Forefront TMG Email Test
Network administrators are constantly worried about blocking malware in e-mail and making sure that mail servers don't get flooded by spam. The Microsoft Threat Management Gateway is not only capable of removing dangerous messages and junk, but can also block threatening traffic before delivering it to the mail server. This can be achieved when the Exchange Edge Server and Forefront for Exchange are both installed on the TMG Server, thus making the TMG a truly effective e-mail gateway. Combined with Edge Server and Forefront for Exchange, TMG uses multiple anti-virus engines to scan all e-mails for viruses. When a remote computer tries to establish a connection, a new, reputation-based blacklist feature can block incoming spam before any data is sent to the e-mail server. TMG compares incoming messages against a frequently updated list of spam signatures when looking to block incoming spam messages.
It is evident therefore that the true test of the effectiveness of TMG lies not just in the quantity of messages it scans for viruses, but also the quality of messages it finally delivers to the mail server. If too many infected / spam messages find their way to the mail server, it signifies poor TMG performance! This is why, administrators need to keep a close watch on the number of messages the TMG scans and the number of messages it tags as infected or as spam. To perform this check periodically and understand the level of protection the TMG imparts to their critical email servers, administrators can use the Forefront TMG Email test.
This test monitors the Forefront TMG and reports the number of email messages that were scanned for malicious content, the number of messages that were blocked for the malicious content present in it and the number of messages that were categorized as spam.
Target of the test : A Forefront TMG Server
Agent deploying the test : An internal agent
Outputs of the test : One set of results for the Forefront TMG that is to be monitored.
| Parameter | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The IP address of the host for which this test is to be configured. |
|
Port |
The port at which the specified host listens to. By default, this is 1745. |
|
IsPassive |
If this parameter is set to Yes, then it means that, by default, all the Forefront TMG servers being monitored by the eG system are the passive servers of a Forefront TMG cluster. No alerts will be generated if the servers are not running. Measures will be reported as “Not applicable” by the agent if the servers are not up. |
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Scanned messages |
Indicates the total number of email messages that were scanned/inspected for malicious content by the Forefront TMG during the last 24 hours. |
Number |
A low value for this measure could indicate either of the following:
|
|
Infected messages |
Indicates the total number of infected email messages that were blocked by the Forefront TMG during the last 24 hours. |
Number |
If the value of this measure is close to the value of the Scanned messages measure, it indicates that most of messages to the email server during that day were infected. This could indicate a major virus outbreak, which needs to be immediately investigated. |
|
Spam messages |
Indicates the total number of email messages that were categorized as spam by the Forefront TMG during the last 24 hours. |
Number |
If the value of this measure is abnormally high, it could be because many valid messages have been wrongly categorized as spam. You may then have to fine-tune TMG to avoid such mishaps. |
