Security tab of the Receive connector on the edge server
Hello everybody I just installed an Edge server 2k7 test server and tried to configure the tarpitting interval as per microsoft URL: http://technet.microsoft.com/en-us/library/aa998898.aspx http://technet.microsoft.com/en-us/library/aa998898.aspx My question is how can we view the Security tab of the Receive connector on the edge server. Thanks in advance. Abdullah Zayan Mail Administrator ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox size discrepency
Did they empty their Deleted Items folder after cleaning up their Inbox/Mailbox? If they didn't then they are still using the same amount of space, just in a different folder. HTH. Joe Fox Systems Administrator The McGuire Group Office# (716) 826-2010 ext: 1172 Mobile# (716) 846-9308 The materials in this e-mail are private and may contain Protected Health Information. If you are not the intended recipient be advised that any unauthorized use, disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone at 716-829-1978 or by return e-mail. -Original Message- From: vbs [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:32 AM To: MS-Exchange Admin Issues Subject: Mailbox size discrepency Recently I have a user who has hit his mailbox quota. He cleaned up his Inbox/mailbox and continues to get warning messages. We use cached mode with our Outlook clients and when I had them look at the mailbox folder size with the Outlook properties the local copy is 10MB samller than the server data size and I can't account for why there should be this difference. I even had the user remove cache mode, delete the OST and then enabled cache mode again but there still is a 10 MB difference. I thought the OST cached the whole mailbox local but this does not seem to be the case. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Mailbox size discrepency
Recently I have a user who has hit his mailbox quota. He cleaned up his Inbox/mailbox and continues to get warning messages. We use cached mode with our Outlook clients and when I had them look at the mailbox folder size with the Outlook properties the local copy is 10MB samller than the server data size and I can't account for why there should be this difference. I even had the user remove cache mode, delete the OST and then enabled cache mode again but there still is a 10 MB difference. I thought the OST cached the whole mailbox local but this does not seem to be the case. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Mailbox limits
Running Exchange Server 2007 When OWA users reach mailbox limits they are being denied access to their mailboxes. Is this by design or is there a setting I am over looking? Garry Whitson System Administrator Information Telecommunication System Lincoln Land Community College ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: [JUNK] problem with messagelabs
Hi, At my site I use Ninja to spam filter. It can't be a station that is infected because the public IP is dedicated to the mail server using a static NAT. The workstations are actually using another IP to hit the internet. As for the headers, the only data I had from MessageLabs was the 3 samples I pasted in the original post. I searched the message-id and some keywords on my exchange servers but can't find anything so they are not sent through our server. Thanks. On Jan 17, 2008 11:09 AM, Don Andrews [EMAIL PROTECTED] wrote: Do you reject spam? Or is it possible that one or more machines at your site are infected? Do the headers indicate that the spam is definitely being sent from your server to HQ? -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 7:40 AM To: MS-Exchange Admin Issues Subject: [JUNK] problem with messagelabs Hi guys, I have a problem sending messages to a site (our HQ) that is protected by Messagelabs. In fact the problem is that they are throttling our connections because they say that we re sending spam. They provided the following samples to prove their point. After looking at all the configs and all, I can't see how we could be sending those. I suspect that the informations are spoofed a la joe job and that's what affect us. Anyone can give me any inputs on how to deal with this because I can't find anything wrong on our system and they keep throttling over and over limiting the contacts from our site ti the HQ, which is at the very least annoying. If you have any ideas that could help me to stop this from happening, it would be very appreciated. Please note that the domain name