Transport

Connection Filtering and RBLs in Exchange 2013

Exchange 2003 and later have included Connection Filtering in its repertoire of built-in anitspam tools. In Exchange 2007 and Exchange 2010, this is implemented using the Connection Filtering agent, a transport agent. Connection Filtering agent offers the following functionality: IP Allow List and IP Block List: Static lists of IP addresses you can populate to […]

More →

Using Transport Rules to protect your organization from the ‘Here You Have’ Worm

The Here You Have worm, also known as Visal.B, has been spreading through network shares and email (more details on Microsoft’s Malware Protection Center web site). When spreading through email, the worm sends itself to your contacts with the following strings in the Subject field and message body: Subject: Here you have Body: Hello: This […]

More →

Are Distribution Groups really being used?

Over the years, you end up creating a large number of Distribution Groups based on user demands. The regular departmental Distribution Groups such as Sales, Marketing, Engineering, and HR. The geographical ones such as AllUS, All-California, All-BayArea, and so on. The ones by employment status such as All-FTE for full-time employees, All-Contractors, and so on. […]

More →

Removing internal host names and IP addresses from message headers

Another frequently asked question about SMTP mail – how can I remove internal host names and IP addresses from outbound Internet mail? More often than not, this results from the belief that somehow if the outside world finds out an organization’s internal IP addresses and host names, it makes the organization vulnerable. Auditors love to […]

More →

HOW TO: Prevent a user from sending and receiving internet mail

Many organizations want to restrict certain sets of users from sendig or receiving Internet mail. “How do you prevent a user from sending or receiving Internet mail?” is a frequently asked question. Here’s how to accomplish this in Exchange 2010, Exchange 2007 and Exchange 2003. Restricting outbound Internet mail for some users On Exchange Server […]

More →

Logging SMTP Protocol Activity in Exchange 2013/2010 and Exchange 2007

I wrote about logging SMTP protocol activity in Exchange Server 2003 in what is one of the most popular posts on Exchangepedia. Starting with Exchange Server 2007, Exchange discontinued using the SMTP stack in IIS and developed its own SMTP stack. I like to think of it as smarter or more intelligent Receive Connectors (these […]

More →

Protect users from spam from your own domain in Exchange 2010 and Exchange 2007

One of the common complaints from users and many messaging folks is spam received from senders that appear to be from your own domain. SMTP mail is exchanged with anonymous Internet hosts without any authentication. Headers can be and are effortlessly spoofed. Rather than using an unregistered or invalid domain in the From: header, many […]

More →

How to turn off Back Pressure on Exchange Server

In Exchange Server Transport error: 452 4.3.1 Insufficient system resources we learned how the Back Pressure (Previous versions: Exchange 2010 | Exchange 2007) feature monitors resource consumption on Exchange Server and stops accepting new message submission if it’s low on resources. Update: In Exchange 2013, when the Transport service on a Mailbox server or an […]

More →

A Late New Year’s Resolution: Do Not Resolve Anonymous Senders

It’s probably a little late to make another New Year’s resolution, but I’ll try to convince you to make one nevertheless. By default, when an internal/authenticated user sends you a message, you see the user’s display name (for example Joe Adams) in Outlook/OWA and other email clients. Messages from unauthenticated senders, including those from Internet […]

More →

Enabled by default: SMTP Tarpit in Exchange Server 2007

From a recent discussion, and something I’ve been wanting to post about for a while: SMTP tarpitting is enabled by default on Receive Connectors in Exchange 2007 (and Exchange 210). What is SMTP tarpitting? It’s the process of introducing a delay in SMTP connections from hosts that are suspected of inappropriate SMTP behavior – for […]

More →