Windows Administrator's Forum

Windows Administrator's Forum

Skip to content

E-Mail Protection mechanism on Forefront TMG

Discuss Microsoft's firewall, virtual private network, and Web caching solution.
Post a reply

E-Mail Protection mechanism on Forefront TMG

Postby ManU » Fri Jan 22, 2010 10:36 am

Microsoft Forefront TMG allows firewall administrators to manage and deploy SMTP Policies from a single location using. This solution includes two other products, which are:
Microsoft Exchange Edge Transport
Microsoft Forefront Security for Exchange.

SMTP Protection Components
The E-Mail Protection solution on Forefront TMG is composed by the following components

TMGSMTP.gif
TMGSMTP.gif (9.12 KiB) Viewed 121 times


The first component in the stack is the TMG Filter Driver that runs in Kernel mode. This filter driver will intercept all requests prior to send to the other component that run in User Mode. Exchange Edge Transport components will initially process the message and perform the initial SPAM filtering and then pass the message to the Forefront Security Server for Exchange to perform the Virus scan. The table below describes in more details the component and which product is responsible to handle it:

TMG2.png
TMG2.png (6.99 KiB) Viewed 121 times


Walkthrough an Incoming Message Processing

TMG3.gif
TMG3.gif (8.71 KiB) Viewed 121 times


The first step during a SMTP connection is to send a Hello command. When TMG receives this request it sends to Microsoft Exchange Edge Transport to process it. Microsoft Exchange Edge Transport has a series of SMTP transport events that will trigger actions during the message processing. Some of those events will invoke SMTP Agents that are prepared to process a series of parameters, such as verify if the IP that sent the message is an IP allowed or not.

In the case of this first connection the event OnConnect will be used and the Connection Filtering Agent will be processed. This filtering agent will look for parameters that were configured in the Forefront TMG Console, such as the ones showed in Figure

TMG4.gif
TMG4.gif (44.35 KiB) Viewed 121 times


Assuming that the connection satisfies all parameters that were specified, the next step for the connection to happen is to analyze the body of the message right after the connection is sent and we have reach the end of the data. At this point the OnEndOfData event is used and two filters are processed: Content filtering Agent and Attachment Filter Agent as shown in Figure

TMG5.gif
TMG5.gif (57.51 KiB) Viewed 121 times


If the connection satisfy all parameters that were used then the message will be securely sent to the internal Mail Server.
Regards
MANU PHILIP -MVP-Exchange Server
| MCITP | MCTS | MCSA| ITIL V3 |
Mirosoft TechNet Forums Profile: Manu PhiliP
User avatar
ManU
Founder
Founder
 
Posts: 87
Joined: Sat Sep 26, 2009 9:57 am
Location: India-Kerala
Top

Re: E-Mail Protection mechanism on Forefront TMG

Postby Nanis » Tue Feb 02, 2010 11:23 am

good..keep it up
Nanis
Rank1
Rank1
 
Posts: 2
Joined: Tue Feb 02, 2010 11:16 am
Top
Post a reply

Return to Forefront/ISA Server

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB © 2000, 2002, 2005, 2007, 2008, 2008,2009,2010 phpBB Group
cron