Whacking Spam with ISA Server 2000

1
Whacking Spam with ISA Server 2000

• Thomas W Shinder MD

2
TECHNICAL FAQs

• Here are answers to the most common technical
  problems users encounter during a Webcast
•  
• Q Why cant I hear the audio part of the
  webcast?
• A Try increasing the volume on your computer.
• Q I just entered the webcast and do not see the
  slide that the speaker is referring to. What
  should I do?
• A The slides are constantly being pushed to
  your screen. You should refresh (hit F5) to view
  the latest slide.
•  
• If your technical question is still not
  answered, please email webcastSupport_at_techtarget.c
  om and describe your problem. A technical support
  person will respond within 24 hours.
• You can also visit the Broadcast Help page for
  more information or to test your browser
  compatibility. Click here http//help.yahoo.com/
  help/bcst/
•  

3
Dr. Tom Shinder

• ISA Server guru in residence at www.isaserver.org
• Editor of the Brainbuzz Network Admin Weekly
  Newsletter
• Editor of Sunbelt-Software WinXPNews
• Author of best selling Configuring ISA Server
  2000 Creating Firewalls with Windows 2000
• Author or contributors to over 20 Windows 2000
  and networking books

4
Introduction

• Spam Blocking Methods
• ISA Server Message Screener
• GFI Softwares MailSecurity
• Summary and Analysis of Spam whacking

5
Spam Blocking Methods

• Client side solutions
• Outlook Junk Mail Filters
• Outlook Express Message Rules
• iHateSpam, Mail Washer, etc.
• Server side solutions
• ISA Server Message Screener
• GFI MailSecurity

6
ISA Server Message Screener

• Message Screener works with the SMTP Filter
• SMTP Filter must be enabled
• Message Screener is not the same as the SMTP
  Filter
• Message Screener can be installed on the ISA
  Server, an SMTP Relay or an Exchange Server
• Preferred solution is on a dedicated SMTP relay
• IIS 5.0 required cannot install on IIS 4.0 SMTP
  service
• Message Screener does not control relay!
• Can screen both incoming and outgoing traffic
• Message Screener does not recognize incoming and
  outgoing traffic
• Same rules apply to incoming and outgoing SMTP
  traffic

7
Installing and Configuring the SMTP Message
Screener

• Install the Message Screener Software on the IIS
  5.0 machine
• Enable the SMTP Application Filter
• Configure the IIS 5.0 SMTP Server
• Configure Remote Domains
• Configure Relay
• Configure permissions with the SMTPCred tool
• Configure DCOM Permissions

8
Installing the Message Screener

• Run from the ISA Server CD if installing on an
  SMTP Relay or the Exchange Server
• Use the Add/Remove button to add the Message
  Screener to the ISA Server if you did not install
  it when the ISA Server was installed
• If you install on a dedicated SMTP relay or the
  ISA Server, you need to enable the IIS 5.0 SMTP
  service
• If you install on the ISA Server, you must
  disable SMTP service socket pooling

9
Enable the SMTP Filter
10
Enable the SMTP Filter

• SMTP Application Filter is disabled by default
• SMTP filter examines SMTP traffic even without
  Message Screener
• Only examines for SMTP buffer overflows as
  stand-alone
• Current implementation of the SMTP Filter does
  not support AUTH

11
Configure IIS 5.0 SMTP Service
12
Configure IIS 5.0 SMTP Service

• Configure a Remote Domain
• Remote domains for all your email domains
• You will allow relay only for these domains
• All mail not directed to a Remote domain is
  rejected

13
Configure IIS 5.0 SMTP Servce
14
Configure IIS 5.0 SMTP Service

• Relay configuration for default SMTP virtual
  server
• NO relay if used only for incoming messages
• Limited relay if used for outgoing messages
• Allow only internal mail servers to access
  outbound relay

15
Configure Credentials

• Message Screener on independent relay or internal
  Exchange Server
• Do not need to configure credentials if on ISA
  Server
• Use credentials of user that installed the ISA
  Server or local Admin

16
DCOM Permissions
17
Message Screener Variations

• Do not need to configure SMTPcred tool
  credentials when installed on ISA Server
• Do not need to configure DCOM permissions when
  installed on the ISA Server
• If the Message Screener is installed on an
  Exchange Server, it will not reliably screen
  outbound messages from Outlook MAPI clients
• If Message Screener is installed on the Exchange
  Server, it will screen all messages inbound and
  outbound using SMTP

18
Configuring the Message Screener

• Filtering Email Attachments
• Filtering by account or domain
• Filtering by keywords

19
Message Screener Configuration
20
Message Screener Configuration
21
Message Screener Configuration
22
Message Screener Recommendations

• Use a dedicated SMTP relay
• Keep the Message Screener off the ISA Server and
  Exchange Server
• If the Message Screener is off the ISA Server,
  make sure to configure SMTP credentials and DCOM
  permissions
• Image your server regularly, since you cant back
  up your configuration!

23
For More Information
24
Thank you

• If you have any additional questions or comments
  for Tom, send them to editor_at_searchwin2000.com.
  Be sure to note that the question relates to the
  ISA Server Message Screener webcast.
• For an immediate response to a question, go to
  the new SearchWin2000.com Webcast Question and
  Answer forum. Navigate from the home page. Tom
  will patrol the forum through the end of
  November.
• For more information on our library of on-demand
  webcasts, or to pre-register for an upcoming live
  event, go to http//searchwin2000.techtarget.com/
  webcasts/
• To submit your comments or suggestions for
  future webcasts, send an e-mail to the
  SearchWin2000.com Site Editor at
  editor_at_searchwin2000.com.