of your network’s email system
    • Virus Filtering: Virus filtering enables you to block malware from coming into and leaving your email system
    • Message Body Filtering: Message Body Filtering enables you to control inbound and outbound email messages based on the content of the messages themselves

    In the figure below, you can also see two links indicating that Content Filtering and Virus Filtering are enabled.

    Figure 1
    File Filtering


    Let us start with the File Filtering option. Click the File Filtering link in the middle pane. In the File Filtering dialog box, you will first encounter the File Filters tab. Here you can configure file filters to prevent attached files from reaching or leaving your organization. Click the Add button, as shown in Figure 2 below.

    Figure 2
    This brings up the File Filter dialog box. On the General tab, you can choose from the following options:

    • Enable this filter: This option turns the filter on or off
    • Filter name: This provides a space for you to enter an easy to remember name for the filter that you’re creating here
    • Action for messages matching this filter: This enables you to choose from the following actions: Skip, Identify, Delete and Purge. The Skip option checks the message and logs an entry if it matches the filtering criteria, but then forwards the message on to its next destination. The Identify option tags the subject line with a customizable word, which can be used for inbox messaging filtering. The Delete option deletes the message and Purge removes the message from the system.
    • Scan inbound messages: When you enable this option, TMG will inspect the inbound messages that are sent to your email organization.
    • Scan outbound messages: When you enable this option, TMG will inspect the outbound messages that are sent from your email organization.

    The General tab options are shown in Figure 3 below.

    Figure 3
    Now click the File Types tab. Here you have the ability to control which file types you want to be inspected. When a type of file you choose to inspect is discovered, the action you configured on the General tab will be executed. Note that this is a feature of Forefront Protection for Exchange (FPE), so detection is for the actual file type, not just the file extension. This is good, because files can be renamed to show an extension indicating it is a different file type from what it really is. You can see the File Types tab in Figure 4 below.

    Figure 4
    Next, click the File Names tab. Here you can configure file names for which the system will search in email attachments. You can enter a complete file name, or you can take advantage of wildcard characters such as “?” and “*”. The question mark is used to replace a single character within a string, while the asterisk can be used to replace an unknown number of characters. The File Names tab is shown in Figure 5.

    Figure 5
    Antivirus Configuration


    Now let us take a look at the email anti-virus configuration on the TMG firewall. Click the Virus Filtering link in the middle pane of the console. There are many benefits to using multiple antivirus engines: it increases the likelihood that new threats will be caught even if not all of the engines have been updated with an emerging threat and it provides redundancy so that if one engine fails or is being updated, the others can still scan. You can enable up to five different engines. Note that more engines equal more thorough scanning, but the number of engines can also affect performance.
    The first tab we will look at here, then, is the Engines tab. Here you have the following options:

    • Use automatic engine management: When you select this option, FPE will decide which antivirus engines to use and how they are to be applied.
    • Manually enable up to 5 engines: Choose this option if you want to control which engines are used and control the engine selection or use policy. When you choose this option, you must select one or more AV engines from the list.
    • Always scan with all selected engines: When you choose the engines you want, you then need to define an Intelligent Engine Selection Policy. When you select the Always scan with all selected engines option, FPE will scan the message using all the engines you selected.
    • Scan with a subset of selected engines that are available: An available engine is one that isn’t in the process of being updated. When an engine is being updated, it’s marked as unavailable, so when you select this option, it doesn’t wait for all engines to be available before completing the message check. All engines that are available are used when you select this option.
    • Scan with a dynamically chosen subset of selected engines: This option uses heuristics based on recent results and statistical projects to choose which engines to use to scan the messages. Over time, an average of half of the selected engines will be used to scan messages.
    • Scan with only one of the selected engines: This option also uses heuristics based on recent results and statistical projections to choose a single engine to use to scan the messages.

    You can see all of these options in Figure 6.

