Configuration Guide for Exchange 2003, 2007 and 2010



Similar documents
Frequently Asked Questions

Basic Exchange Setup Guide

Deployment Guide. For the latest version of this document please go to:

Setup Guide for Exchange Server

Basic Exchange Setup Guide

Converting Prospects to Purchasers.

How to configure Exchange Smart Host

Exchange 2010 Journaling Guide

System Center Service Manager

Setting up Microsoft Office 365

Erado Archiving & Setup Instruction Microsoft Exchange 2010 Push Journaling

Envelope (SMTP) Journaling for Microsoft Exchange 2007 and 2010

escan SBS 2008 Installation Guide

Microsoft Exchange 2003

To install the SMTP service:

Services Deployment. Administrator Guide

Setting up Microsoft Office 365

Erado Archiving & Setup Instruction Microsoft Exchange 2007 Push Journaling

Journaling Guide for Archive for Exchange 2007

Envelope (SMTP) Journaling for Microsoft Exchange 2007 and 2010

Load Balancing Exchange 2007 SP1 Hub Transport Servers using Windows Network Load Balancing Technology

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

Installing Policy Patrol on a separate machine

CHARTER BUSINESS custom hosting faqs 2010 INTERNET. Q. How do I access my ? Q. How do I change or reset a password for an account?

Instructions for Configuring Microsoft Exchange 2007/2010 Journaling

All existing accounts will be listed. 2. Click Add and select Mail to add a new account (see Figure 2). Figure 1. Figure 2

Installing GFI MailEssentials

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000

MailGuard and Microsoft Exchange 2007

Installing GFI MailSecurity

Shared Components PSTN gateways PSTN gateways New IP/PSTN Gateway Define New IP/PSTN Gateway Define the PSTN Gateway FQDN FQDN Next

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Office 365 Exchange Online Protection Administration Guide

F-Secure Messaging Security Gateway. Deployment Guide

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # )

Kaseya Server Instal ation User Guide June 6, 2008

Exchange 2003 Standard Journaling Guide

Versions Addressed: Microsoft Exchange 2003 Document Updated: March 25, 2015 Co nfidential Copyright 2015 Smarsh, Inc. All rights reserved.

Installing Policy Patrol with Lotus Domino

Installing GFI MailEssentials

FaxCore Ev5 -To-Fax Setup Guide

Configuring Outlook 2013 For IMAP Connections

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

IIS, FTP Server and Windows

Installing GFI MailSecurity

Configuring Your Suffolk on Outlook Express 6.x

Core Protection Suite

SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Set Up Setup with Microsoft Outlook 2007 using POP3

BUSINESS CLASS POP3 END USER GUIDE TIME WARNER CABLE BUSINESS SERVICES VERSION 1.0, RELEASE 1.2

Application Note 02 Advanced SMTP setup

Lab - Configure a Windows Vista Firewall

Migration User Guides: The Console Application Setup Guide

Administrator s Guide

Administrator s Guide

How To Configure Using Different Clients

PureMessage for Microsoft Exchange Help. Product version: 4.0

How-To Change your Account Settings in Office Outlook 2010:

Releasing blocked in Data Security

From SPAMfighter SMTP Anti Spam Server to SPAMfighter Mail Gateway

Instructions for Configuring Microsoft Exchange 2007/2010 for smarshencrypt

Installing GFI MailEssentials

Guardian Digital Secure Mail Suite Quick Start Guide

Quick Scan Features Setup Guide. Scan to Setup. See also: System Administration Guide: Contains details about setup.

Lab - Configure a Windows 7 Firewall

RSA Security Analytics

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Configuring Network Load Balancing with Cerberus FTP Server

Deploying Layered Security. What is Layered Security?

NetIQ. How to guides: AppManager v7.04 Initial Setup for a trial. Haf Saba Attachmate NetIQ. Prepared by. Haf Saba. Senior Technical Consultant

Exchange Server 2007 Turbo Transition Guide

Configuring Outlook for Windows to use your Exchange

Parallels Panel. Parallels Small Business Panel 10.2: User's Guide. Revision 1.0

Open Thunderbird. To set up an account in Thunderbird, from the Tools menu select Account Settings; choose account; then click Next.

