Exchange 2013 SP1 Edge Transport Connection Filtering

I have implemented an Edge Transport Server; but I think there is a lot of setup guidance missing from documentation.

From what I can tell, many of the Anti-SPAM agents use RBL's to contribute to their processing, not just the connection filter.

There does not seem to be any guidance on which RBL's to implement.  It seems logical to me that with this Server Role; and the dependency on these DNS databases (RBL's); compiled with each RBL's connection policies, and limits; that Microsoft would have a deployment guide on using a Microsoft housed DNS Server via DNS Server Conditional Forwarding; or something internal to the Edge Transport Role to ensure reliable access to RBL's for processing.

In Forefront for Exchange 2010; many RBL's were included in the product; and had from my testing built-in access to the RBL's absent from a dependency on internal DNS Servers.

If you need specifics, Google Public DNS does not resolve zen.spamhaus.org (the largest).  dnsbl.invaluement.com is not publically accessible, dnsbl.sorbs.net and b.barracudacentral.org are not resolvable from my ISP's DNS Server, my primary DNS forwarder.

Seems logical to me that the Exchange 2013 SP1 Edge Transport Role's Anti-SPAM Agents should somehow use a Microsoft DNS Server to resolve all the DNSBL's that Microsoft uses in it's Cloud/EOP ser

March 6th, 2015 11:28am

Hi Smith,

Thank you for your question.

Forefront will end of lifecycle at 31st Dec, 2015. We suggest you find an alternative product for Forefront Protection for Exchange as soon as possible.

Microsoft will continue to offer cloud-based email gateway protection with FOPE/EOP.

Forefront Online Protection for Exchange

http://technet.microsoft.com/en-us/library/ff715002.aspx

Forefront Online Protection for Exchange (FOPE) Transition Center

http://technet.microsoft.com/en-us/library/jj723146(v=exchg.150).aspx

If there are any questions regarding this issue, please be free to let me know. 

Best Regard,

Free Windows Admin Tool Kit Click here and download it now
March 9th, 2015 8:39am

Forefront will end of lifecycle at 31st Dec, 2015. We suggest you find an alternative product for Forefront Protection for Exchange as soon as possible.

Jim,

I think you missed the important context of the thread.  My issue is not with Forefront Protection.  It is with Exchange 2013 SP1 Edge Transport Role.  Connection Filtering does nothing out of the box; which is the only Anti-SPAM agent not able to be run on any other Exchange Role server.  After implementing the Edge Transport Role; it does a lousy job of Anti-SPAM.  There must be some guidance on how to strengthen an Exchange 2013 Edge Transport Role server.

March 21st, 2015 1:26pm

Cant you simply configure your network to access a decent public DNS server? I dont understand why you are having so many problems with resolving spamhaus and other DNS List providers. As I see it the problem here is not with Exchange but with your network configuration.

Free Windows Admin Tool Kit Click here and download it now
March 26th, 2015 7:33am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics