Email Security Vocabulary!

Improve your email security Terminology:

• Domainkeys (http://en.wikipedia.org/wiki/DomainKeys)
• DKIM (http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail)
• SenderID (http://en.wikipedia.org/wiki/Sender_ID)
• SPF (http://en.wikipedia.org/wiki/Sender_Policy_Framework)
• BATV (http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation)
• DNSBL (http://en.wikipedia.org/wiki/DNSBL)
• Spamtrap (http://en.wikipedia.org/wiki/Spamtrap)
• DCC (http://en.wikipedia.org/wiki/Distributed_Checksum_Clearinghouse)
• Greylisting (http://en.wikipedia.org/wiki/Greylisting)
• Nolisting (http://en.wikipedia.org/wiki/Nolisting)
• Callback Verification (http://en.wikipedia.org/wiki/Callback_verification)
• Spamassassin (http://en.wikipedia.org/wiki/SpamAssassin)
• Bayesian Filtering (http://en.wikipedia.org/wiki/Bayesian_filter)
  
• Backscatter (http://en.wikipedia.org/wiki/Backscatter_(e-mail))
• Hashcash (http://en.wikipedia.org/wiki/Hashcash)
• Tarpitting (http://en.wikipedia.org/wiki/Tarpitting)

Exchange Server 2007 Component Architecture

Microsoft changed the Exchange Server architecture dramatically in its 2007 edition and instead of just a Back-End and Front-End role there are five different roles; Hub-Transport, Edge-Transport, Mailbox, Client Access and Unified Messaging.

Download Microsoft Exchange Server 2007 Component Architecture Diagram From Here:
Microsoft Exchange Server 2007 Component Architecture

Exchange Server Event ID:505

Yesterday I was called in by a customer to resolve a mount issue on a Microsoft Exchange Server 2003 database. This one was new to me and easy to resolve!
I could see "Event ID: 505" in application logs saying:

Information Store (2028) An attempt to open the compressed file "drive:\Exchsrvr\MDBDATA\priv1.edb" for read / write access failed because it could not be converted to a normal file. The open file operation will fail with error -4005 (0xfffff05b). To prevent this error in the future you can manually decompress the file and change the compression state of the containing folder to uncompressed. Writing to this file when it is compressed is not supported."

Exchange server 2000 service pack 3 and later versions can not open databases which are compressed with NTFS compression feature. So the only resolution would be to uncompress the folder holding exchange server databases. for me this worked nice but Microsoft also recommends running an offline defragmentation (eseutil /d "database location") before mounting the database.
For more info check this:
Database does not mount, and you receive error 0xfffff05b after you apply SP3 to Exchange 2000

Fighting Spam with Barracuda Spam Firewall

It's been a couple of weeks since I started working on a dedicated solution to fight incoming spam and I did some study on the history and mechanisms available to block spam and which methods are efficient for an Internet Data Center. I was thinking of implementing Spamassassin using Qmail as MTA, but our company policy has changed and now I am considering an Anti-spam Appliance. There are many appliances available and most of them have other security features like Firewalling, Virus scanning and DoS protection.
Spam Firewall from Barracuda Networks seems a great option to me with different mechanisms including Bayesian and great control over what should be considered spam and non-spam (ham) and provides a good visibility to what is happening on the box by its statistics. Its control panel has got a lot of screens which might bring complexity but it also gives great control and make any policy enforcement possible!
I am really impressed with the administration options and I like to get my hands on it!
Spam Firewall is actually a Linux platform running spamassassin in its core.

Changes in Exchange Server 2007

Here is a list of things that were considered a requirement or limitation in exchange 2003 but we can say "NO" to, in exchange 2007:

• Installing SMTP and NNTP services prior to exchange 2007 installation not required anymore.
• No need to run ForestPrep and DomainPrep manually. Exchange 2007 installation will handle this automatically.
• OWA users don't need to have Microsoft Word, Excel, Powerpoint and even PDF reader installed to view attachment of these sort. The new OWA will convert them to HTML.
• You don't need a VPN tunnel if you have received a link to a file share or sharepoint service via OWA. The LinkAccess retrieves the document.
• If clients are running Outlook 2007 there is no need to worry about the configuration. Exchange Server 2007 automatically discovers the client and configures its Outlook profile upon log in.
• No need to consider Exchange Routing Groups anymore. The exchange routing topology is simplified and is build on existing Active Directory Sites.
• No "Recipient Update Service" anymore!
• No "Front-end" and "Back-end" servers! In the new modular architecture things are different and the "Edge-Transport" role takes the position of front-end which is also more secure. An outstanding security relief is that "Edge-Transport" does not need to be joined to the domain! I like this very much.
  
