none
Exchange 2013 SP1 Edge Transport Connection Filtering RRS feed

  • Question

  • I have implemented an Edge Transport Server; but I think there is a lot of setup guidance missing from documentation.

    From what I can tell, many of the Anti-SPAM agents use RBL's to contribute to their processing, not just the connection filter.

    There does not seem to be any guidance on which RBL's to implement.  It seems logical to me that with this Server Role; and the dependency on these DNS databases (RBL's); compiled with each RBL's connection policies, and limits; that Microsoft would have a deployment guide on using a Microsoft housed DNS Server via DNS Server Conditional Forwarding; or something internal to the Edge Transport Role to ensure reliable access to RBL's for processing.

    In Forefront for Exchange 2010; many RBL's were included in the product; and had from my testing built-in access to the RBL's absent from a dependency on internal DNS Servers.

    If you need specifics, Google Public DNS does not resolve zen.spamhaus.org (the largest).  dnsbl.invaluement.com is not publically accessible, dnsbl.sorbs.net and b.barracudacentral.org are not resolvable from my ISP's DNS Server, my primary DNS forwarder.

    Seems logical to me that the Exchange 2013 SP1 Edge Transport Role's Anti-SPAM Agents should somehow use a Microsoft DNS Server to resolve all the DNSBL's that Microsoft uses in it's Cloud/EOP services.


    Technology Administrator Erie County (Career and) Technical School.

    Friday, March 6, 2015 4:27 PM

Answers

  • Hi Smith,

    Thank you for your question.

    Forefront will end of lifecycle at 31st Dec, 2015. We suggest you find an alternative product for Forefront Protection for Exchange as soon as possible.

    Microsoft will continue to offer cloud-based email gateway protection with FOPE/EOP.

    Forefront Online Protection for Exchange

    http://technet.microsoft.com/en-us/library/ff715002.aspx

    Forefront Online Protection for Exchange (FOPE) Transition Center

    http://technet.microsoft.com/en-us/library/jj723146(v=exchg.150).aspx

    If there are any questions regarding this issue, please be free to let me know. 

    Best Regard,

    Jim


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support


    Monday, March 9, 2015 8:39 AM
    Moderator

All replies

  • Hi Smith,

    Thank you for your question.

    Forefront will end of lifecycle at 31st Dec, 2015. We suggest you find an alternative product for Forefront Protection for Exchange as soon as possible.

    Microsoft will continue to offer cloud-based email gateway protection with FOPE/EOP.

    Forefront Online Protection for Exchange

    http://technet.microsoft.com/en-us/library/ff715002.aspx

    Forefront Online Protection for Exchange (FOPE) Transition Center

    http://technet.microsoft.com/en-us/library/jj723146(v=exchg.150).aspx

    If there are any questions regarding this issue, please be free to let me know. 

    Best Regard,

    Jim


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Jim Xu
    TechNet Community Support


    Monday, March 9, 2015 8:39 AM
    Moderator
  • Forefront will end of lifecycle at 31st Dec, 2015. We suggest you find an alternative product for Forefront Protection for Exchange as soon as possible.

    Jim,

    I think you missed the important context of the thread.  My issue is not with Forefront Protection.  It is with Exchange 2013 SP1 Edge Transport Role.  Connection Filtering does nothing out of the box; which is the only Anti-SPAM agent not able to be run on any other Exchange Role server.  After implementing the Edge Transport Role; it does a lousy job of Anti-SPAM.  There must be some guidance on how to strengthen an Exchange 2013 Edge Transport Role server.


    Technology Administrator Erie County (Career and) Technical School.

    Saturday, March 21, 2015 5:25 PM
  • Can’t you simply configure your network to access a decent public DNS server? I don’t understand why you are having so many problems with resolving spamhaus and other DNS List providers. As I see it the problem here is not with Exchange but with your network configuration.


    Developer for WinDeveloper IMF Tune extending Exchange 2003/2007/2010/2013 Content Filter - http://www.windeveloper.com/imftune/

    Thursday, March 26, 2015 11:32 AM