Installation Guide Template - Edge Transport Server (Windows Server 2008)

Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1

Topic Last Modified: 2009-09-29

The following Microsoft Exchange Server 2007 installation guide template can be used as a starting point for formally documenting your organization's server build procedures for Exchange 2007 servers that have the Edge Transport server role installed.

Executive Summary

The purpose of this document is to explain the installation and configurations necessary to install Exchange 2007 Edge Transport server role on the Windows Server 2008 platform.

Business Justification

By having an installation guide, Contoso will be able to ensure standardization across the enterprise, reducing Total Cost of Ownership, and easing troubleshooting steps.
Scope

The scope of this document is limited to installation of an Exchange 2007 Edge Transport server for Contoso on the Windows Server 2008 x64 Edition operating system platform.
Prerequisites

The operator should have working knowledge of Windows Server 2008 x64 Edition concepts, Exchange 2007 concepts, the Exchange Management Console and Exchange Management Shell, the command line, and various system utilities. This document does not elaborate on the details of any system utility except as necessary to complete the tasks within.

In addition, the operator should review the Planning for Edge Transport Servers topic in the Exchange 2007 Online Help before implementing the server role.
Assumptions

This document assumes that Windows Server 2008 x64 Edition is installed per company baseline regulations which include the latest approved service pack and hotfixes.

This document assumes that forest and domain preparation steps have been performed per How to Prepare Active Directory and Domains topic in the Exchange 2007 Online Help.

This document assumes that both Exchange 2007 and Windows Server 2008 will be secured following the best practices found in the following documentation.

This document also assumes that the host record for the Edge Transport server is generated within the internal forest's DNS so that the Hub Transport servers can locate the Edge Transport servers.
Server Configuration

The following media are required for this section.

Additional Software Verification
  1. Verify that Remote Desktop is enabled.
  2. As an optional process, install Microsoft Network Monitor.
Network Interfaces Configuration
  1. Log on to the server with an account that has at least local administrative access.
  2. Click Start, Control Panel and double-click Network and Sharing Center.
  3. Click Manage Network Connections.
  4. Locate the connection for the internal network and rename it appropriately.
  5. Right-click the connection and select Properties.
  6. For the TCP/IP Protocol add the following:
    1. Static IP Address, Subnet Mask, and Gateway
    2. DNS Server IP Addresses
    3. Check the box to Append parent suffixes of the primary DNS suffix
    4. WINS IP Addresses (if using WINS)
Drive Configuration
  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Click Start, Administrative Tools, and select Computer Management.
  3. Expand Storage and click on Disk Management.
  4. Open the Disk Management Microsoft Management Console (MMC) and format, rename, and assign the appropriate Drive Letters so that the volumes and DVD drive match the appropriate server configuration. At the very least, there should be a D drive for the Exchange binaries and the DVD drive should be configured as the Z drive. Refer to the Database Log logical unit number (LUN) Appendix at the end of this document for the actual drive configuration that should be used.

    Drive configuration

    LUN Drive letter Usage

    1

    C

    Operating system

    2

    D

    Exchange binaries, database

    3

    E

    Exchange transaction logs, tracking logs

    4

    Z

    DVD drive
Windows Server 2008 Hotfix Installation

All hotfixes are installed through a batch file. For a complete list of hotfixes that are installed, see Contoso server build DVD hotfix list. A sample hotfix list can be seen at Server Build DVD - Sample Hotfix List.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access and has been delegated local Administrator access.
  2. Insert the Exchange 2007 Configuration DVD.
  3. Browse to \W2K8-HotFix\ and double-click W2K8-hotfix.bat.
  4. Click Yes for any Digital Signature not Found dialog boxes that may appear.
    Cc742381.note(en-us,EXCHG.80).gifNote:
    These dialog boxes will not appear in environments that have not deployed the Windows Security templates.
  5. Wait for all file copies to complete and restart the server.
Domain Membership Configuration

Installing the Edge Transport server role into a domain is an optional step. Domain membership provides the ability to manage the server via group policy, control access, utilize Microsoft System Center Configuration Manager 2007, and utilize Microsoft System Center Operations Manager.

However, the Edge Transport server should not be installed in the internal forest for security purposes.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Click Start, right-click My Computer and select Properties.
  3. Under the Computer Name, domain, and workgroup settings, click Change Settings.
  4. Click Change.
  5. Choose the Domain radio button and enter the appropriate Domain name.
  6. Enter the appropriate credentials.
  7. Click OK and OK.
  8. Click OK to close the System Properties.
  9. Restart the server.
Local Administrators Verification
  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Verify (or add if not already there) that the following accounts are members of the local administrators group on this server.