    Figure 6
    Now let’s click the Remediation tab. Here you have the following options:

    • Skip (detect only): This option detects and reports on a virus when it is discovered, but it still forwards the message, complete with malware, to its next port of call. This is usually not the best option.
    • Clean (repair attachment): This option attempts to clean the attachment and then deliver the cleaned attachment to its next destination. If TMG is unable to clean the attachment, the attachment will be removed and an attachment with the deletion text will be included.
    • Delete: This option will delete the infected attachment and a file with the deletion text will replace the infected attachment.
    • Enable: This option enables the deletion text, which is a .txt file that contains the deletion text that you enter into the deletion text section
    • Deletion Text: This is the information that is included in the deletion text file. The %File% entry will be replaced with the name of the file that was deleted.

    You can see this dialog box in Figure 7.

    Figure 7
    Finally, let us click the Options tab. Here you will see the following options:

    • Scan doc files as containers: You can set this option to scan .doc files that use OLE embedded data as container files so that the embedded files are also scanned.
    • Container scanning timeout (seconds): The default timeout is 120 seconds for container scanning but you can change this value here.
    • Action to perform upon reaching scanner timeout: Here you choose what action to perform when the timeout limit is reached.
    • Action to perform for illegal MIME headers: Here you choose what action to perform if an illegal MIME header is found (for example, purge or delete).
    • Transport sender information: This setting determines how transport sender information is determined.
    • Purge message if body is deleted: By default, the message is purged if the message body is deleted.
    • Optimize for performance (do not rescan message): By default, messages are not re-scanned after the filtering action is performed. This speeds performance but you can change it here.

    The Options tab is currently undocumented – so we will have to wait for an update of the TMG documentation to determine more about the nature and function of these settings. I have notified Tom that he should log a document bug on this issue Meanwhile, see these options in Figure 8.

    Figure 8
    Message Body Filtering


    Click on the Message Body Filtering link in the middle pane of the console. On the Message Body Filtering dialog box, click on the Message Body Filters tab. Click the Add button. This brings up the Message Body Filter dialog box that’s shown in Figure 8. On the General tab, you have the following options:

    • Enable this filter: This enables the filter you’re creating.
    • Filter Name: Provides a space for a friendly name you can use to identify this filter.
    • Action for messages matching this filter: Enables you to choose from the actions Skip, Identify, Delete and Purge. Skip checks the message and logs if it matches the criteria, but then forwards the message to its next destination. Identify tags the subject line with a customizable word that can be used for inbox messaging filtering. Delete deletes the message and Purge removes the message from the system.
    • Scan inbound messages: When enabled, this option configures FPE to scan inbound messages coming into your email organization.
    • Scan outbound messages: When enabled, configures FPE to scan outbound messages leaving your organization.


    Figure 9
    Click the Keywords tab in the Message Body Filters dialog box, as shown in Figure 10. Here you can define keywords to check for within the body of the message. You can enter discrete words or you can take advantage of keyword list syntax rules, which act as queries against the contents of the message. The query syntax is somewhat complex; however, the TMG firewall team did a good job of detailing how to construct these queries, complete with examples. Check out their instructions here.

    Figure 10
    Summary


    In this, part 4 in our series on the TMG firewall’s email hygiene solution, we went over the Virus and Content Filtering options. Using TMG, you can block both inbound and outbound mail that contains malware; or messages that contain content within the subject or body of the message that you deem unacceptable. In the next and last part of this series, we will go over the procedure used to create the Edge Subscription with the back-end Exchange Server. This is a valuable feature because it allows you to perform recipient filtering so that messages addressed to users who are not in organization can be blocked




  5. #5
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272
    کد:
    http://www.isaserver.org/tutorials/Installing-Configuring-Email-Hygiene-Solution-TMG-2010-Firewall-Part5.html
    Part 5: Configuring Edge Subscription and Testing



    Introduction

    It has been a long road, but we are getting close to the end of our journey through the TMG firewall’s email hygiene feature. In the previous articles in this series, we went through the process of installing TMG, then installing the Exchange Edge component, then enabling the email hygiene feature that included Forefront Protection for Exchange. Everything went pretty smoothly and there weren’t too many bumps on the road.
    In this article, which I promise will be the last article in the series, we will look at how to configure the Edge Subscription feature. Edge Subscription is a very useful feature, because it allows you to block mail destined for users who are not in your Exchange organization. This is a very valuable tool, because if you look at your spam statistics, you will see that the overwhelming majority of spam is addressed to users who do not actually exist in your organization. Blocking these “address mining” emails can go a long way towards improving the overall performance of your Exchange Server.
    Finally, we will also test our configuration and try to see whether the entire configuration process we went through actually works. I have set up a basic Exchange Server 2010 behind the TMG firewall. What we will do is try to send some spam from an Internet host through the TMG firewall and then we’ll try to send some spam outbound through the TMG firewall.
    But first, let’s create our Exchange Edge Subscription file and configure the subscription on the Exchange mailbox server.
    Creating the Edge Subscription File and Configuring the Edge Subscription


