How to Configure ISA Server to Secure SMTP Traffic
ISA Server provides three components for securing SMTP traffic. The first is the Mail Server Wizard, which can be used to publish the SMTP server to the Internet. The second component is the SMTP Message Screener, which can help reduce the amount of unwanted e-mail entering the organization. The third component is the SMTP application filter, which can be used to block buffer-overflow attacks or SMTP command based attacks on Exchange Server.
Mail Server Wizard
You can use the Mail Server Wizard to make Exchange Server computers available to Internet clients. The Mail Server Wizard includes several options, one of which is publishing an SMTP server. When publishing an Exchange Server computer as an SMTP server, you create a server publishing rule that accepts SMTP traffic on the ISA Server computer’s external interface and forwards the packets to the Exchange Server computer.
SMTP Application Filter
ISA Server 2004 provides application-layer filtering to help prevent Internet attackers from using buffer-overflow commands to disable or take control of your computer running Exchange Server. The SMTP application-layer filter inspects the commands included in all incoming SMTP communications. You can configure the SMTP filter to limit the size of the SMTP command sequences as well to block specific commands.
SMTP Message Screener
The ISA Server 2004 SMTP Message Screener can be used to control incoming SMTP mail by performing application-layer inspection of all SMTP messages. The Message Screener can scan the messages and examine the attachments and then block or hold messages for later inspection.
You can configure the SMTP Message Screener to block or hold incoming or outgoing e-mail using the following parameters:
1- Source or destination e-mail domain
2- Source or destination e-mail address
3- Attachment size, file extension, or file name
4- Keywords in the mail subject or body
The SMTP Message Screener can block or hold messages sent from the internal network in the same way that it does for messages entering the network.
ISA Server provides three components for securing SMTP traffic. The first is the Mail Server Wizard, which can be used to publish the SMTP server to the Internet. The second component is the SMTP Message Screener, which can help reduce the amount of unwanted e-mail entering the organization. The third component is the SMTP application filter, which can be used to block buffer-overflow attacks or SMTP command based attacks on Exchange Server.
Mail Server Wizard
You can use the Mail Server Wizard to make Exchange Server computers available to Internet clients. The Mail Server Wizard includes several options, one of which is publishing an SMTP server. When publishing an Exchange Server computer as an SMTP server, you create a server publishing rule that accepts SMTP traffic on the ISA Server computer’s external interface and forwards the packets to the Exchange Server computer.
SMTP Application Filter
ISA Server 2004 provides application-layer filtering to help prevent Internet attackers from using buffer-overflow commands to disable or take control of your computer running Exchange Server. The SMTP application-layer filter inspects the commands included in all incoming SMTP communications. You can configure the SMTP filter to limit the size of the SMTP command sequences as well to block specific commands.
SMTP Message Screener
The ISA Server 2004 SMTP Message Screener can be used to control incoming SMTP mail by performing application-layer inspection of all SMTP messages. The Message Screener can scan the messages and examine the attachments and then block or hold messages for later inspection.
You can configure the SMTP Message Screener to block or hold incoming or outgoing e-mail using the following parameters:
1- Source or destination e-mail domain
2- Source or destination e-mail address
3- Attachment size, file extension, or file name
4- Keywords in the mail subject or body
The SMTP Message Screener can block or hold messages sent from the internal network in the same way that it does for messages entering the network.