has been changed. You can contact me off list if you need/want more specific details. //Spam sample 1 Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 7 Jan 2008 19:42:52 -0500 Received: from 60.52.18.165 (HELO localhost.localdomain) (63.51.17.146) by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 Date: Mon, 7 Jan 2008 19:42:35 +0500 Message-Id: [EMAIL PROTECTED] X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) X-Header-CompanyDBUserName: hpccm X-Header-MasterId: 072480 X-Header-Versions: [EMAIL PROTECTED] X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: [EMAIL PROTECTED] From: Marvin Casey [EMAIL PROTECTED] Subject: Re: Your Mortgage Refiinance Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC) FILETIME=[66978B80:01C8518F] Morttggage - lower your rrate! http://0rz.tw/563qc //Spam sample 2 Received: from sufi-isis.org ([85.104.221.208]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Sun, 6 Jan 2008 08:34:53 -0500 Return-Path: [EMAIL PROTECTED] Received: from 206.191.20.150 (HELO magmail.travelgolf.com) by MY_DOMAIN.com with esmtp (VZSFHPFSL NTVJQ) id NzHz8i-bE58PW-p5 for [EMAIL PROTECTED]; Sun, 06 Jan 2008 15:34:55 +0200 Message-ID: [EMAIL PROTECTED] From: Rosalind J. Cody [EMAIL PROTECTED] To: Concetta V. Baez [EMAIL PROTECTED] Subject: Get the biggest s'e)x organ in the neighborhood! Date: Sun, 06 Jan 2008 15:34:55 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_5463_15C1_01C85079.AFCF6A50 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-OriginalArrivalTime: 06 Jan 2008 13:34:55.0133 (UTC) FILETIME=[EC4CB4D0:01C85068] This is a multi-part message in MIME format. --=_NextPart_5463_15C1_01C85079.AFCF6A50 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable potential for monopoly=2E To counter the arguments thatrecalled the incid= ent=2E It looks like one of Maximize the volume of your dic'k by New Year! Great New Year prices for our super-p!ll will be a pleasant surprise for = you! Don't miss it out! Our offer is definitely worth your keen interest! Check our amazing prices now! http://Effesitables=2Ecom/ contact some crisis management people, said Davidlisteners in each local= radio market in America=2Earound 100 passengers when it attempted to be= rth at aof last year=2E In the West Coast, its 25 percent and National Football League=2E I'd like to thank all myhas visited the White= House in 24 years=2Eshowed even a rate of 100% spam=2E --=_NextPart_5463_15C1_01C85079.AFCF6A50 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4=2E0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus-ascii= META content=3DMSHTML 6=2E00=2E2900=2E2527 name=3DGENERATOR STYLE type=3Dtext/css =2Estyle2
RE: Mailbox size discrepency
Are your Exchange stores finishing nightly maintenance every night? You don't say how LARGE the mailbox is. For a large mailbox, I would consider 10 MB trivial. For a small one, it may or may not be significant. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: vbs [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:32 AM To: MS-Exchange Admin Issues Subject: Mailbox size discrepency Recently I have a user who has hit his mailbox quota. He cleaned up his Inbox/mailbox and continues to get warning messages. We use cached mode with our Outlook clients and when I had them look at the mailbox folder size with the Outlook properties the local copy is 10MB samller than the server data size and I can't account for why there should be this difference. I even had the user remove cache mode, delete the OST and then enabled cache mode again but there still is a 10 MB difference. I thought the OST cached the whole mailbox local but this does not seem to be the case. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: [JUNK] Re: [JUNK] problem with messagelabs
Don't know anything about Ninja - does it or can it be configured to reject rather than discard spam? Perhaps you need to have your HQ guys get Message Labs to work with (rather than against) you to help determine what's happening. -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:18 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] problem with messagelabs Hi, At my site I use Ninja to spam filter. It can't be a station that is infected because the public IP is dedicated to the mail server using a static NAT. The workstations are actually using another IP to hit the internet. As for the headers, the only data I had from MessageLabs was the 3 samples I pasted in the original post. I searched the message-id and some keywords