• There is no "Recipient Policies" in exchange 2007. Instead we have "Accepted Domains" and "Email Address Policy". Changes to recipients apply in real-time now.
  
• In Exchange 2003, Journaling was possible at the mail-box level but Exchange 2007 has gone beyond that and journaling can be accomplished per-database, per-user, per-distribution group and also it can be narrowed to internal or external emails.
• No "Storage" size limit on Exchange 2007 Standard Edition (75GB on Exchange 2003+SP2)
• Global Address List browsing is possible in OWA 2007 like it is in Microsoft Outlook (We could only search GAL in OWA 2003)

Well, there are more cool stuff in Exchange 2007 and this list just points out the facts that I was interested in so it is incomplete because my knowledge on new features in Exchange 2007 is not thorough.
I will try to add more lines to this list upon progress in my findings.

What's new in Outlook Web Access 2007

This flash presentation from Microsoft gets you through the new features of Outlook Web Access(OWA) in Exchange Server 2007. Microsoft is making it possible to do away with Outlook software with these great improvements. Now, everything can be done by OWA as easy as the standalone software. I really love these guys at Microsoft!
Do not miss this:
Microsoft Exchange Outlook Web Access

Get Acquainted with Exchange Server 2007

Exchange Server 2007 has not only introduced a complete different interface but also has brought many new concepts! There is no need to get scared about the changes that come with this revolutionized edition as it is all about to bring us simplicity and integration. Here are some informative and useful links that gives some idea about the changes:

Understanding Exchange Server 2007 server roles
Step by step Setup walkthrough for Exchange 2007 Beta-2
The new Exchange 2007 Management Console overview
Recipient Management in Exchange 2007 - Overview
Exchange Server 2007 recipient management one-liners Part-1
Exchange Server 2007 Recipient Management One-Liners Part-2
How to do your top Exchange Server 2003 recipient tasks in Exchange Server 2007
Top Exchange 2003 Recipient Problems and how they're fixed in Exchange 2007

Email Security Matters

We should be concerned about our client-server email communications! Email communications are accomplished through SMTP at one side and POP3/IMAP at the other side and all of them use "plain text" transmission by default! This means someone with some packet analyzer tool and some opportunity to get to the right place can easily read your username and password as well as the content of your messages which at least are supposed to be kept "personal"! In most cases the acquired username/passowrd is also used for network login access which makes it really cool!
So email security is worth giving it some thought!

Mailbox & Message Size Limitations!

Mailbox and message size limitation must be a concern for every administrator dealing with mail and messaging servers and sometimes it is difficult to convince yourself or users why there should be strict limitations on mailbox and message size.
Check this out to learn about issues that might arise when not having such policies in place:
Thinking about Mailbox and Message Size Limits

Top 11 Hidden Features in OWA

Follow the link to learn about 11 hidden features in Outlook Web Access for Exchange Server 2003

Top 11 Hidden Features in Outlook Web Access for Exchange 2003

Anti-Spam and Exchange 2003 SP2

Exchange 2003 Server Service Pack 2 (SP2) Anti-Spam Framework

Upgrading Exchange Server From 2000 to 2003

I have gone through a lot of different exchange server tasks from implementation and troubleshooting but the upgrade task was always out of my list since last week. Last week I started an exchange server upgrade with a lot of panic and concern. It was one of the rare cases which I was completely reluctant taking responsibility but I got through it smoothly. I expected database problems after the upgrade so after the upgrade which was without a single error or glitch the first thing I checked were the databases and jumped out when all the database were mounted! Maybe I did take the task too difficult or I was very lucky! Anyway the upgrade process was from an exchange 2000 on a windows 2000 server with service pack 4 and all hotfixes applied and the only change I did was removing the instant messaging service that is among the services Microsoft recommends to remove before exchange 2003 upgrade and deleting the content of the badmail folder. Of course I did a full backup from exchange databases and also from the system state data.