    Local administrators

    Item Account Description Role

    1

    Domain Admins

    Domain Administrative Global Group

    Administrator

    2

    Root Domain\Exchange Organization Administrators

    Exchange Administrators

    Administrator

  3. Verify that your user account is a member of a group which is a member of the local administrators group on the Windows Server 2008 server. If it is not, use an account that is a member of the local administrators group before continuing.
Local Administrator Account Password Reset
  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Click Start, right-click Computer and select Manage.
  3. Expand the nodes to find Configuration\Local Users and Groups\Users.
  4. Right-click Administrator and select Set Password. Change the password so that it meets strong complexity requirements.
  5. As an optional step, right-click Administrator and select Rename. Rename the account according to company regulations.
Tools Installation

This section installs several useful tools that will aid administrators in Exchange administration and in troubleshooting support issues.

Cc742381.note(en-us,EXCHG.80).gifNote:
Debugging Tools for Windows will allow administrators to debug processes that are affecting service and determine root cause. For more information, see Debugging Tools for Windows - Overview.
  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Insert the Exchange 2007 Configuration DVD.
  3. Open a command prompt and navigate to the \Support folder.
  4. Run the following command where DVDROM-Drive is the DVD drive: W2K8Toolsinstall.cmd DVDROM-Drive (ex: W2K8Toolsinstall.cmd Z:).
  5. Right-click the c:\Tools folder and select Properties.
  6. Click the Security tab.
  7. Click the Advanced button.
  8. Uncheck Inheritance and copy the permissions.
  9. Remove the Everyone (and if listed, the Authenticated Users) security principal.
  10. Add the following groups, granting FULL CONTROL:
    1. SYSTEM
    2. The local Administrators group
    3. Creator Owner
Page File Modifications
  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Click Start, right-click Computer and select Properties.
  3. Select the Advanced System Settings.
  4. Under Startup and Recovery, click the Settings button.
    1. Under Write Debugging Information, change the memory dump drop-down list to Kernel Memory Dump.
    2. Click OK.
  5. Under Performance, click the Settings button.
  6. Click the Advanced tab.
  7. Under Virtual Memory, click the Change button.
  8. On servers that have a dedicated page file drive, follow these steps:
    1. In the Drive list, click C:, and then click Custom size.
    2. For the C: drive, set the Initial Size (MB) value to a minimum of 200 MB. (Windows requires between 150 MB and 2 GB page file space, depending on server load and the amount of physical RAM that is available for page file space on the boot volume when Windows is configured for a kernel memory dump. Therefore, you may be required to increase the size.)
    3. For the C: drive, set the Maximum Size (MB) value to that of the Initial Size.
    4. In the Drive list, select the page file drive (for example, the P: drive), and then click Custom size.
    5. In the Initial Size (MB) box, type the result of one of the following calculations:
      If the server has less than 8 GB of RAM, multiply the amount of RAM times 1.5.
      If the server has 8 GB of RAM or more, add the amount of RAM plus 10 MB.
    6. In the Maximum Size (MB) box, type the same amount that you typed in the Initial Size box.
    7. Delete all other page files.
    8. Click OK.
  9. On servers that do not have a dedicated page file drive, follow these steps:
    1. In the Drive list, click C:, and then click Custom size.
    2. For the C: drive, in the Initial Size (MB) box, type the result of one of the following calculations:
      If the server has less than 8 GB of RAM, multiply the amount of RAM times 1.5.
      If the server has 8 GB of RAM or more, add the amount of RAM plus 10 MB.
    3. Delete all other page files.
    4. Click OK.
  10. Click OK two times to close the System Properties dialog box.
  11. Click No if prompted to restart the system.
    Cc742381.note(en-us,EXCHG.80).gifNote:
    For more information on Page File recommendations, see the following articles: Configuring paging files for optimization and recovery in Windows Server 2003, in Windows 2000, and in Windows NT; How to determine the appropriate page file size for 64-bit versions of Windows Server 2003 or Windows XP; and Overview of memory dump file options for Windows Vista, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000.
Drive Permissions
  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Click Start and select Computer.
  3. Right-click the D Drive and select Properties.
  4. Click the Security tab.
  5. Click Edit.
  6. Click Add and select the local server from Locations.
  7. Grant the following rights as outlined in the following table.

    Drive permissions

    Account Permissions

    Administrators

    Full Control

    SYSTEM

    Full Control

    Authenticated Users

    Read and Execute, List, Read

    CREATOR OWNER

    Full Control

  8. Click the Advanced button.
  9. Select the CREATOR OWNER permission entry and click View/Edit.
  10. Select Subfolders and Files Only from the drop-down list.
  11. Click OK two times.
  12. Click OK to close the drive properties.
  13. Repeat steps 3-12 for each additional drive (other than the C drive).
Verification Steps
Organizational Unit Verification

This is an optional step and does not need to be followed for Edge Transport servers that are not deployed within a forest.

Submit a change request and have the computer object moved to the appropriate organizational unit (OU). If following the recommendations in the Exchange 2007 Security Guide, the OU will be \Member Servers\Exchange Backend Servers\Exchange Edge Transport Servers.
Active Directory Site Verification

This is an optional step and does not need to be followed for Edge Transport servers that are not deployed within a forest.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Open a command prompt.
  3. Verify that the server is in the correct domain and Active Directory site. At the command line run:
    NLTEST /server:%COMPUTERNAME% /dsgetsite
  4. The name of the Active Directory site to which the server belongs will be displayed. If the server is not in the correct Active Directory site, submit a change request to the appropriate operations group and have the server moved to the appropriate Active Directory site.
Domain Controller Diagnostics Verification

This is an optional step and does not need to be followed for Edge Transport servers that are not deployed within a forest.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Open a command prompt and change paths to the C drive.
  3. Run the following command:
    dcdiag /s:<Domain Controller> /f:c:\dcdiag.log
    Cc742381.note(en-us,EXCHG.80).gifNote:
    Change <domain Controller> to a domain controller contained within the same Active Directory site as the Exchange server.
  4. Review the output of C:\dcdiag.log file and verify that there are no connectivity issues with the local domain controller.
  5. Repeat steps 3 and 4 for each domain controller in the local Active Directory site.
    Cc742381.note(en-us,EXCHG.80).gifNote:
    Domain Controller Diagnostics (DCDiag) is a Windows support tool that tests network connectivity and DNS resolution for domain controllers. If the account being used does not have administrative privileges, several tests under the Doing primary tests heading may not pass. These tests can be ignored if the connectivity tests pass. In addition, the log file may report that some service validation tests did not pass. These messages can be ignored if the services do not exist on the domain controller.
Exchange Server Role Installation

The following CD media are required for this section:

  • Microsoft Exchange 2007 DVD
  • Exchange 2007 Configuration DVD
Exchange 2007 Prerequisites Installation
  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Open an administrative command prompt window.
  3. Run the following command where <path> references the E2K7 CONFIG DVD \E2K7-PreReqs folder:
    ServerManagerCmd -ip <path>\Exchange-Base.XML
  4. Run the following command where <path> references the E2K7 CONFIG DVD \E2K7-PreReqs folder and <Exchange-role> references the appropriate role XML file:
    ServerManagerCmd -ip <path>\<Exchange-role>.XML
  5. Restart the server if required.
Exchange 2007 Installation

Though this document uses the command line method for installing the Exchange roles, the GUI can also be used. For more information about how to use the setup GUI to install an Exchange role, see the Exchange 2007 Online Help topic How to Perform a Custom Installation Using Exchange 2007.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access and was delegated the Exchange Server Administrator role (or higher) if the server was pre-created.
  2. Follow the procedure from the Exchange 2007 Online Help topic How to Install Exchange 2007 in Unattended Mode. For example, setup.com /r:MB /t:d:\exchsrvr.
  3. Restart the server, if required.
Exchange Server 2007 Post-SP1 Roll-up Installation

All hotfixes are installed through a batch file. For a complete list of hotfixes that are installed, see Contoso server build DVD hotfix list. A sample hotfix list can be seen at Server Build DVD - Sample Hotfix List.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access and was delegated local Administrator access.
  2. Insert the Exchange 2007 Configuration DVD.
  3. Browse to \E2K7-PostSP1\ and double-click E2K7-postsp1.bat.
  4. Click Yes for any Digital Signature not Found dialog boxes that may appear
    Cc742381.note(en-us,EXCHG.80).gifNote:
    These dialog boxes will not appear in environments that have not deployed the Windows Security templates.
  5. Wait for all file copies to complete and restart the server.
Product Key Configuration
  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access and was delegated the Exchange Organization Administrator role.
  2. Follow the procedure outlined in the Exchange 2007 Online Help topic How to Enter the Product Key.
Security Configuration Wizard