on my exchange servers but can't find anything so they are not sent through our server. Thanks. On Jan 17, 2008 11:09 AM, Don Andrews [EMAIL PROTECTED] wrote: Do you reject spam? Or is it possible that one or more machines at your site are infected? Do the headers indicate that the spam is definitely being sent from your server to HQ? -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 7:40 AM To: MS-Exchange Admin Issues Subject: [JUNK] problem with messagelabs Hi guys, I have a problem sending messages to a site (our HQ) that is protected by Messagelabs. In fact the problem is that they are throttling our connections because they say that we re sending spam. They provided the following samples to prove their point. After looking at all the configs and all, I can't see how we could be sending those. I suspect that the informations are spoofed a la joe job and that's what affect us. Anyone can give me any inputs on how to deal with this because I can't find anything wrong on our system and they keep throttling over and over limiting the contacts from our site ti the HQ, which is at the very least annoying. If you have any ideas that could help me to stop this from happening, it would be very appreciated. Please note that the domain name has been changed. You can contact me off list if you need/want more specific details. //Spam sample 1 Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 7 Jan 2008 19:42:52 -0500 Received: from 60.52.18.165 (HELO localhost.localdomain) (63.51.17.146) by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 Date: Mon, 7 Jan 2008 19:42:35 +0500 Message-Id: [EMAIL PROTECTED] X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) X-Header-CompanyDBUserName: hpccm X-Header-MasterId: 072480 X-Header-Versions: [EMAIL PROTECTED] X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: [EMAIL PROTECTED] From: Marvin Casey [EMAIL PROTECTED] Subject: Re: Your Mortgage Refiinance Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC) FILETIME=[66978B80:01C8518F] Morttggage - lower your rrate! http://0rz.tw/563qc //Spam sample 2 Received: from sufi-isis.org ([85.104.221.208]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Sun, 6 Jan 2008 08:34:53 -0500 Return-Path: [EMAIL PROTECTED] Received: from 206.191.20.150 (HELO magmail.travelgolf.com) by MY_DOMAIN.com with esmtp (VZSFHPFSL NTVJQ) id NzHz8i-bE58PW-p5 for [EMAIL PROTECTED]; Sun, 06 Jan 2008 15:34:55 +0200 Message-ID: [EMAIL PROTECTED] From: Rosalind J. Cody [EMAIL PROTECTED] To: Concetta V. Baez [EMAIL PROTECTED] Subject: Get the biggest s'e)x organ in the neighborhood! Date: Sun, 06 Jan 2008 15:34:55 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_5463_15C1_01C85079.AFCF6A50 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-OriginalArrivalTime: 06 Jan 2008 13:34:55.0133 (UTC) FILETIME=[EC4CB4D0:01C85068] This is a multi-part message in MIME format. --=_NextPart_5463_15C1_01C85079.AFCF6A50 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable potential for monopoly=2E To counter the arguments thatrecalled the incid= ent=2E It looks like one of Maximize the volume of your dic'k by New Year! Great New Year prices for our super-p!ll will be a pleasant surprise for = you! Don't miss it out! Our offer is definitely worth your keen interest! Check our amazing prices now! http://Effesitables=2Ecom/ contact some crisis management people, said Davidlisteners in each local= radio market in America=2Earound 100 passengers when it attempted to be= rth at aof last year=2E In the West Coast, its 25 percent and National Football League=2E I'd like to thank all myhas visited the White= House in 24
Sunbelt Announces Ninja Blade - The Barracuda Killer
Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Mailbox Count
I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs
[opinion on] Well, if the headers prove that the messages are not coming via your mail server, you should be quite justified in requesting that messagelabs unblock you and perhaps whitelist you as being part of the same company. My perception of messagelabs is not getting any better. [opinion off] -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:42 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs Hi, Ninja uses RBLs and is also discarding spams. As for the Messagelabs guys, I hardly see why thay are still doing business with them... They are not willing to help a lot. They were supposed to investigate and create a report of their findings and the result was the 3 spam sample I