Export (0) Print
Expand All

Configuring Directory-Based Edge Blocking

 

Applies to: Forefront Online Protection for Exchange

Topic Last Modified: 2012-06-19

The Forefront Online Protection for Exchange (FOPE) filtering service normally processes all of the messages that are sent to any SMTP address within your domain. You can, however, configure your service to validate the messages that come into the domain, before they undergo further processing. This extra option is provided by the Directory-Based Edge Blocking section, available in the center pane on the Domains tab.

TipTip:
Exchange Online users, both Live@edu and Office 365, are not typically populated in the FOPE Administration Center. In order to use Directory Based Edge Blocking (DBEB) at the FOPE perimeter you must upload your user list to FOPE.
How to configure Directory-Based Edge Blocking for a domain
  1. On the Administration tab, click the Domains tab.

  2. In the Domains pane, click the name of the domain that you want to modify. You can search for a specific domain name by using the search box.

  3. In the Service Settings section of the center pane, next to User List Settings, click Edit.

  4. In the drop-down menu in the Directory-Based Edge Blocking section, select one of the following options:

    • Disabled: Disables Directory-Based Edge Blocking for the domain.

    • Reject: Rejects all messages at the network perimeter that are sent to email addresses that are not part of the domain’s user list.

    • Reject-Test: Redirects all messages that are sent to user accounts that are not on the user list to a specified email address.

      NoteNote:
      Reject-Test mode is a test function that is specifically designed to be used for a short period of time. Its purpose is to validate the accuracy of the user list. In Reject-Test mode, any message that is received for a recipient who is included on the user list will be processed according to the domain’s settings. All email messages sent to recipients who are not on the user list are redirected to a separate email address after filtering.

    • Pass-Through: Filters a subset of user accounts through the Hosted Filtering service. Email to all other SMTP addresses not on the list will be delivered directly, without passing through the Hosted Filtering service. The email messages for users who are not present in the Pass Through list do not bypass the IP Reputation Blocks on the FOPE network edge.

    • Passive (Virtual Domain Creation Only): Passive mode on a domain allows you to configure Virtual Domains for that domain without needing to provide a User List for the Parent Domain.

  5. In the *Error notification address text box, specify the email address that should receive any error notifications that may occur during the User List upload.

  6. Click Save.

After you have added users to your domain and have selected a Directory-Based Edge Blocking option, all email addresses in the Users List for that domain will be used for recipient validation.

If you disable Admin Center as the User List source for Directory-Based Edge Blocking for a domain, then recipient validation will be disabled for all user accounts listed in the Administration Center for that domain. If you choose to re-enable Admin Center as the User List source for Directory-Based Edge Blocking for the domain, then all user accounts in the Administration Center for that domain will be used for recipient validation.

NoteNote:
If you are using the legacy Directory Synchronization Tool or Secure FTP upload to add users to your service, then the directory-based edge blocking option you selected for those upload modes will be applied; however, the users will not show up in the Administration Center.
 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft