Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 0 subscribers
  • Views 6677 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange 2007 Sender Reputation Filter and Puremessage

kesm0724

I would like to add one more layer of spam defense to our organization using the Exchange 2007 Sender Reputation filter.  I have Puremessage 3.1.2 installed on our Edge Transport and have enabled the Sender Reputation filter but after 48 hours there seems to be no IP's added to the block list within Exchange - although the JET database appears to be increasing in size....  I'm suspecting that the Puremessage agent has a higher priority than the "Protocol Analysis" agent and this is why I'm not seeing any blocked IP's - is this accurate or do i have something misconfigured? 

Is this possible to use both PME and the Exchagne Anti-Spam agents on the same box?  I should note that I checked our firewall logs as well and don't see the edge transport server performing any "Open Proxy" testing - I would imagine I should see attempts from telnet, port 80, etc to the destination host.

Any ideas?  Thanks!

[PS] C:\Windows\system32>get-transportagent

Identity                                                       Enabled         Priority
--------                                                         -------                 --------
PmE12Transport                                     True                 1
Connection Filtering Agent                    True                  2
Address Rewriting Inbound Agent       True                  3
Edge Rule Agent                                     True                  4
Content Filter Agent                                True                  5
Sender Id Agent                                       True                  6
Sender Filter Agent                                  True                 7
Recipient Filter Agent                              True                 8
Protocol Analysis Agent                          True                 9
Attachment Filtering Agent                     True                 1 0
Address Rewriting Outbound Agent    True                 11
PmE12Protocol                                       True                  12

[PS] C:\Windows\system32>get-transportpipeline

Event                                                                    TransportAgents
-----                                                                    ---------------
OnConnectEvent                                                           {Connection Filtering Agent, Protocol Analysis Agent, PmE12Protocol}
OnHeloCommand                                                            {}
OnEhloCommand                                                            {}
OnAuthCommand                                                            {}
OnEndOfAuthentication                                                    {}
OnMailCommand                                                            {Connection Filtering Agent, Sender Filter Agent}
OnRcptCommand                                                            {Connection Filtering Agent, Address Rewriting Inbound Agent, Recipi...
OnDataCommand                                                            {}
OnEndOfHeaders                                                           {Connection Filtering Agent, Address Rewriting Inbound Agent, Sender...
OnEndOfData                                                              {Edge Rule Agent, Content Filter Agent, Protocol Analysis Agent, Att...
OnHelpCommand                                                            {}
OnNoopCommand                                                            {}
OnReject                                                                 {Protocol Analysis Agent}
OnRsetCommand                                                            {Protocol Analysis Agent}
OnDisconnectEvent                                                        {Protocol Analysis Agent}
OnSubmittedMessage                                                       {PmE12Transport, Address Rewriting Outbound Agent}
OnResolvedMessage                                                        {}
OnRoutedMessage                                                          {PmE12Transport, Address Rewriting Outbound Agent}

:29523


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    As evidenced by your transport agent output, PureMessage is taking precedence since it is listed first in the stack, so any SMTP traffic destined for Exchange will be passed to PureMessage before anything else. As part of PureMessage's spam scan, IP lookups run first so if any filtering is performed by PureMessage, then subsequent filters won't see those messages and no IP addresses will be added.

    PureMessage isn't tested with Exchange's anti-spam agents, hence why you were told it wasn't supported. Although you could modify the order of your agents so that PureMessage runs later, you may run into other scenarios that can't be predicted. I'm not sure what may have changed aside from the order of the agents; we wouldn't expect any changes as to how things would have worked before, but since this isn't tested, it isn't advised.

    Having both PureMessage run with additional malware/spam checks may result in multiple quarantine interfaces at best, possible email loss if improperly configured at worst. If you hope to have an environment running with both solutions, it would be better to run them on separate boxes (PureMessage downstream and Exchange's AS on the perimeter, for instance) if you want to add redundancy. Otherwise, there may be double effort at play here for marginal benefit, adding seconds to each email as they enter your system.

    If there are other organizations that have had similar experiences with multiple email filters in production, it would be good to hear from them to see how they've worked around this.

    :29715
Reply
  • 0

    Hi,

    As evidenced by your transport agent output, PureMessage is taking precedence since it is listed first in the stack, so any SMTP traffic destined for Exchange will be passed to PureMessage before anything else. As part of PureMessage's spam scan, IP lookups run first so if any filtering is performed by PureMessage, then subsequent filters won't see those messages and no IP addresses will be added.

    PureMessage isn't tested with Exchange's anti-spam agents, hence why you were told it wasn't supported. Although you could modify the order of your agents so that PureMessage runs later, you may run into other scenarios that can't be predicted. I'm not sure what may have changed aside from the order of the agents; we wouldn't expect any changes as to how things would have worked before, but since this isn't tested, it isn't advised.

    Having both PureMessage run with additional malware/spam checks may result in multiple quarantine interfaces at best, possible email loss if improperly configured at worst. If you hope to have an environment running with both solutions, it would be better to run them on separate boxes (PureMessage downstream and Exchange's AS on the perimeter, for instance) if you want to add redundancy. Otherwise, there may be double effort at play here for marginal benefit, adding seconds to each email as they enter your system.

    If there are other organizations that have had similar experiences with multiple email filters in production, it would be good to hear from them to see how they've worked around this.

    :29715
Children
No Data
Unfiltered HTML