Identifying external and internal addresses

 

Applies to: Forefront Protection for Exchange

Forefront Protection 2010 for Exchange Server (FPE) provides settings that enable you to identify external and internal addresses. It is recommended that you configure these settings shortly after installing FPE so that inbound and internal mail can easily be identified for targeted antimalware scanning and filtering.

Note

After you have identified external and internal addresses, you can specify scan targets for the transport scan. (For more information, see Scanning inbound, outbound, and internal message queues.) You can also select to perform keyword filtering and file filtering on inbound and outbound mail. (For more information, see Creating a keyword filter list and Creating a file filter list.) You can also configure FPE to send notifications to internal or external senders and recipients. (For more information, see Configuring e-mail notifications.)

Identifying external addresses

If you are using an external server in order to route e-mail into your Exchange environment via an Edge Transport or Hub Transport server, you may enter the IP address of the Edge Transport or Hub Transport server so that FPE treats all e-mail coming from that server as inbound when determining which filters and scan jobs to use for a message. If you do not enter the IP address of your Edge Transport or Hub Transport server, FPE uses its internal logic in order to determine whether or not messages are inbound.

To identify external addresses

1. In the Forefront Protection 2010 for Exchange Server Administrator Console, click Policy Management, and under Global Settings, click Advanced Options.

2. Under the IP addresses used to identify external addresses field, click Edit IP Address List.

3. In the Edit IP Address List dialog box, in the box, type the IP address, and then press ENTER. Repeat this process in order to add multiple IP addresses (additional IP addresses must be input on separate lines).

4. After you have completed adding IP addresses, click Apply and Close to return to the Global Settings - Advanced Options pane, and then click Save.

Identifying internal addresses

You can configure FPE to scan internal mail. Messages are designated as internal if they originate from inside your domain and all the recipients are located inside your domain.

To identify internal addresses

1. In the Forefront Protection 2010 for Exchange Server Administrator Console, click Policy Management, and under Global Settings, click Advanced Options.

2. You can identify internal addresses by using one of the following settings under the Scans section.

   Note

   If your list of internal names is small, use the Domain names used for identifying internal addresses setting. If you are adding many internal names, it is recommended that you use the Domains.dat file instead.

   • Domain names used for identifying internal addresses—If your list of internal names is small, click Edit Domain Name List. In the Edit Domain Name List dialog box, in the box, type the domain name, and then press ENTER. Repeat this process in order to add multiple domain names (additional domain names must be input on separate lines). After you have completed adding domain names, click Apply and Close to return to the Global Settings - Advanced Options pane.

     When adding a domain name, be aware that its subdomains are covered by the entry. For example: contoso.com includes subdomain.contoso.com and subdomain2.contoso.com. Alternate domains such as contoso.net or contoso.org must be entered individually. Values entered in this field are used as a substring match of the end of an e-mail address. For example, example.com would consider someone@example.com and someone@abcdef123example.com to be internal addresses.

   • Use external "Domains.dat " file instead of value in “Domain names used for identifying internal addresses” parameter—If you have a large number of domains to be used as internal addresses, you can enter them in an external file called Domains.dat and leave the Domain names used for identifying internal addresses field blank. In order to use the external Domains.dat file, you must enable the Use external "Domains.dat " file instead of value in “Domain names used for identifying internal addresses” parameter setting.

     Domains.dat is an empty text file located in the data folder. (For the location of the default data folder on your operating system, see Default folders.) You can enter all your internal domains, each on a separate line, into this text file. Unlike the Domain names used for identifying internal addresses field, all subdomains must be entered individually.

     Note

     The Domains.dat file is reloaded at 02:00 (2:00 A.M.) each day. This is when any changes you make to the file take effect.

3. Click Save.

Note

The Use reverse DNS lookup when determining whether a message is inbound setting provides the ability to enable reverse DNS lookups for inbound and outbound determination if the Domain names used for identifying internal addresses list (or the Domains.dat file) contains entries other than the domain name of the server. The inbound or outbound determination is used by keyword filtering and file filtering. When selected (enabled), FPEuses reverse DNS lookup in order to get the domain name and make the inbound or outbound determination. If the option is cleared (disabled), FPEuses the information in the Received header, as well as secure routing information from the Exchange Transport Agent, in order to make the inbound or outbound determination. This setting is disabled by default.