The
Edge Transport server role is vital in today’s risk-fraught messaging
environment as it is responsible for intercepting the onslaught of
viruses and spam before they reach the internal network. Special
transport rules have been created specifically for Edge servers in
Exchange Server 2010. These transport rules include address rewriting
policies, content filtering policies, SenderID, and Sender Filtering.
Understanding the Role of EdgeSync in Exchange Policy Management
The EdgeSync service runs
as a special synchronization component that keeps specific information
from the internal AD forest in sync with an external AD in Application
Mode (ADAM) forest. It uses this information to determine if policies
have changed.
Implementing Edge Rule Agents
Many of the transport
rules in Exchange Server 2010 were designed to work on the Edge
Transport role systems. This is especially true for services such as
antivirus and antispam. Several other key pieces of functionality are
run as policies on Edge Rule agents, as described in this section.
Setting Up Address Rewriting Policies
One of the edge
transport rules available by default is the address rewriting policy.
This policy allows internal email domains to be rewritten to a common
external domain, or any other combination of domain rewriting as
necessary.
Address rewriting
cannot currently be performed from the graphical user interface (GUI)—it
must be scripted. The following illustrates a sample script to set up a
rewriting policy:
New-AddressRewriteEntry -name "marina@abc.internal to marina@companyabc.com"
-InternalAddress marina@abc.internal -ExternalAddress marina@companyabc.com
This sample policy rewrites any instance of marina@abc.internal to marina@companyabc.com.
Configuring Content Filtering Policies
Edge Server role
systems have a built-in Content filter running to provide for antispam
and antivirus functionality. This agent serves as a direct replacement
for the Exchange 2003 Intelligent Message Filter (IMF). The agent works
by assigning a Spam Confidence Level of 1-9 for an email. The higher the
number, the more likely it is to be spam. Removing the junk messages at
the edge is the best way to reduce the load that this type of
environment has on the current messaging environment.
Working with Sender Filtering Policies
Sender filtering on
an Edge Transport role server allows for antispam functionality on the
edge. It can be easily enabled or disabled for a server by following the
command outlined as follows:
1. | On the Edge server in Exchange Management Console, click Edge Transport.
|
2. | In the work pane, click the Antispam tab.
|
3. | |
4. | Click either the Disable or Enable action, depending on how you want to set it up.
|
Understanding and Configuring SenderID
SenderID is an
antispam framework that defines how organizations can create special
domain name system (DNS) records, known as Sender Policy Framework (SPF)
records, to easily verify that they really are who they purport to be.
SenderID can be disabled or enabled on an Edge Transport server via the following process:
1. | On the Edge server in Exchange Management Console, click Edge Transport.
|
2. | In the work pane, click the Antispam tab.
|
3. | Click Sender ID.
|
4. | Click either the Disable or Enable action, depending on the action desired.
|
