A Funny Thing Happened on the Way to the (TechNet) Forum

Greetings! My name is Andrew, and I work in the Forefront Server Security (FSS) test group in Long Island, New York. If you’re like me (and for your sake, I hope you’re not) you spend a lot of your time reading the Forefront Security for Exchange Server and Anti-virus/Anti-spam Microsoft TechNet forums. (You don’t read the Microsoft TechNet forums, you say? Shame on you. They really are a great resource for information on FSS, Exchange, Office, and just about everything else Microsoft. If you have a technical question, post it on the forums and soon an army of über-cyber-geeks, much like myself, will answer it for you.)

Anyway, while reading the forums after playing D&D one Saturday night, I noticed there is quite a bit of confusion concerning Spam filtering in Forefront and Antigen. How do I configure Forefront to stop Spam? Is Spam filtering part of Forefront and Antigen, or is it part of Exchange? Is Anti-Spam executed on the Edge server or the Mailbox server? And just what is the story with the Hub server?

The answer depends on which version of Exchange you are running.

Microsoft Antigen, which protects your Exchange 2000 and Exchange 2003 servers, provides robust anti-spam capabilities. On these servers, your Anti-Spam settings will be found in the Antigen UI, not in the Exchange UI. Just keep in mind that if you want to take advantage of the Anti-Spam features of Antigen, you will need to download Antigen for Exchange with Antigen Spam Manager from the Messaging Security Suite. If you do not download this version, when you open the Antigen Administrator you will see the Anti-Spam icon display for a second and then disappear.

If you are running Exchange Server 2007, you will find that Microsoft Forefront Security does not provide Anti-Spam features. Why is Spam filtering included in Antigen, but not in Forefront, you ask? That is because Anti-Spam protection is provided by Exchange 2007, so it would be redundant to include these features in Forefront as well. Although Spam filtering has moved from Forefront to Exchange, Forefront does still provide keyword filtering, which identifies unwanted e-mail messages by analyzing the contents of the message body. By creating keyword lists, messages can be filtered based on a variety of words, phrases, and/or sentences.

It is important to remember that Anti-Spam is enabled by default on Exchange 2007 Edge servers, while it is disabled by default on Hub servers. If you do not have an Edge server, and you want to enable Spam filtering on your Hub server, you may do so by running the Anti-Spam add-on script. First, launch the Exchange Management Shell. In the Scripts folder, you will find the install-antispamagents PowerShell script, which, appropriately, installs the Anti-Spam agents. After running this command, you will need to restart your transport service and Exchange Management Console. You will then see the Anti-Spam features displayed in the Exchange UI. Finally, it should be noted that although you do not need a Forefront license to access the Exchange 2007 Anti-Spam features, Forefront does include the right-to-use for the enhanced anti-spam features of Exchange.

And that’s all there is to it!

Now, if you’ve managed to stay awake and read this far (1 in 50 do!) you probably have some questions. Please post any questions you may have either here on the TechNet forums. There is a cyber-geek out there somewhere – perhaps myself – waiting to answer it for you.

Comments (8)

  1. Anonymous says:

    More on Exchange 2007 and certificates – with real world scenario Turning off the "leave a message"

  2. Matt says:

    Thanks, this answered the questions I have been asking – well, most of them!

    How do I get Forefront to update it’s Filtering Lists?

    No I have enabled the Anti Spam filtering on my Hub server, how do I get it to update regulalry?

    So it’s all about updates, I can’t see how to do them!?!?!?

  3. Chris Le says:

    I have a single server, Windows 2008 Enterprise 64-Bit with SP1

    Exchange 2007 SP1 with Update rollup 5 installed.

    All is working fine until I installed Forefront for exchange with SP1.

    As soon as forefront is installed, the server accepts email from internal users but does not send them out. Same thing when an outsider sends an email, the server does not send them to internal users.

    Upon reboot, I get numerous errors. The forefront services do not start as well as Exchange Information Store and Transport. So I manually start the services and still have the same problem above.

    After I uninstall Forefront, everything works again and all messages are delivered. Seems like they were stuck somewhere. Is Forefront supposed to work out of the box or do I have to do some configuration other than those in the quick start guide on technet?

    I did some more experimentation and installed Forefront update rollup 3. OK this time upon reboot, all the services start. But I still have the same problem. Emails are going no where. I also noticed my DNS server crashed for the domain controller domains.

    So I had to uninstall update rollup 3 as well as Forefront to get things working again.

    This is a nightmare! I thought Microsoft products are supposed to play nicely together???

    Can someone point me in the right direction here?

  4. Rick Jones says:

    Thank You! Before I read this post I had almost resigned myself to the fact that Exchange 2007 was almost totally helpless against spam, and my blood pressure was hovering in 4-digit range. FINALLY something that actually works! Thanks again.

  5. Chris says:

    Is there a wildcard for Keyword filtering in Forefront?

Skip to main content