This section is optional and may be skipped.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Follow the procedures from the Exchange 2007 Online Help topic How to Install the Security Configuration Wizard to install the Security Configuration Wizard.
  3. Follow the procedures from the Exchange 2007 Online Help topic How to Register Exchange Server Role SCW Extensions to register the Exchange 2007 Server SCW extension.
  4. Follow the procedures from the Exchange 2007 Online Help topic How to Create a New Exchange Server Role SCW Policy to configure and apply the policy.
System Performance Verification

By default, Exchange 2007 optimizes the server’s memory management for programs, which configures the server’s system cache as the default size.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.
  2. Click Start, right-click Computer and select Properties.
  3. Select the Advanced System Settings.
  4. Under Performance, click the Settings button.
    1. Click the Advanced tab.
    2. Verify that the Processor Scheduling is set to Background Services.
  5. Click OK.
Exchange Server Role Configuration
Clone Configuration

This is an optional step and need not be performed. If you would like to manually configure the settings (or if you need to as a result of the first Edge Transport server role being deployed), you can do so by reviewing the Appendix within this document.

For more information about what information is cloned versus what information is not, please see the Exchange 2007 Online Help topic Using Edge Transport Server Cloned Configuration.

  1. Connect to the server via Remote Desktop and log on with an account that has local administrative access.
  2. Follow the procedures from the Exchange 2007 Online Help topic How to Configure the Edge Transport Server Role by Using Cloned Configuration Tasks to clone certain information from one Edge Transport server to another.
  3. Verify that the cloned settings are applied, by reviewing the customized settings on the source server with this server (the Appendix within this document may also be of help).
EdgeSync Configuration

Before executing the EdgeSync configuration process, review the Exchange 2007 Online Help topic Preparing to Run the Microsoft Exchange EdgeSync Service.

  1. Connect to the server via Remote Desktop and log on with an account that has local administrative.
  2. Follow the procedures from the Exchange 2007 Online Help topic How to Export an Edge Subscription File to export the necessary information to enable synchronization to the Edge Transport server from an Active Directory site within the Exchange organization.
  3. Follow the procedures from the Exchange 2007 Online Help topic How to Import the Edge Subscription File to import the Edge Subscription file into the Exchange organization and enable synchronization from the Active Directory site to the Edge Transport server.
  4. Follow the procedures from the Exchange 2007 Online Help topic How to Force EdgeSync Synchronization to force immediate synchronization.
Message Size Limits Configuration

Before manipulating message size limits, review the Managing Message Size Limits topic from the Exchange 2007 Online Help.

  1. Connect to the server via Remote Desktop and log on with an account that has local administrative access.
  2. Click Start, All Programs, Microsoft Exchange Server 2007 and select Exchange Management Shell.
  3. Modify the maximum receive message size limit according to company policy by running the following command where the value is qualified in either KB or MB:
    Set-ReceiveConnector "Default Internal Receive Connector *" -MaxReceiveSize <MaxReceiveSize>
Domain Security Configuration

This section is optional and may be skipped.

Domain Security refers to the set of functionality in Exchange 2007 and Microsoft Office Outlook 2007 that provides a relatively low-cost alternative to S/MIME or other message-level security solutions. The purpose of the Domain Security feature set is to provide administrators a way to manage secured message paths over the Internet with business partners. After these secured message paths are configured, messages that have successfully travelled over the secured path from an authenticated sender are displayed to users as "Domain Secured" in the Outlook and Outlook Web Access interface.

For more information, please see the Exchange 2007 Online Help topic Planning for Domain Security.

