1. On the TMG computer (or using the remote management console), open the Forefront TMG Management Console.
2. Click Forefront TMG (Array Name) in the left pane.
3. Click E-Mail Policy and in the task pane click Configure E-Mail Policy
4. When you access this option, the E-mail Protection Wizard launches. Click Next to continue
5. The next step allows you to define two options: the internal mail server that TMG will send e-mail to and the domain from which TMG will accept messages. The internal mail server for this scenario will be the Exchange 2007 Hub Transport Server (Example: 10.10.10.10/24) and TMG will accept messages only when the destination is domain(Example: wolverine.com.au). If you have multiple domains and multiple HT within your organization you also can add multiple entries in this option. the page of the wizard that allows you to perform this configuration.
6. To add Exchange 2007 Hub Transport Server’s IP Address, click Add. Add the Exchange 2007 Hub Transport Server(s) computer name and IP address
7. Click OK. The Internal Mail Server Configuration page now has the Exchange server(s) name and IP address
8. Click Add to add domain (Example: wolverine.com.au)
9. Click OK. The Internal Mail Server Configuration page now shows the accepted domains, Click Next to continue.
10. On the next page of the wizard, you define which network interface TMG uses to Communicate with the Exchange Server that you specified in step 6 (Example: 10.10.10.10). For this example select Internal Interface where TMG has connectivity to the Exchange Hub Transport Server,
11. Click Next. The External Mail Routing Configuration page appears
12. Enter the fully qualified domain name (FQDN) that will appear in the response to a HELO or EHLO SMTP command. This name should be the one that resolves to the reverse DNS lookup of the external TMG’s IP address. Select the TMG interface that will be used to communicate to the Internet. For this example the FQDN is mail.wolverine.com.au and the interface will be External
13. Click Next and the Mail Protection Configuration page appears. Select both options (Enable Spam Filtering and Enable Virus And Content Filtering).
14. Click Next. A summary page with all selections appears
15. Click Finish. The dialog box appears, asking whether you want to enable the system policy for SMTP Protection. Click Yes.
16. The E-Mail Policy tab changes according to the settings that you selected in the Wizard,
17. Click Apply to save the changes and then click OK.
18 Apply changes. Close TMG console.
Relevant Articles:
Understanding E-Mail Protection on Forefront TMG
How to block bandwidth intensive websites using Microsoft ISA
Forefront TMG 2010: How to install and configure Forefront TMG 2010 —-Step by step
Forefront TMG 2010: Publish Outlook Web Access and Exchange Servers using Forefront TMG 2010
Forefront TMG 2010: Publishing Exchange server 2010
Forefront TMG 2010: how to install and configure Forefront TMG 2010—Step by step part II
Blog by Raihan Al-Beruni 
Pingback: How to Configure Back-to-Back Firewall with Perimeter (DMZ) Topology—–Step by Step Guide « Information Technology Blog