Considerations when you upgrade to Exchange Server 2003

Exchange 2003 Form Based Authentication?

To activate Microsoft Exchange Server 2003 Form Based Authentication, IIS should be configured for Secured Communication (SSL), a Certificate must be created and after all Form Based Authentication should be enabled from Exchange System Manager.

Lock Down Exchange Server in 10 Steps

Exchange Server: Lock it down in 10 steps

Recommended Exchange Server Mailbox Size Limits

If you are concerned about you users mailbox size and the polices you need to enforce check this post for mailbox size recommendations. It will help your considerations:
Recommended Mailbox Size Limits

Exchange Server 2003 and Domain Controllers - A Summary

Things to know for those planning or already having Exchange Server 2003 on domain controller.
Exchange Server 2003 and Domain Controllers - A Summary

Customize, Hide and Block Access to GAL

By default all mail and mailbox enabled users in Exchange server are available for access to everyone in the organization while some large organizations may not like this default behavior that lets people have access to all names and email addresses so they may force some policies to limit users access to employee information in Global Address List. Learn how to conform your exchange GAL security to organization policy:
How to Manage Address Lists When You Host Virtual Organizations

Top 10 KBs for Exchange Server Mobility

Microsoft TechNet: Top 10 KBs for Exchange Server Mobility: "Top 10 KBs for Exchange Server Mobility"

Exchange Server: Help Yourself

Some useful Exchange Server 2003 documentations and guides:
Microsoft TechNet: Exchange Server 2003 Operations Guide
Worksheet: Disaster Recovery Preparation for Exchange Server 2003
What to Do When an Exchange Store Won't Mount

The 12 Commandments of Exchange Deployments

For those looking for Exchange Server deployment recommendation here are the "12 Commandments of Exchange Deployments" from Brien M. Posey (MVP & MCSE):

1- Do not connect your mail server directly to the Internet
2- Do not use questionable hardware
3- Place Branch Offices into Routing Groups
4- Do Not Install Exchange on a Domain Controller
5- Make global catalogs globally accessible
6- Use a front end/back end configuration when possible
7- Purchase Exchange-level antivirus software before you deploy Exchange
8- Think about redundancy when setting up routing group connectors
9- Plan for patch management
10- Do not overload a single Exchange server
11- Have an antispam plan
12- Take a training class

Follow the link to get the details on each commandment:
The 12 Commandments of Exchange Deployments

Being a Microsoft Exchange Fan!

I didn't mean to write on exchange server when I first started this blog but it turns out most posts are Exchange related now! I have become a Microsoft Exchange Server fan and dealing with this lovely and challenging beast cheers me up!

Protecting Exchange Data from Hard Disk Failure

For every Exchange Server Administrator failure on mailbox stores that seem to be from the lack of storage space is a nightmare and special considerations and monitoring is needed to stay away from long downtime when a drive reaches its capacity and mailbox stores stop functioning. Making daily full backups, making sure half of the drive is empty and keeping transaction logs and Exchange database files on separate disks are recommendation to stay safe.
328794 - How to protect Exchange data from hard disk failure

Customize SMTP Email Addresses by Recipient Policies

Using Recipient Policy in Exchange Server we can define the SMTP namespace that our mail system accepts emails from as well as the way email addresses are generated for each individual recipient. Basically the format that is used in recipient policy is @domainname and no control over individual email addresses is given by default. To customize and define the email alias scheme we can provide some arguments like %s (surname) and %g (first name). This means I can define a naming policy for generating email aliases using firstname and last name combinations. Lets take a look at some examples:
1)The SMTP namespace is "itbuzzer.net" and alias should be generated in "Firstname.Lastname" format: %g.%s@itbuzzer.net --> saeed.pazoki@itbuzzer.net
2) The SMTP namespace is "itbuzzer.net" and the policy should use the users Firstname plus the first 3 letters of the Lastname: %g%3s@itbuzzer.net --> saeedpaz@itbuzzer.net
Microsoft emphasizes that this replacement arguments should not be used in the default recipient policy and a new recipient policy should be created to prevent problems.
In the following KB more replacement arguments are explained:
822447 - How to Modify an SMTP E-Mail Address by Using Recipient Policies

Create a Black Hole to Kill NDRs

A "Black Hole" is a mail-enabled distribution group that has no members but SMTP email addresses! Black holes can be configured to address the issue that arises when an employee leaves and the corresponding mailbox is removed which results in the generation of NDRs when emails sent to that email address.
MS Exchange Blog : Black Holes - not just a space thing!