  1. Connect to the server via Remote Desktop and logon with an account that has local administrative access.
  2. Follow the procedures from the Exchange 2007 Online Help topic Creating a Certificate or Certificate Request for TLSto create and initialize a certificate for TLS use with SMTP.
  3. Follow the procedures from the Exchange 2007 Online Help topic How to Configure Mutual TLS for Domain Security to configure mutual TLS between the mail systems.
Anti-Spam Update Configuration
  1. Connect to the server via Remote Desktop and logon with an account that has local administrative access.
  2. Follow the procedures from the Exchange 2007 Online Help topic How to Configure Anti-Spam Automatic Updates to allow for anti-spam automatic updates.
Transaction Log Location
  1. Connect to the server via Remote Desktop and logon with an account that has local administrative access.
  2. Verify that the MSExchangeTransport service is stopped; if it is not stopped, stop the service.
  3. Create the folder E:\Exchange\QueueLogs.
  4. Move the TRNxxxx.LOG and *.JRS files from <Exchange Install Path>\TransportRoles\Data\Queue to the E:\Exchange\QueueLogs.
  5. Navigate to <Exchange Install Path>\bin.
  6. Open the EdgeTransport.exe.config file in notepad and edit the following entry:
    <add key="QueueDatabaseLoggingPath" value="E:\Exchange\QueueLogs" />
  7. Save the file.
Transport Logs Location
  1. Connect to an Exchange 2007 server via Remote Desktop and logon with an account that has local administrative access and has been delegated the Exchange Server Administrator role (or higher).
  2. Verify that the MSExchangeTransport service is stopped; if it is not stopped, stop the service.
  3. Create the E:\Exchange\Logs folder.
  4. Move the folders that reside in <Exchange Install Path>\TransportRoles\Logs to the E:\Exchange\Logs folder.
  5. Open the Exchange Management Shell and run the following commands:
    Set-TransportServer <ServerName> -ConnectivityLogPath "E:\Exchange\Logs\Connectivity" -MessageTrackingLogPath "E:\Exchange\Logs\MessageTracking" -ReceiveProtocolLogPath "E:\Exchange\Logs\ProtocolLog\SmtpReceive" -SendProtocolLogPath "E:\Exchange\Logs\ProtocolLog\SmtpSend" -RoutingTableLogPath "E:\Exchange\Logs\Routing"
  6. Open a command prompt and start the transport service by running the following command:
    command net start MSExchangeTransport
Temporary Storage Path
  1. Connect to an Exchange 2007 server via Remote Desktop, and then log on by using an account that has local administrative access and that has been delegated the Exchange Server Administrator role (or higher).
  2. Verify that the MSExchangeTransport service is stopped. If it is not stopped, stop the service.
  3. Move to the <Exchange Install Path>\bin directory.
  4. Open the EdgeTransport.exe.config file in Notepad, and then change the TemporaryStoragePath entry to point to the mail.que drive. By default, this path is "C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Temp."
    <add key="TemporaryStoragePath" value="<path of mail queue>" />
  5. Save the file.
ESE Performance Counter Activation
  1. Connect to the server via Remote Desktop, and then log on by using an account that has local administrative access.
  2. Start Registry Editor.
  3. Locate the HKEY_LOCAL_MACHINE\CurrentControlSet\Services\ESE\Performance registry subkey.
  4. Right-click Performance, point to New, and then click DWORD Value.
  5. Type Show Advanced Counters to name the new value.
  6. Double-click Show Advanced Counters.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.
Handoff Test
  1. Using test mailboxes located on the Internet, send sample messages to various internal mailboxes and verify that mail is successfully delivered.
  2. Send sample messages from internal mailboxes to various Internet test mailboxes and verify that the mail is successfully delivered.
  3. If Domain Security was implemented between two mail organizations, test mail flow between the organizations and verify that the message is listed as “Domain Secured” in the receiving client.
  4. Review the event logs and tracking logs and ensure the Edge Transport server is operating correctly.
Appendix

The following sections only need to be implemented if:

  • This is the first Edge Transport server being deployed.
  • The Edge Transport Cloned Configuration process is not used.
Transport Server Configuration
  1. Connect to the server via Remote Desktop and logon with an account that has local administrative access.
  2. Click Start, All Programs, Microsoft Exchange Server 2007 and select Exchange Management Shell.
  3. Use the following table for information needed for the commands.
    Cc742381.important(en-us,EXCHG.80).gifImportant:
    The values in the following table are example values, not recommended values. These values must be updated to reflect the actual values for your organization.

