Forefront Protection 2010 for Exchange Server (FPE) provides settings that enable you to identify external and internal addresses. You configure these settings shortly after installing FPE so that inbound and internal mail can easily be identified for targeted antimalware scanning and filtering.

Table of Contents

Identifying external addresses

If you are using an external server in order to route e-mail into your Exchange environment via an Edge Transport or Hub Transport server, you can enter the IP address of the Edge Transport or Hub Transport server so that FPE treats all e-mail coming from that server as inbound when determining which filters and scan jobs to use for a message.

If you do not enter the IP address of your Edge Transport or Hub Transport server, FPE uses its internal logic in order to determine whether or not messages are inbound.

To identify external addresses

  1. In the Forefront Protection 2010 for Exchange Server Administrator Console, click Policy Management, and under Global Settings, click Advanced Options.

  2. Under the IP addresses used to identify external addresses field, click Edit IP Address List.

  3. In the Edit IP Address List dialog box, in the box, type the IP address, and then press ENTER. Repeat this process in order to add multiple IP addresses (additional IP addresses must be input on separate lines).

  4. After you have completed adding IP addresses, click Apply and Close to return to the Global Settings - Advanced Options pane, and then click Save.

Identifying internal addresses

You can configure FPE to scan internal mail. Messages are designated as internal if they originate from inside your domain and all the recipients are located inside your domain.

To identify internal addresses

  1. In the Forefront Protection 2010 for Exchange Server Administrator Console, click Policy Management, and under Global Settings, click Advanced Options.

  2. You can identify internal addresses by using one of the following settings under the Scans section.

If your list of internal names is small, use the Domain names used for identifying internal addresses setting. If you are adding many internal names, it is recommended that you use the Domains.dat file instead.

  • Domain names used for identifying internal addresses—If your list of internal names is small, click Edit Domain Name List. In the Edit Domain Name List dialog box, in the box, type the domain name, and then press ENTER. Repeat this process in order to add multiple domain names (additional domain names must be input on separate lines). After you have completed adding domain names, click Apply and Close to return to the Global Settings - Advanced Options pane.

    When adding a domain name, be aware that its subdomains are covered by the entry. For example: contoso.com includes subdomain.contoso.com and subdomain2.contoso.com. Alternate domains such as contoso.net or contoso.org must be entered individually. Values entered in this field are used as a substring match of the end of an e-mail address. For example, example.com would consider someone@example.com and someone@abcdef123example.com to be internal addresses.
  • Use external "Domains.dat " file instead of value in “Domain names used for identifying internal addresses” parameter—If you have a large number of domains to be used as internal addresses, you can enter them in an external file called Domains.dat and leave the Domain names used for identifying internal addresses field blank. In order to use the external Domains.dat file, you must enable the Use external "Domains.dat " file instead of value in “Domain names used for identifying internal addresses” parameter setting.

    Domains.dat is an empty text file located in the data folder. You can enter all your internal domains, each on a separate line, into this text file. Unlike the Domain names used for identifying internal addresses field, you must enter all subdomains individually.

    The Domains.dat file is reloaded at 02:00 (2:00 A.M.) each day. This is when any changes you make to the file take effect

       3.   Click Save.

    How to Enable Reverse DNS Lookups for Inbound and Outbound Determination


    Use reverse DNS lookup when determining whether a message is inbound     is disabled by default.

    It enables you to set reverse DNS lookups for inbound and outbound determination if the Domain names used for identifying internal addresses list (or the Domains.dat file) contains entries other than the domain name of the server.
    • When enabled, FPE uses reverse DNS lookup in order to get the domain name and make the inbound or outbound determination.
    • When disabled, FPE uses the information in the Received header, as well as secure routing information from the Exchange Transport Agent, in order to make the inbound or outbound determination.
    The inbound or outbound determination is used by keyword filtering and file filtering.

    Wondering what to do next?


    After you have identified external and internal addresses: