A Funny Thing Happened on the Way to the (TechNet) Forum

Greetings! My name is Andrew, and I work in the Forefront Server Security (FSS) test group in Long Island, New York. If you’re like me (and for your sake, I hope you’re not) you spend a lot of your time reading the Forefront Security for Exchange Server and Anti-virus/Anti-spam Microsoft TechNet forums. (You don’t read the Microsoft TechNet forums, you say? Shame on you. They really are a great resource for information on FSS, Exchange, Office, and just about everything else Microsoft. If you have a technical question, post it on the forums and soon an army of über-cyber-geeks, much like myself, will answer it for you.)

Anyway, while reading the forums after playing D&D one Saturday night, I noticed there is quite a bit of confusion concerning Spam filtering in Forefront and Antigen. How do I configure Forefront to stop Spam? Is Spam filtering part of Forefront and Antigen, or is it part of Exchange? Is Anti-Spam executed on the Edge server or the Mailbox server? And just what is the story with the Hub server?

The answer depends on which version of Exchange you are running.

Microsoft Antigen, which protects your Exchange 2000 and Exchange 2003 servers, provides robust anti-spam capabilities. On these servers, your Anti-Spam settings will be found in the Antigen UI, not in the Exchange UI. Just keep in mind that if you want to take advantage of the Anti-Spam features of Antigen, you will need to download Antigen for Exchange with Antigen Spam Manager from the Messaging Security Suite. If you do not download this version, when you open the Antigen Administrator you will see the Anti-Spam icon display for a second and then disappear.

If you are running Exchange Server 2007, you will find that Microsoft Forefront Security does not provide Anti-Spam features. Why is Spam filtering included in Antigen, but not in Forefront, you ask? That is because Anti-Spam protection is provided by Exchange 2007, so it would be redundant to include these features in Forefront as well. Although Spam filtering has moved from Forefront to Exchange, Forefront does still provide keyword filtering, which identifies unwanted e-mail messages by analyzing the contents of the message body. By creating keyword lists, messages can be filtered based on a variety of words, phrases, and/or sentences.

It is important to remember that Anti-Spam is enabled by default on Exchange 2007 Edge servers, while it is disabled by default on Hub servers. If you do not have an Edge server, and you want to enable Spam filtering on your Hub server, you may do so by running the Anti-Spam add-on script. First, launch the Exchange Management Shell. In the Scripts folder, you will find the install-antispamagents PowerShell script, which, appropriately, installs the Anti-Spam agents. After running this command, you will need to restart your transport service and Exchange Management Console. You will then see the Anti-Spam features displayed in the Exchange UI. Finally, it should be noted that although you do not need a Forefront license to access the Exchange 2007 Anti-Spam features, Forefront does include the right-to-use for the enhanced anti-spam features of Exchange.

And that’s all there is to it!

Now, if you’ve managed to stay awake and read this far (1 in 50 do!) you probably have some questions. Please post any questions you may have either here on the TechNet forums. There is a cyber-geek out there somewhere – perhaps myself – waiting to answer it for you.