Buchatech.com

Archive for the ‘Exchange 2007’ Category

On a network I administer some of the end users wanted the session timeout in OWA to be longer so they don’t have to keep logging in after being idle for a while. This is an Exchange 2007 environment. This setting is stored in the registry on the Exchange server with the Client Access Server (CAS) role installed. There is two ways to modify this setting. One of course is to go into the registry and add the key for this value and set this value to the amount of time you want the session timeout to be.  The second way to set the session timeout is a by running a PowerShell command.

NOTE: The session timeout is set in seconds for example 1800 seconds = 30 minutes.

Read the rest of this entry »

Intro

Spam, or more accurately Unsolicited Commercial Email, is still on the rise, with some estimates measuring it at 90% of all email traffic. It’s a nuisance for users, a storage nightmare for admins, and often a vector for phishing attacks and malware. Using a defense in depth approach, this article provides steps an email administrator can take to protect their network from spam.

Step one-user training

Users should be educated on how their actions can lead to or reduce the amount of spam destined for their inbox. Using corporate email for personal use, subscribing to mailing lists, registering their email address for promotions and giveaways, and forwarding chain mails are all vectors that can lead to spam. Consider disabling html support to prevent downloads that can confirm an address is valid, as well as to reduce the risk of email based malware.

Step two-web content

Spammers frequently scan websites looking for embedded email addresses in contact information. Raise awareness with your web developers and establish a policy that all email addresses in web pages should be masked using JavaScript or other encoding that allows a person to click or read the address, but makes it more difficult for a spider to harvest it. Use contact forms when possible instead of displaying email addresses.

Step three-tighten up your SMTP gateway

Disabling the verify command (VRFY) on your SMTP gateway makes it that much harder for spammers to check for valid email addresses. If supported, implement a delay before your server responds to a request with its banner. Legitimate email servers will wait for the 220 response before trying to send email, while many programs/scripts used by spammers will not. Your server can then drop email from this misbehaving sender. If your SMTP gateway supports Quit detection, configure it to drop email that it receives from a host that don’t close the session properly. Legitimate email servers end a session with the QUIT command, but many programs/scripts used by spammers don’t.

Read the rest of this entry »

May of 2009 I posted a blog on how to Setup Exchange 07 using a Dynamic IP (click here to read it). In this article I suggested a paid email relay service. At the time I was not able find a free email relay but now I have found a free email relay service. This service is www.mxguarddog.com.

It is not only email relay but a SPAM filter as well. I stumbled upon this looking for a free SPAM filter service for one of my clients. The nice thing about this relay service is they will forward to a different port. So the relay will accept mail on port 25 and relay it to your email server on whatever port you choose. This is helpful for anyone that has an ISP that blocks incoming traffic on port 25.

The way MX Guard Dog keeps this service free is by exchanging licenses for links on websites. They give you licenses depending on the amount of traffic the website you put the link on gets. For example I signed up for the service when I found it and put a link on my blog. They gave me 40 licenses for this. It’s a pretty sweet deal.

You can access window network shares through Outlook Web Access (OWA).

You need to allow the servers you want users to access first or you will see an error. The error is:  “For security reasons, Outlook Web Access is configured to prevent access to this type of document or folder. For more information, contact technical support for your organization.”

• How to add server shares in Exchange:

Open Exchange Management Console and expand Server Configuration –> select Client Access Server.  Then right click on the OWA directory –> Select Properties.

  Read the rest of this entry »

I recently had the task of backing up Exchange 2007 using DPM 2007. I added the DPM agent to the Exchange server just fine. When I modified the protection group to add my storage groups I got an error saying I needed the eseutil.exe and ese.dll on the DPM server. I got these off my Exchange server and copied them to the DPM bin folder (C:\program files\Microsoft DPM\DPM\bin\). This took care of that error. You can also create a hard link to eseutil.exe and ese.dll. For more on this see: Exchange Server Database Utilities  & DPM07. 

After I got past that error I then ran into other errors on my Exchange protection members in DPM.

• “DPM has detected a discontinuity in the log chain“

and

• “Error 30216: DPM has detected a discontinuity in the log chain for Storage group First Storage Group on SERVERNAME.fqdn since the last synchronization.
  Error details: Unspecified error (0×80004005)

To resolve this I turned circular logging off on my Exchange storage groups and restarted the Exchange Information Store service. I then performed a consistency check on each of my storage group protection members and all errors went away.

• For further help backing up Exchange with DPM 2007 visit: Troubleshooting Exchange Server Protection Issues
• Here a blog on restoring Exchange using DPM: DPM 2007: Recovering Exchange data

At a client’s site they had Small Business Server 2008. For some reason Exchange 2007 was no longer working after they ran some windows updates on SBS 2008 and did a reboot. The information store service would no longer start. I checked event logs and saw this “Source: MSExchange ADAccess Event ID: 2114“. After doing some research I found out that if you disable IPv6 it will cause this error. Sure enough they had disabled IPv6.

I re-enabled IPv6 and the information store service would start again and all was good. Exchange 2007 requires IPv6 be enabled even if you are not using it. You can read more on this here: Don’t forget IPv6

 I recently had to renew my Exchange certificate as it expired. The original admin that set up this Exchange bought the previous certificate from Digi. I decided to go with Startcom (Free SSL) as I have used them once before in an OCS deployment and they worked out well. Exchange is a little different in that you must use Exchange management shell (PowerShell) during the process of installing a certificate for Outlook Web Access (OWA). I am going to cover 5 steps to installing a certificate Exchange for OWA.

 To Open Exchange Management Shell: Go to START >>Programs>>Microsoft Exchange Server 2007 >> Exchange Management Shell

This is the management shell

Read the rest of this entry »

I ran across a tool Microsoft has for testing remote Exchange connectivity such as: Outlook Anywhere, ActiveSync, Autodiscover and more. Here is the URL: https://www.testexchangeconnectivity.com

Do you want to setup Exchange Server in your house and run your own email server? Let me guess you do not have a static IP address and do not want to get one. Well below are my steps on how to set this up.

What you will need:

• A Windows domain and an Exchange Server setup.
• Dynamic DNS service such as no-ip.com or dyndns.com.
• A purchased domain name from somewhere like voxdomains or any other service. Just make sure you have full management of the DNS.

Go ahead and setup your Domain controller with AD and your Exchange server. I assume you have some working knowledge of domains and networking so I am not going to cover how to do this in this article.

Once you have your Exchange up and ready to go. Go download the no-ip client or update client from the dynamic DNS service you signed up for. This client runs in your system tray and will update your no-ip address with the public IP whenever it changes. Now install the update client on your Exchange box.

Configure your router/firewall to forward incoming traffic on port 25 (my port is different as my ISP blocks incoming port 25. I will explain further below.) to your Exchange server. Configure your router/firewall to allow outgoing traffic on port 25. (my port is different as my ISP blocks outgoing port 25. I will explain further below.)

Go to your domain host and add the address your dynamic DNS service gave you. For example your domain MX record points to test.no-ip.com. Now you should be able to receive and send mail.
Ok. above I mentioned my setup is a little bit different. This is because my ISP (Comcast) blocks outgoing and incoming SMTP traffic on port 25. This is a tactic by them to combat SPAM. They do however allow SMTP traffic in and out on port 587. Below I explain how to get around this.

Read the rest of this entry »

I had a user that was an external contractor. He was on a few distribution lists and wanted to receive those emails at his yahoo.com email account. Here is what I did to accomplish this:

I created a contact in Exchange for user1 with an external email of user1@yahoo.com.

Read the rest of this entry »