I have been joking around this quarter during my System Center presentations that I don't need a System Management solution on my home network because my wife alerts me of any and all issues. Exchange Server down? My phone rings with my wife on the other end letting me know. Proxy Server down? My phone rings and she lets me know that she can't get to eBay. The only piece missing is the automated actions that System Center can take to resolve the issues without human intervention. I suppose I should relinquish some control and show her how to do some basic troubleshooting on the services she uses the most frequently. Or deploy System Center at home.
But I digress.....how did Exchange Edge and Forefront save my marriage? Well.....a little history is necessary.....
I have been running my own Exchange server at home for about 10 years now. I started with Exchange 4.0 back in 1997 connected to a dedicated dual channel ISDN line at a whopping 128k. I registered and used a domain name for about two years before registering a different domain name which I am still using 8 years later.
Ten years ago, spam was more of a nuisance than a hazard. The occasional chain letter claiming that if I didn't forward the email to at least 6 people I would suffer from bad luck. (Really. You will have bad luck. Trust Me.) Someone sending an email to everyone they know to go look at a "Mr. T ate my ....." web site. The point being that we didn't get much spam back then and what we did get was relatively harmless.
Fast forward a decade and spam now makes up more than 50% of the inbound mail to most mail servers and carry nasty payloads or phishing scams and that makes spam more than just a nuisance. Spam chews up bandwidth that could otherwise go toward higher bandwidth applications like HD video streaming and all of the other cool Web 2.0 activities. Mail servers are spending more and more CPU cycles processing spam reducing overall performance which impacts end users. Spam payloads contain malicious software and links to phishing sites aimed at collection personal account information or links to sites that have embedded code designed exploit un-patched vulnerabilities.
The long and the short.....spam is bad. Mmmmkay?
Stay with me.....
About 6 months ago I was still running Exchange 2003 Enterprise and the Intelligent Message Filter with Real Time block lists and blocked domains configured and I was at about the same level as I was 10 years earlier. About 10 or so spam messages would make it through. Not bad for a domain that has been around for 8 years and is probably on every spammers list in existence today. I didn't have any idea how much spam was being filtered out because I had been running this config reliably for several years.
But I was about to find out.....
I longed to upgrade to Exchange 2007 which gave me an excuse to also jump into the 64bit world. I sprung this on my wife one day promising that her email experience would be better and I could eliminate virtually all spam with the new hardware and Exchange 2007. The wife spends a fair amount of time using email so I thought this to be the perfect attack vector to persuade her that more computers in the basement would be justifiable. Much to my surprise, she agreed!
She had a few conditions though.....
Request: She wanted to access her email from work
Resolution: Outlook Web Access
Request: She wanted to access her email from her cell phone (she has a Blackjack)
Resolution: Get her connected using Exchange ActiveSync
Request: If you get two new servers, I get a new car (I felt this was unrelated but she felt otherwise...)
Resolution: Get her a new car
I agreed to her conditions, and picked up two AMD 64bit machines with the intention of deploying a two server Exchange 2007 configuration. Server1 would be my Exchange Hub, Mailbox, and Client Access Server and Server2 would be my Exchange Edge role and also Forefront Security for Exchange.
I installed Server1 easily enough, migrated my mail databases over, configured OWA and Outlook Anywhere. Mail was flowing and after a little wrangling with getting my wife's cell phone to connect to Exchange, life seemed great.
Until Day 2...
The next day, the wife asks me "why am I getting all of this spam? I thought you said Exchange 2007 would be even better at filtering out spam???". I explained to her that I had not yet configured any of the spam filtering options so we would be getting "a little more spam than usual" until I did. This prompted me to check my own mailbox which has been in constant use for 8 years (hers has been used regularly for about 4 years).
