Connection Filtering
.gif "Cc526528.chm_head_left(en-us,TechNet.10).gif") |
|
.gif "Cc526528.chm_head_right(en-us,TechNet.10).gif") |
Connection Filtering
The Connection Filter agent is an anti-spam agent that is enabled on computers that have the Microsoft Exchange Server 2007 Edge Transport server role installed. The Connection Filter agent relies on the IP address of the remote server that is trying to connect to determine what action, if any, to take on an inbound message. The remote IP address is available to the Connection Filter agent as a by-product of the underlying TCP/IP connection that is required for the Simple Mail Transfer Protocol (SMTP) session. Because the Connection Filter agent must evaluate the IP address of the remote server that is sending the message to be effective, the Connection Filter agent is typically enabled on the Internet-facing Edge Transport server. However, you may also perform additional configuration to run the Connection Filter agent deeper in the inbound message path.
When you configure anti-spam agents on an Edge Transport server, the agents act on messages cumulatively to reduce the number of unsolicited messages that enter the organization. To reduce redundancy and improve overall system performance and efficiency, you must understand the order in which the agents evaluate inbound messages. Understanding the order in which the filters evaluate inbound messages will help you optimize your configuration of the Edge Transport servers.
When you enable the Connection Filter agent, the Connection Filter agent is the first anti-spam agent to run when an inbound message is evaluated.
When an inbound message is submitted to an Edge Transport server on which the Connection Filter agent is enabled, the source IP address of the SMTP connection is checked against IP Allow lists and IP Block lists. If the source IP address is listed on an IP Allow list, the message is sent to the destination without additional processing by other anti-spam agents. If the source IP address is listed on an IP Block list, the SMTP connection is dropped after all RCPT TO headers in the message are processed. If the source IP address is not listed on any IP Allow list or IP Block list, the message continues to flow through other anti-spam agents if other anti-spam agents are configured.