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

Windows Server 2008 R2 Initial Configuration Tasks

Comodo Antispam Gateway Software Version 1.6

How to configure Incoming Enabled Libraries in MOSS2007 RTM using Exchange 2007 in an Active Directory Domain.

RSA Event Source Configuration Guide. Microsoft Exchange Server

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Instructions for Microsoft Outlook 2003

Implementing MDaemon as an Security Gateway to Exchange Server

AVG Business SSO Connecting to Active Directory

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

Norman Protection

POP3 Connector for Exchange - Configuration

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

A D M I N I S T R A T O R V 1. 0

ing from The E2 Shop System address Server Name Server Port, Encryption Protocol, Encryption Type, SMTP User ID SMTP Password

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

RDS Online Backup Suite v5.1 Brick-Level Exchange Backup

Rentavault Online Backup. MS Exchange Mail Level Backup

INLINE INGUARD GUARDIAN

Quick Scan Features Setup Guide

Spambrella SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Archiving with MS Exchange Server

How to install Small Business Server 2003 in an existing Active

1. Navigate to Control Panel and click on User Accounts and Family Safety. 2. Click on User Accounts

8.7. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.7. Contents

Transcription:

Configuration Guide for Exchange 2003, 2007 and 2010 Table of Contents Exchange 2013... 2 Configuring Outbound Smart Host... 2 Configure Access Restriction to Prevent DoS Attacks... 2 Exchange 2007/2010... 4 Configuring Outbound Smart Host... 4 Configure Access Restriction to Prevent DoS Attacks... 4 Enable Recipient Filtering to Prevent Directory Harvesting... 5 Step 1 - Install the Anti-spam Agent on the Hub Transport Role... 5 Step 2 - Configure Recipient Validation... 6 Step 3 - Disable all other Anti-Spam Features... 6 Exchange 2003... 7 How to Configure Outbound Smart Host... 7 Configure Access Restriction to Prevent DoS Attacks... 8 Enable Recipient Filtering to Prevent Directory Harvesting... 8

Exchange 2013 Configuring Outbound Smart Host Open the 'Exchange Administration Center' (EAC) In the left hand column select 'Mail Flow' From the top menu bar choose 'Send Connectors' Click the Add button (+), this will open the 'New Send Connector' wizard Enter the name as AVG AntiSpam Outbound Change the 'Type' to 'Custom' and click 'Next' In the next step change the option to 'Route mail through smart hosts' Click the add (+) button underneath to add a new smarthost Enter outbound.avgcloud.net in the 'Fully qualified domain name (FQDN)' field Click 'Save' In the next window for 'Smart host authentication' choose NONE Click 'Next' In the 'Address Space' window the 'Type' should already be 'SMTP' and cost should be '1' Enter '*' in the 'Fully qualified domain name (FQDN)' field, this means all mail sent to this connecter (for all domains) will be routed through this smarthost Click 'Save' and then click 'Next' in the Send connector wizard For 'Source server' click add (+) and add the servers that can send via this connector Click 'OK' and then 'Finish' The basic setup is now complete and you should be able to send emails from your Exchange server / network Configure Access Restriction to Prevent DoS Attacks Enforcing IP restrictions is absolutely critical to complete protection of your mail server. Because hackers and spammers can easily bypass cloud services and target your server directly, mail servers protected by AVG AntiSpam should accept only accept SMTP connections from AVG AntiSpam IP's listed below and deny all other traffic: 100.42.120.96/27 (100.42.120.96/255.255.255.224) 100.42.115.0/27 (100.42.115.0/255.255.255.224) 208.70.208.0/22 1. From the EAC, click mail flow. 2. On the Mail Flow menu, click Receive Connectors, then select Default Hub Transport, and finally click the edit icon.