In about a 36 hour time span I had received over 1000 spam emails. An amazing increase over the 10-15 I received with NO spam filtering just 10 years earlier. My wife was receiving about a 10th of what I was but that meant 100+ spams a day in her inbox when she was accustomed to getting 3-5 in her junk mail folder. I knew my mail server was dealing with tens of thousands more than just what we were seeing because the spammers are sending email to non-existent mailboxes too. I plan on firing up PerfMon next week and getting a count of what my server processes in a week. I will report those results in a later post.
Stay with me....
The plan was to make sure that Server1 (Hub, Mailbox, Client Access) was stable before proceeding with the provisioning of Server2 (Edge and Forefront). I was also delaying configuring any spam filtering until I installed the Edge server. I also have to admit that I was in awe of how much spam was coming in and I was curious to see just how bad it was. I cleaned my mailbox out on Day 3, asked my wife to do the same and just move spam to the Junk Mail folder as needed using Outlook and start building out her blocked senders list. I left everything alone for a week. On Day 10 I logged back in and an unbelievable 10,000+ emails were in my inbox! My wife had graciously started moving mail to her Junk Mail folder but gave up after day 5. She started just highlighting and deleting it all. She ended up with about ~800 spams after that week long test.
Here is where things start to go south.....
A series of events occurred which prevented me from finishing the Edge server installation in a timely manner. My travel schedule went a little nuts, we had a series of house guests over the summer (I blame Matt!), I worked several other honey-do list items and then I just got plain lazy about fixing the spam issue. I fell into the routine of logging into my mailbox every 2-3 days doing a CTRL-A, DEL and then filtering through the Deleted items to find any real email and create a rule for it.
This didn't work for the wife though....
For almost 6 months she suffered through hundreds of spams a week that she patiently deleted and gently reminded me of every few days. She finally broke down and gave me an ultimatum -
Fix the spam issue or I am getting a GMail account!
What?!?!?! Get a GMail account? I believe in this day and age I could actually use that as grounds for a divorce, but I wisely opted to save my marriage by fixing the spam issue.
I stayed up late one night determined to accomplish two goals - 1) Reduce spam on my server and 2) Save my marriage!
I had never actually built out an Edge server myself much less configured Forefront Security for Exchange. I have demoed both to live audiences but that was using a canned demo environment provided by the corporate content team. I decided to check out the Technet Virtual Labs to see what was out there for learning. Sure enough I found the following Virtual Labs -
There is another Lab I want to take but it isn't going to be available until October 24th
I did the first two labs while I had Remote Desktop sessions to my Exchange servers and configured my servers while I was walking through the labs. I also took the time to configure Exchange 2007 Real Time Block Lists and some of the other filtering items. It took about 2 hours to complete the labs and the configuration of my own servers.
After I made the final tweaks for publishing my Edge server to the web in place of my Mailbox server, I tested mail flow successfully and packed it in for the night. I decided to wait 48 hours to see how much spam came in. Two days later I checked my inbox and amazingly I was back down to my 1997 levels of spam. I am receiving about 5 spams a day to my actual Inbox and 2-3 to my Junk Mail folder right now. My wife is getting that much in a week which is even better than when we were using Exchange 2003 and the IMF. I will be tweaking things more over the next week or so to see if I can get it down to zero.
The primary goal was to reduce the amount of incoming spam (and thus save my marriage!). Using the native Exchange features alone would have accomplished this. But spam today is more than an email hawking a product that claims to make some part of your body larger or smaller. Much of the spam today carries malicious software or links out to phishing sites. I want to keep that stuff from ever making it into the database if I can help it. So I took things a step further by implementing Forefront for Exchange to address the malicious payloads that are common today.
Forefront for Exchange can leverage up to 5 antivirus engines to scan for and eliminate malicious payloads in spam. In addition it can also do content, keyword, and file filtering. I have not configured things to that level yet but i plan to and will post some entries on those results at a later date.
For now though......the wife is happy about her email. She has withdrawn her threat of getting a GMail account. I don't have to leave her now! Marriage saved!
Save your marriage! Implement Exchange 2007 Edge services and Forefront for Exchange!