    The first thing you should know is that you do not have to create an edge subscription. However, it makes your email hygiene solution much more effective. It improves the anti-spam features, enables recipient lookup so that mail sent to non-users is rejected, and enables safelist aggregation. Information about users in your Active Directory forest is sent to an Active Directory LDS database on the TMG firewall over a secure LDAP connection. In addition, the Safe Senders lists and recipient information is hashed so that it can’t be intercepted on the wire.
    Information that is transferred between the Active Directory to the TMG Active Directory LDS database includes:

    • Edge subscription information
    • Configuration information
    • Recipient information
    • Topology information

    The EdgeSync services use a secure LDAP connection over TCP port 50636 to sync the directory information between the Exchange Hub Server and the TMG firewall’s Exchange Edge server.
    With that bit of background in place, let’s create the Edge Subscription File. In the TMG firewall console, click the E-Mail Policy node in the left pane of the console. In the right pane of the console, click the Generate Edge SubscriptionFiles, as seen in the figure below.

    Figure 1
    This brings up the Browse For Folder dialog box. Let’s make a new folder called SubFiles, using the Make New Folder button. Click OK after creating the new folder on the C: drive.

    Figure 2
    It things work the way they should, you should see a dialog box that says 1 Edge Subscription file(s) were created in directory C:\SubFiles., as seen in the figure below.

    Figure 3
    If you open the file, you will see something like what appears in the figure below. You can see that the file is stored in clear text, so you need to make sure that after you import these settings into the Hub Transport Server, you delete the file immediately. Failure to do so might lead to some headaches if an intruder manages to access that file. You also need to be aware that the subscription file is only good for 24 hours. If you don’t use it before the timeout, you will need to generate another request.

    Figure 4
    Now copy the file to the Exchange Hub server. Since I only have a single Exchange Server in my test network, I’m going to copy it to that one. At the Exchange Server, open the Exchange Management Console and expand the Organization Configuration node in the left pane of the console. Click on the Hub Transport node as seen in the figure below.

    Figure 5
    In the right pane of the console, click the New Edge Subscription link, as seen in the figure below.

    Figure 6
    This brings up the New Edge Subscription page. Click the Browse button in the Active Directory site section on the page. This will display the Select Active Directory Site dialog box (not shown here). Select Default-Site-Site-Name and click OK.
    Click the Browse button in the Subscription file section and find the file you generated at the TMG firewall. In this example, I copied the file to a folder named Subfiles on the C: drive of the Exchange Server. Put a checkbox in the Automatically create a Send connector for this Edge Subscriptioncheckbox and click New.

    Figure 7
    After the wizard completes, you will see something like what appears in the figure below. Note that there is a warning:
    EdgeSync requires that the Hub Transport servers in Active Directory site msfirewall.org/Configuration/Sites/Default-First-Site-Name be able to resolve the IP address for TMG2010.msfirewall.org, and be able to connect to that host on port 50636
    We always make a big deal over name resolution here, and this is just another example of how important DNS is to any TMG firewall scenario.

    Figure 8
    Examining System Policy Supporting Email Communications


    When you configure the TMG firewall as an email security gateway, it automatically configures some settings in System Policy. In the figure below, you can see that there are three System Policy Rules created to allow SMTP communications:

    • Allow SMTP from Forefront TMG to trusted servers
    • Allow SMTP traffic to the local host for mail protection and filtering
    • Allow SMTP traffic to the Internet for mail protection and filtering


    Figure 9
    When you enable EdgeSync traffic, you can see that a System Policy Rule is created to allow the EdgeSync traffic. This is the Allow LDAP/LDAPS traffic to the local host for the Exchange Server EdgeSync Protocol. In the figure below, you see that the Protocol Definition allows TCP port 50636 outbound.

    Figure 10
    Now what happens if we send a clean email message through the TMG firewall? Here’s a log file entry of such a message:
    TCP2/28/2010 8:57:43 AM 10.0.0.1 10.0.0.3 25 SMTP Closed Connection Inspected [System] Allow SMTP from Forefront TMG to trusted servers 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN Local Host Internal - TMG2010RTMB - Firewall
    I’ve highlighted the fact that this connection was exposed by the Network Inspection System. The SMTP filter is no longer used in TMG when using the integrated email protection features. Instead, you benefit from NIS, Exchange Edge and Forefront Protection for Exchange (FPE). The end result is a much more secure email protection configuration than you could get with just the SMTP filter.
    The next test was to send some malware to the Exchange Server through the TMG firewall. For this test, I used the eicar test file that you can download from here. This is a harmless test file that all AV engines will detect as malware. I found that the log files weren’t very interesting regardless of the processing of the test file, as you can see in the figure below.

    Figure 11
    In fact, I could find no information regarding SMTP logs. I checked TechNet, and there is a comprehensive article on how the email protection feature works over here, but there is no mention of how to find logging information for detected malware. In addition, the FPE interface is not exposed when you install the email protection feature on TMG, so you can’t check the detected malware information there.
    However, if you check the email message, you will see that TMG did what it was supposed to do.

    Figure 12
    If you open the eicar_com.zip.txt file, you’ll see the following:

    Figure 13
    Admittedly, that is not very interesting, but remember that you can customize this message a bit by enabling the notifications feature, as seen in the figure below.

    Figure 14
    Summary


    In this last article in our series on the TMG firewall’s email protection feature, we configured the EdgeSync feature by creating a file on the TMG firewall and then we used that file to automatically configure the Exchange Hub server to receive and send mail from and to the TMG firewall. We then configured an email client to use the TMG server as its email server to test whether the AV feature worked correctly. We used the eicar test file as a simulated virus. The TMG firewall was able to block the virus from reaching the user’s mailbox and included a text file, which reported that the attachment had been removed. One thing that we found missing was any level of logging or reporting on the malware detection. I expected it to be part of the FPE feature, but the FPE integration in the RTM version of the TMG firewall removed access to the FPE console. I look forward to Microsoft fixing this issue with a future service pack




کلمات کلیدی در جستجوها:

an ingoing packet was dropped because its destination address does not exist on the system and no appropriate forwarding interface exists

A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer

an ingoing packet was dropped because its destination address does not exist on the system and no appropriate forwarding interface exists.

External Mail server properties tmg 2010

edgesync A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.

tmg restart firewall incoming mail

how to configure reports users in tmg 2010

edgesynce on tmg not sending spam to quarantine mailbox

tmg edgesync a non-syn packet was dropped

tmg source ip address is spoofed

update your system so that it meets

an ingoing packet was dropped because its destination address does not exist on the system and no appropriate forwarding interface exists

tmg an ingoing packet was dropped because its destinationtmg a non-syn packet was droppedan incoming packet was dropped because its destination address does not exist on the systemTMG Forefront Log Report Result Code: 0x80074e20 FWX_E_GRACEFUL_SHUTDOWNan ingoing packet was dropped because its destination address does not exist on the systemTMG 2010 publishing exchange 2010 a non-syn packet was dropped because it was sent by a sourcehow to install and configure the email hygiene solution on the tmg 2010 technettmg2010 protection manager integrationedgesync a non-syn packet was dropped because it was sent by a source that does not have an establishedhow to block outgoing email attachment in tmgStatus: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer. configuring a unihomed tmg server to act as an smtp smarthostan incoming packet was dropped because its destination address does not exist on the system and no appropriate forwarding interface exists. tmg

برچسب برای این موضوع

مجوز های ارسال و ویرایش

  • شما نمی توانید موضوع جدید ارسال کنید
  • شما نمی توانید به پست ها پاسخ دهید
  • شما نمی توانید فایل پیوست ضمیمه کنید
  • شما نمی توانید پست های خود را ویرایش کنید
  •