Configure MX Records for Incoming SMTP E-Mail Traffic

Exchange Server does not receive internet emails when MX record is not configured properly. This document explains why MX is necessary and goes over a couple of possible exchange scenarios and comes up with MX and A record configurations, Load Balancing, Fault tolerance and finally how to test the MX record configuration.
Configure MX Records for Incoming SMTP E-Mail Traffic

Microsoft Exchange IMF Does Not Scan Emails!?

Exchange Server Intelligent Message Filter does not scan emails on an Exchange servers with NetBIOS name more than 15 characters long so Microsoft has provided a hotfix to solve this issue!!!
This is funny! How did they manage to ignore this when they were developing Exchange IMF!?
873434 - The Exchange Intelligent Message Filter does not scan e-mail messages on your Exchange Server 2003 computer

Learn about Exchange Intelligent Message Filter:
Exchange Server Intelligent Message Filter Overview

How to defragment Exchange databases

This KB gives a short explanation of Exchange server online and offline database defragmentation and then focuses on offline defragmentation by using ESEUTIL utility.
328804 - How to defragment Exchange databases

Prevent unsolicited commercial e-mail in Exchange 2000 Server

This KB article explains how Exchange Server 2000 can be protected against being relayed for unsolicited commercial email messages by preventing relaying, configuring IP address restrictions, implement authentication, set message limits, using reverse DNS lookup and configuring SMTP connectors.
319356 - How to prevent unsolicited commercial e-mail in Exchange 2000 Server

Exchange Support Tool: ExchDump

Download details: Exchange Support Tool: ExchDump: "ExchDump is a command line utility that gathers Exchange configuration information from various sources used in troubleshooting support issues. The utility DOES NOT make any registry changes or modifications to the operating system. The configuration information is written to one of two different output files."

Exchange Server Badmail Deletion and Reporting

When it comes to disk space Microsoft Exchange talks as a beast eating up space which in many cases brings trouble to exchange admins. When Microsoft Exchange's drive becomes full it will unmount mailbox stores to protect against any data lost and alerting the system administrator. In many cases it is not the Exchange database that fills up the drive but it might be the Badmail folder or Transaction Logs that are wasting space. So, with some considerations in mind when implementing Exchange server, Backup strategy and some regular monitoring especially on badmail folder downtimes can be avoided with disk full errors. Going into the details will make it a long talk but for just dealing with Microsoft Exchange Badmail folder there are some scripts available which helps Exchange Server administrators to monitor the size of badmail folder regularly or even purge them automatically. Follow the link for details and downloading badmailreport and deletebadmail scripts:
MS Exchange Blog : Dealing with Badmail

Why is Exchange Store.exe so RAM hungry?

Why is Exchange Store.exe so RAM hungry?: "It is absolutely normal for Store.exe to grab as much RAM on the server as it can possibly get - as long as Store thinks it needs it to optimize performance. Store was written to do so."

Exchange Server 2003 Technical Reference Guide

This guide is for Exchange Server experts who require detailed information about the architecture and interaction among core components of Microsoft Exchange Server 2003.

Download details: Exchange Server 2003 Technical Reference Guide

All-In-One Tools Download For Exchange

Exchange 2003: All-In-One Tools Download

Know your ExMerge Lessons?

Some interesting links that give explanations over Exchange Server ExMerge tool and how it can help:
1- EXMerge is your friend

2- Some Questions and Answers About the Exmerge Utility:

What Are the Possible Uses of Exmerge?
You can use Exmerge to extract mail from a damaged private information store. Exmerge puts this mail into .pst files that you can import back into an undamaged private information store.
You can use Exmerge to locate and remove a specific e-mail message from the private information store (for example, virus mail).
You can use Exmerge to migrate users between different organizations and sites by copying the users' mail to .pst files that you can then import into the new organization or site.
You can use Exmerge to extract folder rules.
In some situations, you can even use Exmerge as a brick-level backup agent, although Exmerge does not have the ability to write the data to a backup tape. (More)

3- Using EXMERGE To Delete Message From Your Exchange Server :

One question that seems to come up a lot is “How can I delete a message from all the users mailboxes”, this question gets asked for many reasons, such as someone sent an email to the wrong group of people, you know that a message is in your system that contains an attachments that you do not want your users opening, you can probably think of a few more reasons... More

4- How can I delete all occurrences of a message from a Microsoft Exchange Server 2003 mail database?