3. On the Default Hub Transport menu, click scoping, and then select the default IP addresses (0.0.0.0-255.255.255.255) under the *Remote network settings menu. 4. Click the delete icon to remove the default IP addresses and click the new icon to add the list of AVG AntiSpam s provided IP addresses into the field. 5. Enter one of the AVG AntiSpam provided IP addresses to allow for inbound SMTP into the field and click save. Click the new icon and repeat this step until all provided IP addresses have been added. 6. On the Default Frontend MAIL menu, click save and then exit the EAC. Enable Recipient Filtering to Prevent Directory Harvesting Recipient Filtering is the single most overlooked important setting. It allows you to fight dictionary and other SPAM attacks. Spammers send mail to users they hope exist in your domain, sometimes hoping to learn if they exist by reading NDRs generated by Exchange, and sometimes just sending to common names, or running through a dictionary of names. To enable recipient filtering in Exchange 2013, run the following command: Set-RecipientFilterConfig -Enabled $true When you disable recipient filtering, the underlying Recipient Filter agent is still enabled. To disable the Recipient Filter agent, run the command: Disable-TransportAgent "Recipient Filter Agent". To verify that you have successfully enabled or disabled recipient filtering, 1. Run the following command 2. Get-RecipientFilterConfig Format-List Enabled 3. Verify the value displayed is the value you configured.

Exchange 2007/2010 Configuring Outbound Smart Host 1. Login as the Administrative user to your Exchange 2007/2010 server and open Exchange Management Console. 2. Expand Organizational Configuration, click Hub Transport. 3. Select the Send Connector tab 4. Right click on the existing Send Connector, Select properties 5. Go to the Network tab 6. Select Route mail through the following smart hosts and click add 7. Select Fully qualified domain name (FQDN) and enter : outbound.avgcloud.net click Ok 8. Click Change to set the authentication type is set to None The changes you've made to the Send Connector will take effect straight away without you having to reboot the server or restart any services. Configure Access Restriction to Prevent DoS Attacks Enforcing IP restrictions is absolutely critical to complete protection of your mail server. Because hackers and spammers can easily bypass cloud services and target your server directly, mail servers protected by AVG Email AntiSpam should accept only accept SMTP connections from AVG AntiSpam IP s listed below and deny all other traffic: 100.42.120.96/27 (100.42.120.96/255.255.255.224) 100.42.115.0/27 (100.42.115.0/255.255.255.224) 208.70.208.0/22 1. Open the Exchange Management Console. 2. Navigate to: Server Configuration - Hub Transport - Default Receive Connector - Properties - Network tab. 3. Under "Receive mail from remote servers that have these addresses:" find the entry that says 0.0.0.0-255.255.255.0 and delete the record. 4. Under "Receive mail from remote servers that have these addresses:" click Add. Input the first AVG AntiSpam IP range. 5. Click on the Permission Group Tab and ensure that "Anonymous" delivery is allowed from our ranges. 6. Stop and restart the MSExchangeTransport service on the HUB transport server(s)

Enable Recipient Filtering to Prevent Directory Harvesting Recipient Filtering is the single most overlooked important setting. It allows you to fight dictionary and other SPAM attacks. Spammers send mail to users they hope exist in your domain, sometimes hoping to learn if they exist by reading NDRs generated by Exchange, and sometimes just sending to common names, or running through a dictionary of names. In Exchange 2007/2010, the process of rejecting emails sent to invalid users is called Recipient Validation and enabling this is made complicated, in Exchange 2007/2010, by the way Microsoft has split the functions of Exchange into different roles. Recipient Validation is part of the AntiSpam features that are present, by default, only on the server performing the Edge Transport Role. The problem is, if you only have one Exchange server in your company, as most people do, it will be performing the Hub Transport, Client Access and Mailbox roles but not the Edge Transport role as this has to be on a separate server. An Exchange email system will work fine without the Edge Transport role. The solution is to install the AntiSpam features on the Hub Transport role so we'll start by doing this. If you do happen to have a separate Edge Transport server then skip ahead to the next section. Step 1 - Install the Anti-spam Agent on the Hub Transport Role 1. Open Exchange Management Shell and enter the command: cd "c:\program Files\Microsoft\Exchange Server\Scripts" 2. This "changes directory" to the folder containing a PowerShell script, provided by Microsoft, for installing the Anti-spam features on the Hub Transport. 3. Type the following command to run this script:.\install-antispamagents.ps1 4. Close the Exchange Management Shell window and either reboot the server or go to: Start Run --- and type: services.msc then click OK 5. Locate the service called Microsoft Exchange Transport, right-click on it and select Restart