posted... what an investigation and report. That's why I turned myself to this list to try to get outside thoughts about the situations. On Jan 17, 2008 11:26 AM, Don Andrews [EMAIL PROTECTED] wrote: Don't know anything about Ninja - does it or can it be configured to reject rather than discard spam? Perhaps you need to have your HQ guys get Message Labs to work with (rather than against) you to help determine what's happening. -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:18 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] problem with messagelabs Hi, At my site I use Ninja to spam filter. It can't be a station that is infected because the public IP is dedicated to the mail server using a static NAT. The workstations are actually using another IP to hit the internet. As for the headers, the only data I had from MessageLabs was the 3 samples I pasted in the original post. I searched the message-id and some keywords on my exchange servers but can't find anything so they are not sent through our server. Thanks. On Jan 17, 2008 11:09 AM, Don Andrews [EMAIL PROTECTED] wrote: Do you reject spam? Or is it possible that one or more machines at your site are infected? Do the headers indicate that the spam is definitely being sent from your server to HQ? -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 7:40 AM To: MS-Exchange Admin Issues Subject: [JUNK] problem with messagelabs Hi guys, I have a problem sending messages to a site (our HQ) that is protected by Messagelabs. In fact the problem is that they are throttling our connections because they say that we re sending spam. They provided the following samples to prove their point. After looking at all the configs and all, I can't see how we could be sending those. I suspect that the informations are spoofed a la joe job and that's what affect us. Anyone can give me any inputs on how to deal with this because I can't find anything wrong on our system and they keep throttling over and over limiting the contacts from our site ti the HQ, which is at the very least annoying. If you have any ideas that could help me to stop this from happening, it would be very appreciated. Please note that the domain name has been changed. You can contact me off list if you need/want more specific details. //Spam sample 1 Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 7 Jan 2008 19:42:52 -0500 Received: from 60.52.18.165 (HELO localhost.localdomain) (63.51.17.146) by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 Date: Mon, 7 Jan 2008 19:42:35 +0500 Message-Id: [EMAIL PROTECTED] X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) X-Header-CompanyDBUserName: hpccm X-Header-MasterId: 072480 X-Header-Versions: [EMAIL PROTECTED] X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: [EMAIL PROTECTED] From: Marvin Casey [EMAIL PROTECTED] Subject: Re: Your Mortgage Refiinance Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC) FILETIME=[66978B80:01C8518F] Morttggage - lower your rrate! http://0rz.tw/563qc //Spam sample 2 Received: from sufi-isis.org ([85.104.221.208]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Sun, 6 Jan 2008 08:34:53 -0500 Return-Path: [EMAIL PROTECTED] Received: from 206.191.20.150 (HELO magmail.travelgolf.com) by MY_DOMAIN.com with esmtp (VZSFHPFSL NTVJQ) id NzHz8i-bE58PW-p5 for [EMAIL PROTECTED]; Sun, 06 Jan 2008 15:34:55 +0200 Message-ID: [EMAIL PROTECTED] From: Rosalind J. Cody [EMAIL PROTECTED] To: Concetta V. Baez [EMAIL PROTECTED] Subject: Get the biggest s'e)x organ in the neighborhood! Date: Sun, 06 Jan 2008 15:34:55 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_5463_15C1_01C85079.AFCF6A50 X-Priority: 3
Re: [JUNK] Re: [JUNK] problem with messagelabs
Hi, Ninja uses RBLs and is also discarding spams. As for the Messagelabs guys, I hardly see why thay are still doing business with them... They are not willing to help a lot. They were supposed to investigate and create a report of their findings and the result was the 3 spam sample I posted... what an investigation and report. That's why I turned myself to this list to try to get outside thoughts about the situations. On Jan 17, 2008 11:26 AM, Don Andrews [EMAIL PROTECTED] wrote: Don't know anything about Ninja - does it or can it be configured to reject rather than discard spam? Perhaps you need to have your HQ guys get Message Labs to work with (rather than against) you to help determine what's happening. -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:18 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] problem