Although you can recall sent messages in Exchange, recalling a message doesn't reliably delete all occurrences of it. Sometimes you'll want to remove all traces of a message--for example, when a former employee sends a malicious email message to current employees. You can use the Mailbox Merge Wizard (Exmerge) utility... More

5- Cleaning the Nasty Stuff Off Your Exchange Server

Exchange NDRs Can Not Be Customized

Have you ever thought that customizing some of the Exchange Server non-delivery reports can reduce the number of IT support calls and help end users find out what is going wrong and whether they have to call for support or they can handle the problem on their own?
Let's say you have limited your Exchange users from sending out emails larger than 5MB in size. Now, when users send emails larger than 5MB they receive a non-delivery report with an error code and some odd text from the users standpoint! At best the user calls for support and at worst she ignores the report and assumes that all emails have been delivered! So, customizing the non-delivery report and replacing a friendly report with some instructions to scatter attachments into different emails would be a nice option IF IT WAS SUPPORTED UNDER MICROSOFT EXCHANGE SERVER!
In the last few days I spent a lot of time looking for a way to customize Exchange NDRs and couldn't find any resolution through Microsoft Online Support and searching the web. Finally someone from Microsoft PSS reached my post at Microsoft's newsgroup :

There is currently no functionality built into Microsoft Exchange that allows you to modify the text of an NDR.

Repairing Exchange databases with ESEUTIL

I have been called in to repair Exchange Server databases a couple of times so far. All had the same symptom; the mailbox stores couldn't mount and it came after a server migration, power failure or backup restore.
In all those cases I couldn't fix the problem without the help of ESEUTIL, Event Viewer and Microsoft's online support. This very interesting post goes through a step by step process to troubleshoot and fix an Exchange database issue by using ESEUTIL and some other great notes that an Exchange server administrator should not miss :
Repairing Exchange databases with ESEUTIL - when and how?
You feel like standing in the middle of hell when your Exchange Server stops functioning during business hours and you keep receiving calls from sales, marketing, accounting and worse of all, your Boss!!!

Spyware Explained

You should get acquainted with these evils behind the scene and know the symptoms and a couple of tricks to protect your PC from them:
Spyware Explained

Configuring an Inbound and Outbound SMTP Relay

Thomas Shinder which is popular for his great "Configuring ISA Server 2000" and "ISA Server Beyond" books has started the first part of an article addressing how to configure an inbound and outbound SMTP relay to keep the mail server secure. In This part he has tried to go through the relay concept, what a relay is and why it is important. He has also pointed out to an online utility whereby you can check your relay configuration and make sure it is not open to Spammers:
Configuring an Inbound and Outbound SMTP Relay

Deployment changes in Exchange 2003 SP1

Check for descriptions of some major changes and features coming with Exchange Server SP1 :
Deployment changes in Exchange 2003 SP1
by the way, don't scare away... I am not going to just talk about Microsoft Exchange!

Service Pack 1 for Exchange Server 2003

Microsoft Exchange 2003 SP1 now available :
Download Microsoft Service Pack 1 for Exchange Server 2003

Don't miss the Release Notes if you don't want missing Your Exchange Server after applying SP1!!!
SP1 Release Notes

Issue : Two SMTP domains, one single Exchange Server!?

I am supposed to work on a new Microsoft Exchange scenario. A customer (abc.com) has acquired another company (def.com) and they want a single exchange server handle both smtp domains and I haven't done this before! Once I worked on a scenario where the customer wanted to share the same smtp domain with another exchange server! They needed more space at their office so moved some of their departments to a different location and then two exchange servers with the same smtp domain were in place. The following link will help to accomplish this:

How to Configure Exchange to Forward Messages to a Foreign Messaging System That Shares the Same SMTP Domain Name Space

This new one doesn't seem difficult but a couple of things must be taken into account :
1- The customer is using a scheduled dial-up connection for mail delivery
2- The exchange server is using another mail server on the public network as its smart host.
3- A third party pop3 connector is handling delivery to the smart host
I think The difficult part is calling the ISP and asking for MX records!