Security

Masquerading SMTP Virtual Servers: Changing the fqdn and masquerade domain

You can change the fully-qualified domain name (fqdn) used by a SMTP virtual server from its properties | Delivery tab | Advanced | Fully-qualified domain name. In the following example, we change the fqdn of a SMTP virtual server from its default – letter.exchangelabs.net, to postcard.exchangelabs.net. Figure 1: Changing the fully-qualified domain name in SMTP […]

More →

HOW TO: Hide Distribution Group membership

Exchange Server 2003’s extensions for Active Directory Users & Computers console made hiding a Distribution Group’s membership a trivial task, accomplished by right-clicking a group, selecting Exchange Tasks and selecting Hide Membership. Figure 1: The Exchange Tasks wizard in ADUC provides an option to hide Distribution Group membership in Exchange Server 2003 As the task […]

More →

Outlook Anywhere and Exchange’s Self-Signed Certificate

Outlook Anywhere (known as RPC over HTTP in Exchange Server 2003), the Exchange Server + Outlook + Windows Server feature that allows Outlook clients to access Exchange servers without a VPN, does not work with Exchange Server 2010/2007’s self-signed certificate. Yes, this is different from Outlook Web Access (OWA, Outlook Web App in Exchange 2010) […]

More →

Logging SMTP Protocol Activity in Exchange 2013/2010 and Exchange 2007

I wrote about logging SMTP protocol activity in Exchange Server 2003 in what is one of the most popular posts on Exchangepedia. Starting with Exchange Server 2007, Exchange discontinued using the SMTP stack in IIS and developed its own SMTP stack. I like to think of it as smarter or more intelligent Receive Connectors (these […]

More →

RFC 2821, HELO again: Validating the HELO/EHLO domain

RFCs 2821 and 1869 specify the format of HELO/EHLO commands issued by a SMTP client to initiate a SMTP session. RFC 2821 on HELO/EHLO command: 4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO) These commands are used to identify the SMTP client to the SMTP server. The argument field contains the fully-qualified domain name of the […]

More →

Exchange Server 2007: Managing And Filtering Anti-Spam Agent Logs

Exchange 2007 includes a number of anti-spam agents to filter spam. The anti-spam agents log their actions in (anti-spam) agent logs. The default agent log locations: Exchange 2010: \Exchange Server\V14\TransportRoles\Logs\AgentLog Exchange 2007: \Exchange Server\TransportRoles\Logs\AgentLog Agent Log Configuration You can’t change the agent log location. Here are the available config options: Enable/Disable agent log: On transport […]

More →

Locating Exchange Server 2007 CAS role in the perimeter?

Where should you locate Exchange Server 2007 servers with the Client Access Server (CAS) role? Is it more secure to locate them in perimeter network (aka “DMZ” or demilitarized zone)? Security folks in many organizations insist that any server that needs to be accessed from external networks (i.e. the Internet) should reside in perimeter networks. […]

More →

HOW TO: Assign SendAs right using Exchange shell

In Exchange Server 2007 (and Exchange 2010), recipients are managed from the Exchange Management Console (EMC) or Exchange Management Shell (aka the Shell). EMC does not have a Security tab for recipients. You can still use Active Directory Users & Computers (ADUC) console to modify permissions on a recipient, as the documentation suggests [“How to […]

More →

Exchange 2007 Content Filter: How to move messages to Junk Mail folder

You’ve setup Exchange Server 2007, and configured the shiny new Content Filter agent (CFA), which is more than just a rewrite of the equally loved and hated Intelligent Message Filter (IMF) from Exchange Server 2003. How do you configure it? Spam Confidence Level (SCL) Thresholds in Exchange 2007/2010 The CFA has the following three thresholds, […]

More →

A Late New Year’s Resolution: Do Not Resolve Anonymous Senders

It’s probably a little late to make another New Year’s resolution, but I’ll try to convince you to make one nevertheless. By default, when an internal/authenticated user sends you a message, you see the user’s display name (for example Joe Adams) in Outlook/OWA and other email clients. Messages from unauthenticated senders, including those from Internet […]

More →

← Previous Entries

Next Entries →