Configuring backscatter filtering

 

Applies to: Forefront Protection for Exchange

Forefront Protection 2010 for Exchange Server (FPE) Backscatter filtering is intended to prevent bounced mail or Delivery Status Notifications (DSN) for mail that was never sent from addresses in your organizations. (In other words, mail that was sent with a forged “Sender” field in the P1 header.) FPE prevents backscatter by tagging all outbound mail with a Bounce Address Tag Validation (BATV) token and then verifies all DSNs for the integrity of the tokens.  If the token does not exist or does not compute correctly, the agent will reject the DSN.

Note

BATV is a method for determining whether the bounce address specified in an e-mail message is valid. When a BATV agent is used, all e-mail is sent with a return address that includes a cryptographic token that cannot be forged. Any e-mail that is returned as a bounce without a valid BATV signature is rejected.

To use Backscatter filtering, you need to enable the feature, configure optional domain exclude and reject lists, generate backscatter keys, and distribute the keys to all of your edge and hub servers that are protected by FPE.

Important

Backscatter filtering must be enabled on all Exchange servers that handle inbound and outbound e-mail to function properly.

To enable backscatter filtering

  1. In the Forefront Protection 2010 for Exchange Server Administrator Console Policy Management tree view, expand Antispam, and then click Configure.

  2. In the Antispam - Configure pane, in the Backscatter filter section, select the Enable Backscatter filtering check box

Note

The Microsoft Exchange Transport service must be stopped and then started again for changes to this setting to take effect. Do not use the Restart function.

Adding entries to the domain exclude list

You can add entries to the Excluded Domains list to allow DSNs from certain domains to always be accepted. All DSNs from domains on this list are exempted from backscatter filtering.

To create a domain exclude list

  1. In the FPE Administrator Console Policy Management tree view, expand Antispam, and then click Configure.

  2. In the Antispam - Configure pane, in the Backscatter filter section, click Configure Backscatter Lists or select Configure Backscatter Lists in the Actions pane.

  3. In the Configure Backscatter Lists dialogue box, perform the following steps:

    1. Select Excluded Domains in the menu bar.

    2. In the Domain Name box, enter the domain name that you want to add.

    3. Click Apply to save your changes and enter additional domain names or click Apply and Close to save your entry and return to the Antispam - Configure pane. The domain name is added to the Excluded Domains list.

  4. Click Save at the top of the pane to save your configuration.

Adding entries to the domain block list

The domain block list is used to block all DSNs from domains that you suspect to be spammers or domains from which you do not want DSNs for any reason.

To create a domain block list

  1. In the FPE Administrator Console Policy Management tree view, expand Antispam, and then click Configure.

  2. In the Antispam - Configure pane, in the Backscatter filter section, click Configure Backscatter Lists or select Configure Backscatter Lists in the Actions pane.

  3. In the Configure Backscatter Lists dialogue box, perform the following steps:

    1. Select Reject DSNs from Domains in the menu bar.

    2. In the Domain Name box, enter the domain name that you want to add.

    3. Click Apply to save your changes and enter additional domain names or click Apply and Close to save your entry and return to the Antispam - Configure pane. The domain name is added to the Excluded Domains list.

  4. Click Save at the top of the pane to save your configuration.

Creating and distributing backscatter keys

The backscatter filter uses keys to tag all outgoing mail with a token that can be validate on bounced messages. The keys are generated in batches of ten and are valid until another set is generated. If you have multiple edge or hub servers in your environment, you will need to distribute the keys to all FPE protected servers so that they use the same keys to create tokens for outgoing mail. The keys are saved in the configuration.xml file that is stored in the data folder; for the default data folder on your operating system, see Default folders.

Note

The configuration.xml file is used to store ALL FPE configuration settings, so when you export or import the file, all FPE settings will be updated. If your settings are not identical on all FPE protected servers, you will not be able to distribute the keys without changing your configurations.

To generate the backscatter keys

  1. In the FPE Administrator Console Policy Management tree view, expand Antispam, and then click Configure.

  2. In the Antispam - Configure pane, in the Backscatter filter section, click Generate.

    The keys are generated and the date and time are displayed in the UI.

To export the backscatter keys

  1. In the FPE Administrator Console Policy Management tree view, expand Antispam, and then click Configure.

  2. In the Antispam - Configure pane, in the Backscatter filter section, click Export Keys.

  3. In the export dialogue box, navigate to the configuration.xml file in the “data” folder and highlight the file.

  4. Navigate to the folder where you would like to which you would like to export the file and click Save.

    The file is saved to the location you selected.

To import the backscatter keys

  1. In the FPE Administrator Console Policy Management tree view, expand Antispam, and then click Configure.

  2. In the Antispam - Configure pane, in the Backscatter filter section, click Import Keys.

  3. In the import dialogue box, navigate to the configuration.xml file you saved and highlight the file.

  4. Navigate to the “data” folder and click Open.

    The file is saved to the data file.

See Also

Concepts

Using antispam filtering
Best practices for configuring Forefront Protection 2010 for Exchange
Microsoft Forefront Protection 2010 for Exchange Server