top of page
Search
aubreecahoongy

Exchange 2007 Anti-Spam updates and the Automatic Updates client: Features and Functionality



Microsoft Exchange Server 2007 leverages the proven Microsoft Update infrastructure for providing anti-spam filter updates and, by default, administrators can visit the MU site to retrieve content filter updates that are being published every two weeks.


Note that opting in for anti-spam updates will not cause other updates that might be relevant to this server to be downloaded or installed. The wizard is exclusively enabling the retrieval of anti-spam updates and will not otherwise configure the server to be kept up to date with patches and other software updates.




Exchange 2007 Anti-Spam updates and the Automatic Updates client



Once the wizard finishes, the system is configured so that the "Microsoft Exchange Anti-spam Update" NT service scans Microsoft Update every hour for anti-spam updates that are applicable to this server. If updates are available, they are downloaded and installed with no mailflow impact or admin intervention.


Safe list aggregation is a feature of exchange 2007 anti-spam is where running the update-safelist cmdlet for a particular mailbox will update the msExchangeSafeSenderHash attribute on the mailbox object in Active Directory with the safe senders list from a user's mailbox. This feature is a useful way to prevent false positives from being generated by anti-spam agents.


Enabling automatic anti-spam updates does use the windows automatic update API and does require that you opt in one time for windows update for the AS server. However, it does not require that you download all the other updates available on Windows Update like service packs and rollups etc.


When running the cmdlet from your edge server (or HT server with the AS agents installed) you can specify "RequestNotifyDownload" value for the -MicrosoftUpdate parameter. This maps to the "Notify me but don't automatically download or install them" radio button on the Automatic Updates client (for Windows 2008 this is worded as "Check for updates but let me choose whether to download and install them").


The easiest way is to turn automatic Windows updates on. You can verify if this option is enabled on your computer by going to the Control Panel > Windows Update > Change settings. Under Important updates, choose the options right for you.As you can see in the screenshot above, my preference is to "Check for updates but let me choose whether to download and install them". Under Recommended updates, you can select "Give me recommended updates the same way I receive important updates". Note that you need to have the admin rights to be able to change the updates options.


Microsoft believes that users should not have to touch the filters period. Any antispam solution should be automatic and good enough to catch most spam, because as we've learned over the years with antivirus software and Windows updates, users aren't particularly good at keeping their programs updated. It also takes time to tinker with antispam settings and filters, time better spent doing anything but configuring the filters.


"Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action," Microsoft said in an update to the original advisory.


While applying today's updates does not prevent Microsoft Office from automatically loading Windows protocol URI handlers without user interaction, it blocks PowerShell injection and disables this attack vector. 2ff7e9595c


0 views0 comments

Recent Posts

See All

Commenti


bottom of page