Securing the E-Mail Environment


Topic Last Modified: 2005-12-14

E-mail is a mission critical service for nearly all organizations. Therefore, it is crucial that you provide your customers with stable and reliable e-mail services.

Malicious attack, in the form of a virus, worm, or denial of service, is one area of risk in daily Exchange 2003 operations. Similarly, unsolicited commercial e-mail (spam) has become intrusive and sophisticated enough to be considered a threat to e-mail operations.

To help you guard against these intrusions, this section provides you with the following information:

  • Tips for securing the client

  • Exchange 2003 patch management processes

  • Anti-virus measures

  • Protecting against spam, including new features in Microsoft Office Outlook® 2003 and Exchange 2003 that can help in this area

  • Protecting against denial-of-service attacks

  • Protecting against address spoofing

The Microsoft Exchange Server Best Practices Analyzer Tool is one of the most effective tools that you can regularly run to help verify that your Exchange environment is secure. The Exchange Server Best Practices Analyzer automatically examines your Exchange Server deployment and determines whether the configuration is set according to Microsoft best practices. You can install the Exchange Server Best Practices Analyzer on a client computer that is running Microsoft .NET Framework 1.1. With the appropriate network access, the Exchange Server Best Practices Analyzer examines all your Microsoft Active Directory® directory service and Exchange servers.

You can determine the overall health of your Exchange servers and topology by using the Exchange Server Best Practices Analyzer to perform the following tasks:

  • You can generate a list of issues, such as suboptimal configuration settings and unsupported or non-recommended options.

  • You can determine the general health of a system.

  • You can help troubleshoot specific problems by collecting alert-specific documentation for each warning, error, and non-default configuration message.

  • You can run the tool against a whole deployment, a specific server, or a set of servers.