Wednesday, May 09, 2012 8:38 AM
Can someone please explain how FOPE is able to scan internal emails? As I understand it FOPE sits in between external to internal emails and vice versa so I can understand how it filters those emails however how would it filter internal emails unless every internal email is sent to FOPE and then sent back down to an internal exchange server.
FOPE filters inbound, outbound, and internal messages for spam, malware, and policy violations.
If FOPE isn't scanning internal emails can somebody please explain the risk involved if internal emails are not scanned and the probability of the risk.
Wednesday, May 09, 2012 9:11 AM
FOPE can't scan internal emails because the are never submitted to FOPE.
When user A send a message to user B inside your Exchange organisation this message is processed by your Exchange servers and not by FOPE. So FOPE can't inspect this email. In this point the article is wrong.
Christian Groebner MVP Forefront
Monday, July 09, 2012 12:12 AM
Internal emails are been delivered by the Logical Routing of Exchange and not by resolving the Mail Servers of the Recipient domains. Thus FOPE doesnt plays an active role during internal mail delivery of Exchange.
Just to make sure that your internal environment is secured and just to make it full proof we can introduce Forefront Protection for Exchange (FPE 2010) which can be installed on mailbox or on transport roles of Exchange.
If Exchange 2003 we can opt for Antigen and if Exchange 2007 we can install Forefront Security for Exchange.
Tuesday, September 04, 2012 7:56 PM
You need to install Microsoft Forefront Protection 2010 for Exchange Server (FPE)on your hub transport servers if you want internal emails scanned. That is what I did. http://technet.microsoft.com/en-us/library/cc482977.aspx
Don't really know why the other guys didn't suggest it...
- Proposed As Answer by Sole Sysadmin Tuesday, September 04, 2012 8:31 PM
Tuesday, September 04, 2012 8:32 PMRunning FOPE only gives you rights to install FOPE gateway. The OP will need a seperate license to enable ForeFront for Exchange