with messagelabs Hi, At my site I use Ninja to spam filter. It can't be a station that is infected because the public IP is dedicated to the mail server using a static NAT. The workstations are actually using another IP to hit the internet. As for the headers, the only data I had from MessageLabs was the 3 samples I pasted in the original post. I searched the message-id and some keywords on my exchange servers but can't find anything so they are not sent through our server. Thanks. On Jan 17, 2008 11:09 AM, Don Andrews [EMAIL PROTECTED] wrote: Do you reject spam? Or is it possible that one or more machines at your site are infected? Do the headers indicate that the spam is definitely being sent from your server to HQ? -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 7:40 AM To: MS-Exchange Admin Issues Subject: [JUNK] problem with messagelabs Hi guys, I have a problem sending messages to a site (our HQ) that is protected by Messagelabs. In fact the problem is that they are throttling our connections because they say that we re sending spam. They provided the following samples to prove their point. After looking at all the configs and all, I can't see how we could be sending those. I suspect that the informations are spoofed a la joe job and that's what affect us. Anyone can give me any inputs on how to deal with this because I can't find anything wrong on our system and they keep throttling over and over limiting the contacts from our site ti the HQ, which is at the very least annoying. If you have any ideas that could help me to stop this from happening, it would be very appreciated. Please note that the domain name has been changed. You can contact me off list if you need/want more specific details. //Spam sample 1 Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 7 Jan 2008 19:42:52 -0500 Received: from 60.52.18.165 (HELO localhost.localdomain) (63.51.17.146) by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 Date: Mon, 7 Jan 2008 19:42:35 +0500 Message-Id: [EMAIL PROTECTED] X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) X-Header-CompanyDBUserName: hpccm X-Header-MasterId: 072480 X-Header-Versions: [EMAIL PROTECTED] X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: [EMAIL PROTECTED] From: Marvin Casey [EMAIL PROTECTED] Subject: Re: Your Mortgage Refiinance Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC) FILETIME=[66978B80:01C8518F] Morttggage - lower your rrate! http://0rz.tw/563qc //Spam sample 2 Received: from sufi-isis.org ([85.104.221.208]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Sun, 6 Jan 2008 08:34:53 -0500 Return-Path: [EMAIL PROTECTED] Received: from 206.191.20.150 (HELO magmail.travelgolf.com) by MY_DOMAIN.com with esmtp (VZSFHPFSL NTVJQ) id NzHz8i-bE58PW-p5 for [EMAIL PROTECTED]; Sun, 06 Jan 2008 15:34:55 +0200 Message-ID: [EMAIL PROTECTED] From: Rosalind J. Cody [EMAIL PROTECTED] To: Concetta V. Baez [EMAIL PROTECTED] Subject: Get the biggest s'e)x organ in the neighborhood! Date: Sun, 06 Jan 2008 15:34:55 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_5463_15C1_01C85079.AFCF6A50 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-OriginalArrivalTime: 06 Jan 2008 13:34:55.0133 (UTC) FILETIME=[EC4CB4D0:01C85068] This is a multi-part message in MIME format. --=_NextPart_5463_15C1_01C85079.AFCF6A50 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable potential for monopoly=2E To counter the arguments thatrecalled the incid=
RE: [JUNK] problem with messagelabs
Do you reject spam? Or is it possible that one or more machines at your
site are infected? Do the headers indicate that the spam is definitely
being sent from your server to HQ?
-Original Message-
From: M Bruyere [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 7:40 AM
To: MS-Exchange Admin Issues
Subject: [JUNK] problem with messagelabs
Hi guys,
I have a problem sending messages to a site (our HQ) that
is protected by Messagelabs. In fact the problem is that they are
throttling our connections because they say that we re sending spam.
They provided the following samples to prove their point. After
looking at all the configs and all, I can't see how we could be
sending those. I suspect that the informations are spoofed a la joe
job and that's what affect us. Anyone can give me any inputs on how
to deal with this because I can't find anything wrong on our system
and they keep throttling over and over limiting the contacts from our
site ti the HQ, which is at the very least annoying.
