Transport Services Flashcards Preview

Exchange 2016 MCSE 70-345 > Transport Services > Flashcards

Flashcards in Transport Services Deck (175)
Loading flashcards...
121

What Anti-spam / Anti-Malware agents are installed by default on an Edge Transport server?

• Connection Filtering

• Content Filter

• Sender ID

• Sender Filter

• Recipient Filter

• Protocol Analysis

• Attachment Filter


• (Note, it does not support the Malware agent)

122

What is Connection Filtering?

• An Anti-Spam Agent

• Exists only on Edge Transport server role (cannot be installed on a Mailbox server role)

• Makes block or allow decisions based on the IP address that is making the SMTP connection

• Can use block/allow list providors

• Can use explicit block/allow list entries

123

What is Content Filtering?

• An Anti-Spam Agent

• Makes filtering decisions based on the content of email messages

• Applies a Spam Confidence Level (SCL) score.

• Can reject, delete, or quarantine messages based on the SCL

• You can add custom phrases and keywords to influence how Content Filtering scores messages

124

What is this?

SCL

Spam Confidence Level

A score applied to a message by Content Filtering. The higher the level, the more likely it is spam.

125

What is Sender ID?

• An Anti-Spam Agent

• Looks up SPF Records

• Default action is simply to stamps messages with the results (will not reject email even if it fails)

• Can be configured to Reject messages that fail SPF lookup

• Bypass rules can be configured, so SPF is not considered for particular senders or internal recipients

• Only effective if sender's domain has an SPF record

126

What is Sender Filtering?

• An Anti-Spam Agent

• Makes filtering decisions based on senders or sender domains that you choose to block.

• Can be configured to either Reject the message, or simply StampStatus.

• Can be configured to block an e-mail address, a domain name, or entire top-level domains.

127

What is Recipient Filtering?

• An Anti-Spam Agent

• Makes filtering decisions based on the recipient of an email message

• Can check for non-existent recipients, restricted distribution groups, internal-only mailboxes

128

What is a Directory Harvest Attack?

When a spammer sends messages to many different recipients, to determine which ones are rejected based on being invalid recipients, which it can use to determine valid recipients.

Spammers use recipient validation to find legitimate email addresses.

129

How does Exchange mitigate against Directory Harvest Attacks?

Exchange will "tarpit" high volumes of suspicious behavior by 5 seconds (by default).

TarpitInterval is configured on Receive Connectors, and can be set to any interval you want, though the default of 5 seconds is usually sufficient.

130

What is Protocol Analysis?

• An Anti-Spam Agent

• Caluclates "Sender Reputation" level / score.

• Adds to the Sender Filter block list if score is above threshold, for a period of time (24 hours by default).

• Factors several characteristics to determine Sender Reputation.

131

What factors does Protocol Analysis consider to determine a Sender Reputation?

• HELO/EHLO analysis

• Reverse DNS lookup

• SCL ratings determined by the Content Filtering Agent

• Open proxy test

132

What is Attachment Filtering?

• An Anti-Spam Agent

• Only available on Edge Transport Server role. (Not on Mailbox Servers)

• Pre-configured with a list of file types to filter, such as executables and scripts.

• Attachment types can be added or removed, to customize list.

• Can be set to either Reject messages with filtered attachments, or simply Strip the attachment from the message.

133

What is a Safelist?

Mailbox users can maintain their own list of safe and blocked sender addresses or domains, called their Safelist.

134

What is Safelist Aggregation?

• Exchange can aggregate Safelist information to use it during antispam filtering.

• Content filtering is bypassed for safe senders.

• Sender filtering rejects or deletes messages from senders on a user's blocked list.

• Enabled by default

135

What is Malware Filtering?

• Only available on Mailbox Servers (not on Edge Transport)

• Asked during Setup if you want it Enabled (default is enabled)

• Malware filtering occurs at the transport layer, not database layer, therefore it does not replace running a file-level antivirus.

136

What is a Transport Queue, and how does it operate?

Exchange servers that host Transport services queue messages for delivery.

If the destination server can't be reached, the server will hold the message in its queue and retry delivery at regular intervals.

Queued messages will eventually expire.

137

How long will messages remain in the Transport queue before they expire?

The default Expiration Timeout is 2 days, but you can configure it as desired.

138

What is the PowerShell command to change the Transport Queue Expiration?

Set-TransportService

-MessageExpirationTimeout
3.00:00:00

139

What is Protocol Logging?

An option that can be configured on Send and Receive Connectors.

It captures the SMTP conversation that occurs between two hosts/devices.

Both the Front End Transport Service and the Transport Service each have Protocol Logs for both Send and Receive.

140

What Connectors utilize Protocol Logging?

By default, the only Receive Connectors that have Protocol Logging enabled are:

• Default Frontend

• Outbound Proxy Frontend

Other default Receive Connectors, and all manually created Send or Receive Connectors, have it disabled by default.

141

What different levels can Protocol Logging be set to?

Just two levels:

• None (Disabled)

• Verbose (Enabled)

142

What is Protocol Logging useful for?

Because the Protocol Logs are capturing the information from the very first stages of the SMTP connection, it is useful for identifying errors that occur before email enters the transport pipeline.

So, they are useful for troubleshooting connectivity issues at the server level.

143

What is Message Tracking?

An Exchange feature that records detailed log files of e-mail traffic as messages travel through the transport pipeline.

(I.e., between Exchange servers within the organization, and between different roles, services, and components on individual servers.)

It only records metadata.

144

What details about a message will be recorded by Message Tracking?

It only records metadata.

It does not store message contents other than the message subject (by default).

Metadata includes:

• Sender
• Recipient
• Date
• Time
• Overall message size
• Subject (by default, but optional)

145

What transport services will utilize Message Tracking?

Only the Transport Service.

(The Front End Transport service is only a proxy for SMTP connections, so it performs no logging other than Protocol Logging.)

146

How can you read info from Message Tracking Logs?

• The log TXT files are human-readable, and located within Exchange's installation folder:

• Program Files > Microsoft > Exchange Server > V15 > Transport Roles > Logs > MessageTracking

• These logs can also be imported into Excel to improve readability.

• You can also perform Message Tracking Log searches in PowerShell

147

How do you perform Message Tracking Log searches in PowerShell?

• Example command:

Get-MessageTrackingLog
-Sender
john@company.com
-Recipients
mary@website.com

• You can use several filter options to narrow your results.

148

What is a Remote Domain?

A Remote Domain is configured so that settings can be defined for outgoing message transfer to external mail systems.

149

What types of settings can be configured for Remote Domains?

• Message formats (HTML, rich text, plain text)
– If you know a certain domain only supports certain kinds of formats, you can convert outgoing messages to the required format)

• Automatic (out of office) replies

• Non-delivery reports
– with or without diagnostic information

150

What is the cmdlet to see Remote Domain configurations?

Get-RemoteDomain