ISA Server 2004 Configuration Guide 185
Introduction
One of the optional components included with the ISA Server 2004 is the SMTP Message
Screener. The SMTP Message Screener can inspect SMTP messages at the application
layer relay or reject messages based on parameters you configure. The SMTP Message
Screener can evaluate incoming SMTP mail based on the following characteristics:
• Sender mail account and sender domain name
• Attachments name, attachment extension and attachment size
• Keywords included in the subject line and body of text/plain and text/html messages
For example, a common attachment extension for Internet worms is the .pif extension. Since
very few or no legitimate e-mail messages contain attachments with the .pif extension, you
can configure the filter to match messages with attachments with this extension and perform
one of the following actions:
• Delete the message
• Hold the message
• Forward the message to a specified e-mail account
The SMTP Message Screener is an integral part of your e-mail defense in-depth scheme.
Internet worms and viruses, in addition to spam, represent some of the most significant risks
to your network. Worms and viruses can attack network servers, services and workstations
throughout the Internal network. Spam clogs Internal network bandwidth and consumes
employee time, costing many thousands, even millions, of dollars per month in employee
productivity.
E-mail defense in depth allows you to distribute the processing of incoming and outgoing e-
mail messages. SMTP message evaluation is a processor-intensive activity, and the more
machines the load is distributed to, the more efficient the process. You can use the ISA
Server 2004 SMTP Message Screener together with the Exchange SMTP Gateway Server to
provide an ideal level of e-mail defense in depth.
In the example discussed in this document, we will configure the ISA Server 2004 firewall as
an inbound and outbound SMTP relay. The inbound SMTP relay component will accept
incoming mail from external SMTP servers destined for e-mail domains that you manage on
your Exchange Server. The outbound SMTP relay is used to screen e-mail send out from the
Exchange Server to e-mail domains on the Internet (e-mail domains that you do not host or
control).
To achieve these goals, you will perform the following steps:
• Restore the system to its post-installation state
• Assign a second IP address to the Internal interface of the ISA Server 2004 firewall
• Install and configure the SMTP Service
• Install the SMTP Message Screener
• Create the SMTP Server Publishing Rules
• Configure SMTP Message Screener logging
• Test SMTP Filtering