Step 2 - Configure Recipient Validation 1. Open the Exchange Management Console and go to:- 2. Organization Configuration - Hub Transport and select the new Anti-spam tab 3. Right-click on Recipient Filtering and select Properties 4. If you have a separate Edge Transport server then you'll find the Anti-spam tab under Edge Transport 5. Go to the Blocked Recipients tab and select: Block messages sent to recipients not in the Global Address List 6. Then click OK Step 3 - Disable all other Anti-Spam Features 1. If you just installed the Anti-spam agents in Section 1 then, by default, some of these features will now be active. 2. Whether you enable or disable these other Anti-spam features is something you need to think about carefully and perhaps experiment with a little. 3. Today's job is to enable Recipient Filtering and not to reconfigure your whole antispam system so we recommend that, for now, you disable all the other new features. 4. Right-click on each feature, in turn, (except Recipient Filtering!) and select Disable

Exchange 2003 How to Configure Outbound Smart Host 1. Login to your Exchange 2003 server and open System Manager. 2. Expand Connectors, right click Small Business SMTP Connector (or your active outgoing SMTP connector) and select properties. 3. In the general tab, set the radio option to forward all mail through this connector to the following smart hosts and input: outbound.avgcloud.net 4. Navigate to the Address Space tab and ensure there is one entry with the address specified as * and the Cost as 1. 5. Click on the advanced tab, and then click Outbound Security 6. Click the radio button for anonymous access and a checkmark in TLS Encryption 7. Click OK and then OK again and verify that email is going out through the system. In order for the new settings to take effect, you need to restart the following services: Microsoft Exchange Routing Engine and Simple Mail Transport Protocol (SMTP) service.

Configure Access Restriction to Prevent DoS Attacks Enforcing IP restrictions is absolutely critical to complete protection of your mail server. Because hackers and spammers can easily bypass cloud services and target your server directly, mail servers protected by AVG AntiSpam should accept only accept SMTP connections from AVG AntiSpam IP s listed below and deny all other traffic: 100.42.120.96/27 (100.42.120.96/255.255.255.224) 100.42.115.0/27 (100.42.115.0/255.255.255.224) 208.70.208.0/22 1. Open the Exchange System Manager. 2. Expand Servers, Server Name, Protocols, SMTP - right click "Default SMTP Virtual Server" (Or the active receive connector name) and select properties 3. Navigate to the Access tab and then select the Connection button. 4. Remove any entries from previous providers or entries that have the IP range 0.0.0.0-255.255.255.0 5. Click Add to enter a new IP restriction. Select the Group of computers option, insert the first IP range for AVG Email AntiSpam and set the subnet mask to 255.255.255.224 - click OK. 6. Restart the Simple Mail Transfer Protocol (SMTP) service to apply the changes. Enable Recipient Filtering to Prevent Directory Harvesting The "Filter recipients who are not in the Directory" option, not enabled by default is the single most overlooked important setting. It allows you to fight dictionary and other SPAM attacks. Spammers send mail to users they hope exist in your domain, sometimes hoping to learn if they exist by reading NDRs generated by Exchange, and sometimes just sending to common names, or running through a dictionary of names. 1. In Exchange System Manager navigate to Global Settings, right-click on Message Delivery and chose Properties 2. On the Recipient Filtering tab, select "Filter recipients who are not in the Directory" then click OK 3. Click OK to the warning message that pops-up - it's just saying we need to perform a further step.

4. Go to Servers - <SERVER NAME> - Protocols - SMTP - Right-click on Default SMTP Virtual Server and click Properties 5. On the General tab, click Advanced - Select the listed IP Address and then click Edit 6. Select Apply Recipient Filter then click OK - OK OK

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information