Transport Services Flashcards Preview

Exchange 2016 MCSE 70-345 > Transport Services > Flashcards

Flashcards in Transport Services Deck (175)
Loading flashcards...

What Anti-spam / Anti-Malware agents are installed by default on an Edge Transport server?

• Connection Filtering

• Content Filter

• Sender ID

• Sender Filter

• Recipient Filter

• Protocol Analysis

• Attachment Filter

• (Note, it does not support the Malware agent)


What is Connection Filtering?

• An Anti-Spam Agent

• Exists only on Edge Transport server role (cannot be installed on a Mailbox server role)

• Makes block or allow decisions based on the IP address that is making the SMTP connection

• Can use block/allow list providors

• Can use explicit block/allow list entries


What is Content Filtering?

• An Anti-Spam Agent

• Makes filtering decisions based on the content of email messages

• Applies a Spam Confidence Level (SCL) score.

• Can reject, delete, or quarantine messages based on the SCL

• You can add custom phrases and keywords to influence how Content Filtering scores messages


What is this?


Spam Confidence Level

A score applied to a message by Content Filtering. The higher the level, the more likely it is spam.


What is Sender ID?

• An Anti-Spam Agent

• Looks up SPF Records

• Default action is simply to stamps messages with the results (will not reject email even if it fails)

• Can be configured to Reject messages that fail SPF lookup

• Bypass rules can be configured, so SPF is not considered for particular senders or internal recipients

• Only effective if sender's domain has an SPF record


What is Sender Filtering?

• An Anti-Spam Agent

• Makes filtering decisions based on senders or sender domains that you choose to block.

• Can be configured to either Reject the message, or simply StampStatus.

• Can be configured to block an e-mail address, a domain name, or entire top-level domains.


What is Recipient Filtering?

• An Anti-Spam Agent

• Makes filtering decisions based on the recipient of an email message

• Can check for non-existent recipients, restricted distribution groups, internal-only mailboxes


What is a Directory Harvest Attack?

When a spammer sends messages to many different recipients, to determine which ones are rejected based on being invalid recipients, which it can use to determine valid recipients.

Spammers use recipient validation to find legitimate email addresses.


How does Exchange mitigate against Directory Harvest Attacks?

Exchange will "tarpit" high volumes of suspicious behavior by 5 seconds (by default).

TarpitInterval is configured on Receive Connectors, and can be set to any interval you want, though the default of 5 seconds is usually sufficient.


What is Protocol Analysis?

• An Anti-Spam Agent

• Caluclates "Sender Reputation" level / score.

• Adds to the Sender Filter block list if score is above threshold, for a period of time (24 hours by default).

• Factors several characteristics to determine Sender Reputation.


What factors does Protocol Analysis consider to determine a Sender Reputation?

• HELO/EHLO analysis

• Reverse DNS lookup

• SCL ratings determined by the Content Filtering Agent

• Open proxy test


What is Attachment Filtering?

• An Anti-Spam Agent

• Only available on Edge Transport Server role. (Not on Mailbox Servers)

• Pre-configured with a list of file types to filter, such as executables and scripts.

• Attachment types can be added or removed, to customize list.

• Can be set to either Reject messages with filtered attachments, or simply Strip the attachment from the message.


What is a Safelist?

Mailbox users can maintain their own list of safe and blocked sender addresses or domains, called their Safelist.


What is Safelist Aggregation?

• Exchange can aggregate Safelist information to use it during antispam filtering.

• Content filtering is bypassed for safe senders.

• Sender filtering rejects or deletes messages from senders on a user's blocked list.

• Enabled by default


What is Malware Filtering?

• Only available on Mailbox Servers (not on Edge Transport)

• Asked during Setup if you want it Enabled (default is enabled)

• Malware filtering occurs at the transport layer, not database layer, therefore it does not replace running a file-level antivirus.


What is a Transport Queue, and how does it operate?

Exchange servers that host Transport services queue messages for delivery.

If the destination server can't be reached, the server will hold the message in its queue and retry delivery at regular intervals.

Queued messages will eventually expire.


How long will messages remain in the Transport queue before they expire?

The default Expiration Timeout is 2 days, but you can configure it as desired.


What is the PowerShell command to change the Transport Queue Expiration?




What is Protocol Logging?

An option that can be configured on Send and Receive Connectors.

It captures the SMTP conversation that occurs between two hosts/devices.

Both the Front End Transport Service and the Transport Service each have Protocol Logs for both Send and Receive.


What Connectors utilize Protocol Logging?

By default, the only Receive Connectors that have Protocol Logging enabled are:

• Default Frontend

• Outbound Proxy Frontend

Other default Receive Connectors, and all manually created Send or Receive Connectors, have it disabled by default.


What different levels can Protocol Logging be set to?

Just two levels:

• None (Disabled)

• Verbose (Enabled)


What is Protocol Logging useful for?

Because the Protocol Logs are capturing the information from the very first stages of the SMTP connection, it is useful for identifying errors that occur before email enters the transport pipeline.

So, they are useful for troubleshooting connectivity issues at the server level.


What is Message Tracking?

An Exchange feature that records detailed log files of e-mail traffic as messages travel through the transport pipeline.

(I.e., between Exchange servers within the organization, and between different roles, services, and components on individual servers.)

It only records metadata.


What details about a message will be recorded by Message Tracking?

It only records metadata.

It does not store message contents other than the message subject (by default).

Metadata includes:

• Sender
• Recipient
• Date
• Time
• Overall message size
• Subject (by default, but optional)


What transport services will utilize Message Tracking?

Only the Transport Service.

(The Front End Transport service is only a proxy for SMTP connections, so it performs no logging other than Protocol Logging.)


How can you read info from Message Tracking Logs?

• The log TXT files are human-readable, and located within Exchange's installation folder:

• Program Files > Microsoft > Exchange Server > V15 > Transport Roles > Logs > MessageTracking

• These logs can also be imported into Excel to improve readability.

• You can also perform Message Tracking Log searches in PowerShell


How do you perform Message Tracking Log searches in PowerShell?

• Example command:


• You can use several filter options to narrow your results.


What is a Remote Domain?

A Remote Domain is configured so that settings can be defined for outgoing message transfer to external mail systems.


What types of settings can be configured for Remote Domains?

• Message formats (HTML, rich text, plain text)
– If you know a certain domain only supports certain kinds of formats, you can convert outgoing messages to the required format)

• Automatic (out of office) replies

• Non-delivery reports
– with or without diagnostic information


What is the cmdlet to see Remote Domain configurations?