    Receive connector settings

    Default value Example values

    MessageTrackingLogEnabled

    True

    True

    MessageTrackingLogMaxAge

    30.00:00:00

    10.00:00:00

    MessageTrackingLogMaxDirectorySize

    250 MB

    150 GB

    MessageTrackingLogMaxFileSize

    10 MB

    10 MB

    MessageTrackingLogSubjectLoggingEnabled

    True

    True

    MaxPerDomainOutboundConnections

    20

    50

    ConnectivityLogMaxAge

    30.00:00:00

    10.00:00:00

    ConnectivityLogMaxDirectorySize

    250 MB

    150 GB

    ConnectivityLogMaxFileSize

    10 MB

    10 MB

    ReceiveProtocolLogMaxDirectorySize

    250 MB

    15 GB

    ReceiveProtocolLogMaxFileSize

    10 MB

    10 MB

    ReceiveProtocolLogMaxAge

    30.00:00:00

    10.00:00:00

    SendProtocolLogMaxDirectorySize

    250 MB

    15 GB

    SendProtocolLogMaxFileSize

    10 MB

    10 MB

    SendProtocolLogMaxAge

    30.00:00:00

    10.00:00:00

    ExternalDsnReportingAuthority

    Server FQDN

    <SMTP namespace>

    1. Modify the default settings by running the following command:
    Set-TransportServer <ServerName> -MessageTrackingLogMaxAge <MaxAge> -MessageTrackingLogMaxDirectorySize <LogDirSize> -MessageTrackingLogMaxFileSize <LogFileSize> -ConnectivityLogMaxAge <MaxAge> -ConnectivityLogMaxDirectorySize <LogDirSize> -ConnectivityLogMaxFileSize <LogFileSize> -MessageTrackingLogSubjectLoggingEnabled <SubjectLogEnabled> -MaxPerDomainOutboundConnections <PerDomainOutboundConnections> -ReceiveProtocolLogMaxDirectorySize <ReceiveLogDirSize> -ReceiveProtocolLogMaxFileSize <ReceiveLogFileSize> -ReceiveProtocolLogMaxAge <ReceiveLogAge> -SendProtocolLogMaxDirectorySize <SendLogDirSize> -SendProtocolLogMaxFileSize <SendLogFileSize> -SendProtocolLogMaxAge <SendLogAge> -ExternalDsnReportingAuthority <SMTPNamespace>
Cc742381.note(en-us,EXCHG.80).gifNote:
For more information, see Set-TransportServer (RTM).
Transport Agent Configuration

By default, all these agents are enabled when the Edge Transport server role is installed. The following steps assume that each Transport Agent will be used as part of the message hygiene defense layer.

Review the Exchange 2007 Online Help topic Anti-Spam and Antivirus Functionality to understand the general strategy for configuring all anti-spam agents so that they work together efficiently for your organization.

  1. Connect to the server via Remote Desktop and log on with an account that has local administrative access.
  2. Follow the procedures from the Exchange 2007 Online Help topic How to Configure Attachment Filtering to disable the filtering agent if it is not desired, or to add or remove attachments from the default list.
  3. To configure Connection Filtering, do the following:
    1. Follow the procedures from the Exchange 2007 Online Help topic How to Add IP Addresses to the IP Allow List and IP Block List to add entries to the IP Allow or Deny lists.
    2. Follow the procedures from the Exchange 2007 Online Help topic How to Configure IP Allow List and IP Block List Providers to add block list provider entries.
    3. Follow the procedures from the Exchange 2007 Online Help topic How to Add Recipients to the Recipient Block List to add recipients to the block list.
    4. Follow the procedures from the Exchange 2007 Online Help topic How to Add Blocked Senders and Domains to Sender Filter to add senders to the block list.
  4. To configure Sender-ID Filtering, do the following:
    1. Follow the procedures from the Exchange 2007 Online Help topic How to Exclude Recipients and Sender Domains from Sender ID Filtering to exclude certain entities from Sender-ID filtering.
    2. Follow the procedures from the Exchange 2007 Online Help topic How to Configure Sender ID Actions configure the action that is taken by Sender-ID filtering.
  5. To configure Sender Reputation, do the following:
    1. Follow the procedures from the Exchange 2007 Online Help topic How to Set the Sender Reputation Level Block Threshold to set the threshold to a different value.
    2. Follow the procedures from the Exchange 2007 Online Help topic How to Configure Outbound Access for Detection of Open Proxy Servers for Sender Reputationto enable sender reputation to traverse any firewalls that are between the Edge Transport server and the Internet.
  6. To configure Content Filtering, do the following:
    1. Follow the procedures from the Exchange 2007 Online Help topic How to Enable and Configure the Spam Confidence Level Thresholds to adjust the spam confidence levels for quarantine, reject, and delete actions.
    2. Follow the procedures from the Exchange 2007 Online Help topic How to Specify Recipient and Sender Exceptions for Content Filtering to specify exceptions for content filtering.
    3. Follow the procedures from the Exchange 2007 Online Help topic How to Configure Allow or Block Phrases for Content Filtering to specify phrases for content filtering.
    4. Follow the procedures from the Exchange 2007 Online Help topic How to Configure the Rejection Response for Content Filtering to specify a custom rejection response for content filtering.
    5. Follow the procedures from the Exchange 2007 Online Help topic How to Specify a Spam Quarantine Mailbox to utilize the quarantine mailbox feature.
Tags :


Page view tracker