by November 1, 2004 0 comments



This article talks about using ISA Server 2004 to prevent mail relaying, virus entry and unwanted attachments on the network in six simple steps. Using Message Screener, a component of ISA 2004, you can filter both incoming and outgoing e-mail messages based on keywords or attachments, or block e-mail messages from specific senders and domains. For the setup we assume that you have a corporate mail server running on your internal network. 

ISA server does not come with pre-canned rules for mail filtering or content blocking. You have to create the required rules one by one, which can be tedious. Or, you can integrate it with third-party virus and spam control tools such as McAfee Security Shield for ISA Server.

Install ISA 2004 and Message Screener
Our last month’s article carries the steps to install ISA 2004. But, to install Message Screener along with ISA, select Custom on the ‘Setup Type’ page during the installation wizard. Click on Next. Click the icon next to Message Screener and select ‘This feature will be installed on local hard drive’. Message Screener must be installed on an SMTP server running IIS (Internet Information Services) 6.0 or IIS 5.0. So you must install IIS 6.0 or 5.0 before continuing. After this complete the installation wizard.

Direct Hit!
Applies to: Network and system administrators
USP:
Save your network from security threats entering through e-mail
Links: www.microsoft.com/
technet/prodtechnol/isa/default.mspx

Configure SMTP relay
Now you need to configure the SMTP server on the ISA server to relay mails from the outside world to your mail server.

First, open Internet Services Manager. Click on Start, point to ‘All Programs’, then point to ‘Administrative Tools’ and select ‘Internet Information Services’. Then expand the local computer node. Expand Default SMTP Virtual Server, right-click on Domains, select New and click on Domain to open the New SMTP Domain Wizard. On the Welcome page, verify that the default domain type, Remote, is selected, and then click on Next. On the Domain Name page, provide your domain name for the SMTP server, such as cybermedia.co.in, for which mail has to be accepted and then click on Finish. You can add multiple domains here, if you need to. In the IIS Manager click on Domains. Right-click on the new remote domain that you just created, and select Properties. Click on the General tab. In ‘Select the appropriate settings for your remote domain’, click to select the ‘Allow incoming mail to be relayed to this domain’ check box to allow the SMTP server to act as a mail relay.

Under Route domain, click on ‘Forward all mail to smart host’, and then type the IP address of the internal network’s mail server. If you use an IP address, make sure that you use square brackets ‘[]’ to enclose the IP address. For example, [192.168.3.25]. Click on OK. Else, you can specify the DNS name of the mail server. Stop and start the SMTP virtual server.

Select Message Screener to be installed during the ISA setup

Now, if someone attempts to use your infrastructure as a relay to some other domain, all such mail will be discarded. Also, mail will be forwarded only to the mail server you have defined above.

Publish the SMTP server
Now we will publish the Message Screener SMTP server to the Internet, through the ISA Server. This is required since now all your mail will first reach the Message Screener SMTP server, which after getting filtered, will be forwarded to your internal mail server. First, in the console tree of ISA Server Management, click on ‘Firewall Policy’. In the task pane, on the Tasks tab, click on ‘Publish a Mail Server’. On the Welcome page, provide a name for the rule, such as Publish Message Screener SMTP Server, and then click on Next. On the Select Access Type page, select Server-to-Server communication: SMTP, NNTP, and then click on Next. On the Select Services page, select SMTP and then click on Next. On the Select Server page, provide the IP address of the SMTP server, which in this case will be the Internal IP address of the ISA server, and then click on Next. On the IP addresses page, select the network on which ISA Server will listen for requests for the SMTP server. Because your SMTP server is meant to receive e-mail messages from the Internet, you would typically select External. Click on Next. Now review the settings’ summary, and click on Finish. Next, in the ISA Server details pane, click on Apply to implement the changes made.

You can filter mail based on certain keywords in the message header or body or both

Create access rules
Message Screener requires access rules for communication with the ISA Server computer, using the MS Firewall Control protocol. In our case, though both are running on the same computer, they will still need the access rule. To create the access rule in the Microsoft ISA Server Management console tree, select Firewall Policy. In the task pane, on the Tasks tab, select Create New Access Rule to start the New Access Rule Wizard. On the Welcome page of the wizard, enter the name for the access rule, such as Message Screener to Local Host, and then click on Next. Now on the Rule Action page, select Allow, and then click on Next. On the Protocols page, in ‘This rule applies to’, select ‘Selected Protocols’ and then use the Add button to open the ‘Add Protocols’ dialog box.

In the Add Protocols dialog box, expand All Protocols, and select MS Firewall Control. Click on Add, and then click on Close to close the Add Protocols dialog box. On the Protocols page, click on Next. On the Access Rule Sources page, click on Add to open the Add Network Entities dialog box, expand Networks, select the network (the Internet) containing the Message Screener computer, click on Add, and then on Close. On the Access Rule Sources page, click on Next. On the Access Rule Destinations page, click on Add to open the Add Network Entities dialog box, expand Networks, select the Local Host network (the ISA Server computer), click on Add, and then on Close. On the Access Rule Destinations page, click on Next.

On the User Sets page, leave the default user set All Users in place, and then click on Next. Review the information on the wizard summary page, and then click on Finish. In the Firewall Policy details pane click on Apply to apply the new access rule. 

smtp filter lets you block messages from 
specific e-mail IDs or domains

Remember that access rules are ordered, so if a deny rule matching SMTP access requests exists ahead of this allow rule in the order, access will be denied.

Enabling access on the MS Firewall Control Protocol
Message Screener requires access to the ISA Server computer on the MS Firewall Control protocol. A system policy rule allowing access from the Remote Management Computers computer set to the Local Host on the MS Firewall Control protocol already exists. You must add the Message Screener computer to the Remote Management Computers computer set so that the rule will apply to it. For that, open ISA Server Management, expand the ISA Server computer node, and click on Firewall Policy. In the task pane, on the Toolbox tab, select Network Objects, expand Computer Sets, and double-click on the Remote Management Computers computer set. Click on Add, and from the drop-down list select Computer to open the New Computer Rule Element dialog box. Provide the name and IP address for the Message Screener computer, and then click on OK. In the Firewall Policy details pane click on Apply to apply the change.

Configure Message Screener
In the console tree of ISA Server Management, expand Configuration and click on Add-ins. In the details pane, on the Applications Filters tab, double-click on SMTP Filter to open the SMTP Filter Properties dialog box. On the General tab verify that ‘Enable this filter’ is selected. On the Keywords, Users/Domains and Attachments tabs, you can configure the screening of e-mail messages. On the Keywords tab, click Add to open the Mail Keyword Rule dialog box. On this dialog box, in Keyword, you can provide a string that Message Screener will look for in e-mail messages. You can select whether the action is applied if the keyword is found in the Message subject or body, Message subject, or Message body. You can select an action from the Action drop-down list: Delete message, Hold Message, or Forward message to. If you select ‘Forward message to’ in E-mail address, provide the e-mail address to which the e-mail messages containing the keyword should be sent. Click on OK after you have configured the keyword rule. You can then add additional keywords by clicking on Add and repeating this step.

On the Users/Domains tab, you can add the names of senders or of entire domains for which e-mail messages will be blocked. To add a sender, in Sender’s e-mail address, type the senders e-mail address in the format user@domain.com, and then click on Add. To add a domain, in Domain name, type the name of the domain in the format domain.com, and then click on Add.

Mail attachment rule blocks messages with specific attachment name, attachment extension or 
attachment size

On the Attachments tab, click on Add to open the Mail Attachment Rule dialog box. In this dialog box, you can select an attachment parameter that Message Screener will check: Attachment name, Attachment extension, or Attachment size limit.

Then, provide a value for the parameter you selected. You can select an action from the Action drop-down list: Delete message, Hold Message, or Forward message to. If you select ‘Forward message to’ in E-mail address, provide the e-mail address to which the e-mail messages containing the keyword should be sent. Click on OK when you have configured the mail attachment rule. You can then add additional attachments by clicking on Add and repeating this step. After you configure Message Screener to screen e-mail messages based on keywords, users or domains, or attachments, click on OK to close the SMTP Filter Properties dialog box. In the ISA Server details pane, click on Apply to apply the changes you have made.

Screening outgoing mail using Message Screener
You can also configure Message Screener to block specific outgoing mail. Configure your mail server to route outgoing mail through Message Screener. It will then receive all outgoing mail before it is forwarded to the Internet, and will screen the outgoing mail according to the configuration you created above.

Anoop Mangla

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<