I’ve been participating in the Garage Series shows with host Jeremy Chapman. Most shows are recorded live at Microsoft events such as TechEd, TechReady (an internal Microsoft technical event), Microsoft Exchange Conference (MEC) and Microsoft SharePoint Conference, on the road (some recent ones have been in Prague and Hong Kong). You can find the shows on Office Blogs – the YouTube videos are embedded in blog posts. The show has a trivia question in the beginning. If you’re attending the show live, you can win prizes for answering the trivia question.

In this week’s Garage Series show, Jeremy and I talk about the top new features in Exchange 2013 SP1.

If you’re attending TechEd North America 2014 in Houston, TX, next week, catch a Garage Series show for some quick infobytes and answer the trivia question for a chance to win some cool prizes. The full schedule for Garage Series at TechEd 2014 is at the end of this post.

{ 0 comments }

Connection Filtering and RBLs in Exchange 2013

by Bharat Suneja on April 17, 2013

Exchange 2003 and later have included Connection Filtering in its repertoire of built-in anitspam tools. In Exchange 2007 and Exchange 2010, this is implemented using the Connection Filtering agent, a transport agent. Connection Filtering agent offers the following functionality:

  • IP Allow List and IP Block List: Static lists of IP addresses you can populate to accept or block messages from a particular host (or specifically, a particular IP address)
  • IP Allow List Provider and IP Block List Provider.: The DNS-based variants of allow and block lists; the latter allows you to use RBLs/DNSBLs.

For more details, see Understanding Connection Filtering.

In Exchange 2010 & Exchange 2007, if you don’t have an Edge Transport server – the server role designed to be a mail host in perimeter networks or DMZs, you can install antispam agents on your Hub Transport servers.

Exchange 2013 did not include an Edge Transport server role at RTM and does not have the Hub Transport server role. Exchange 2013 does include antispam agents and you can install anti-spam agents on Exchange 2013 Mailbox servers using the installantispamagents.ps1 script in the default \Scripts directory – but it doesn’t install the Connection Filtering Agent.

What happened to the Connection Filtering Agent? The What’s Discontinued in Exchange 2013 article in Exchange 2013 documenation says:

Anti-spam and anti-malware

Feature Comments and mitigation
Anti-spam agent management in the EMC In Exchange 2010, when you enabled the anti-spam agents on the Hub Transport server, you could manage the anti-spam agents in the Exchange Management Console (EMC). In Exchange 2013, when you enable the anti-spam agents in the Transport service on a Mailbox server, you can’t manage the agents in the Exchange admin center (EAC). You can only use the Exchange Management Shell. For information about how to enable the anti-spam agents on a Mailbox server, see Enable Anti-Spam Functionality on a Mailbox Server.
Connection Filtering agent on Hub Transport servers In Exchange 2010, when you enabled the anti-spam agents on a Hub Transport server, the Attachment Filter agent was the only anti-spam agent that wasn’t available. In Exchange 2013, when you enable the anti-spam agents in the Transport service on a Mailbox server, the Attachment Filter agent and the Connection Filtering agent aren’t available. The Connection Filtering agent provides IP Allow List and IP Block List capabilities. For information about how to enable the anti-spam agents on a Mailbox server, see Enable Anti-Spam Functionality on a Mailbox Server.

In other words, Connection Filtering agent is only available on the Edge Transport server role. Exchange 2013 does not have an Edge Transport server role yet.

If you want to implement Connection Filtering functionality, including RBL/DNSBL support that many organizations find invaluable, here are the options:

  1. Use a down-level (Exchange 2010/2007) Edge Transport server, which includes Connection Filtering agent.
  2. Use Microsoft Exchange Online Protection (EOP), an Exchange Online antispam/antimalware service.

    You can use Exchange Online Protection (EOP) service with your on-premises Exchange severs. If you have Exchange 2013 Enterprise CAL with Services, it includes EOP service. More info in Exchange Enterprise CAL with Services features in Exchange Online Protection Overview.

  3. Use a third-party antispam product or service that offers this functionality.

{ 1 comment }

Make Bing the default search engine in Firefox address bar

March 19, 2013

I like Bing for a number of reasons. If you don’t prefer Bing, this is not a sales pitch to make you change your search habits. I’ll leave that to the Bing team with BING IT ON, the Bing Challenge commercials et al. Bing offers a better user experience. I also believe Microsoft has better […]

Read the full article →

Windows PowerShell 3 Wins InfoWorld’s 2013 Technology Of The Year Award

January 15, 2013

Windows PowerShell 3 has won InfoWorld’s 2013 Technology of the Year award. Finally, InfoWorld editors have discovered what IT pros have known for a long time – PowerShell is simply the most powerful yet easy-to-use management tool out there on any platform! The third time is definitely the charm for PowerShell, which provides the engine […]

Read the full article →

Change mailbox audit logging age limit in Exchange 2010 and later

January 9, 2013

In Exchange 2010 and later, you can use Mailbox Audit Logging to enable auditing of mailboxes for actions taken by mailbox owners, delegates and administrators. You can log events such as mailbox access, folder access, item access, deletes, hard deletes, moves, etc. For details, see Mailbox Audit Logging in Exchange 2013 documentation. By default, mailbox […]

Read the full article →

Remove a mobile device from your Exchange account

December 20, 2012

Most users switch to new mobile devices or add new ones. Over a period of time, your Exchange mailbox may have quite a few mobile devices. If you’re not using a smartphone or other Exchange ActiveSync (EAS) device (including Windows 8/Windows RT tablets, Apple iPad or other iOS devices), you can remove it from your […]

Read the full article →

WMF 3.0, Microsoft Exchange and patch management

December 18, 2012

Last week Microsoft released Windows Management Framework 3.0, a key management component that includes WinRM 3.0 and Windows PowerShell 3.0. If you’ve been running a version of Exchange 2007 or later, you may already know that these components (PowerShell for Exchange 2007, and both WinRM 2.0 and PowerShell 2.0 for Exchange 2010) are prerequisites for […]

Read the full article →

Create bulk mailboxes in Exchange 2010 (or Exchange 2013/Exchange 2007)

December 4, 2012

I used to save code snippets as blog posts earlier. Resuming the practice, so don’t be alarmed by lack of text in this post. If you want to see detailed posts about creating bulk mailboxes, check out these previous posts: Bulk mailbox-enabling users using Exchange Shell in Exchange 2010 and Exchange 2007 Exchange Server 2007: […]

Read the full article →

Exchange 2010: Change security groups to distribution groups

August 3, 2012

Distribution groups are a well-known concept for Exchange admins. Quite simply, a distribution group is an Active Directory group that’s Exchange-enabled and therefore has an email address. Messages sent to the group are delivered to group members, which can be mailbox users, mail users (users with an email address outside the Exchange org), mail contacts, […]

Read the full article →

Exchange 2013: Dude, Where’s my Exchange Management Console (EMC)?

July 19, 2012

Microsoft released Exchange 2013 Preview earlier this week, along with Microsoft Office 2013, Microsoft SharePoint 2013 Preview, and Microsoft Lync 2013 Preview. Check out the following resources: Overivewhttp://aka.ms/ex2013preview Download Exchange 2013 Preview http://aka.ms/getex2013preview Documentation http://aka.ms/ex2013previewdocs Note, this is a preview version, not the final product release. As with any pre-release versions, you shouldn’t install it […]

Read the full article →