If you have any ideas that could help me to stop this from happening,
it would be very appreciated.
Please note that the domain name has been changed. You can contact me
off list if you need/want more specific details.
//Spam sample 1
Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with
Microsoft SMTPSVC(6.0.3790.0);
Mon, 7 Jan 2008 19:42:52 -0500
Received: from 60.52.18.165 (HELO localhost.localdomain) (63.51.17.146)
by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500
Date: Mon, 7 Jan 2008 19:42:35 +0500
Message-Id: [EMAIL PROTECTED]
X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01)
X-Header-CompanyDBUserName: hpccm
X-Header-MasterId: 072480
X-Header-Versions: [EMAIL PROTECTED]
X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
To: [EMAIL PROTECTED]
From: Marvin Casey [EMAIL PROTECTED]
Subject: Re: Your Mortgage Refiinance
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC)
FILETIME=[66978B80:01C8518F]
Morttggage - lower your rrate!
http://0rz.tw/563qc
//Spam sample 2
Received: from sufi-isis.org ([85.104.221.208]) by mail.MY_DOMAIN.com
with Microsoft SMTPSVC(6.0.3790.0);
Sun, 6 Jan 2008 08:34:53 -0500
Return-Path: [EMAIL PROTECTED]
Received: from 206.191.20.150 (HELO magmail.travelgolf.com)
by MY_DOMAIN.com with esmtp (VZSFHPFSL NTVJQ)
id NzHz8i-bE58PW-p5
for [EMAIL PROTECTED]; Sun, 06 Jan 2008 15:34:55 +0200
Message-ID: [EMAIL PROTECTED]
From: Rosalind J. Cody [EMAIL PROTECTED]
To: Concetta V. Baez [EMAIL PROTECTED]
Subject: Get the biggest s'e)x organ in the neighborhood!
Date: Sun, 06 Jan 2008 15:34:55 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary==_NextPart_5463_15C1_01C85079.AFCF6A50
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
X-OriginalArrivalTime: 06 Jan 2008 13:34:55.0133 (UTC)
FILETIME=[EC4CB4D0:01C85068]
This is a multi-part message in MIME format.
--=_NextPart_5463_15C1_01C85079.AFCF6A50
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
potential for monopoly=2E To counter the arguments thatrecalled the
incid=
ent=2E It looks like one of
Maximize the volume of your dic'k by New Year!
Great New Year prices for our super-p!ll will be a pleasant surprise for
=
you!
Don't miss it out! Our offer is definitely worth your keen interest!
Check our amazing prices now!
http://Effesitables=2Ecom/
contact some crisis management people, said Davidlisteners in each
local=
radio market in America=2Earound 100 passengers when it attempted to
be=
rth at aof last year=2E In the West Coast, its 25 percent and
National Football League=2E I'd like to thank all myhas visited the
White=
House in 24 years=2Eshowed even a rate of 100% spam=2E
--=_NextPart_5463_15C1_01C85079.AFCF6A50
Content-Type: text/html;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4=2E0 Transitional//EN
HTMLHEAD
META http-equiv=3DContent-Type content=3Dtext/html;
charset=3Dus-ascii=
META content=3DMSHTML 6=2E00=2E2900=2E2527 name=3DGENERATOR
STYLE type=3Dtext/css
=2Estyle2 {font-size: 10px; color: #8d8d8d;}
=2Em {font-family: tahoma; font-size: 12; color: #5C9CBC; font-weight:
bo=
ld;}
=2Ez {font-family: tahoma; font-size: 14; color: #cc; font-weight:
bo=
ld;}
=2Ei {font-family: tahoma; font-size: 12; color: #626262; font-weight:
bo=
ld;}
=2Ex {font-family: tahoma; font-size: 12;font-weight:
bold;color:#cc}=
body {background-color: #FF; color: #2B3235;
/STYLE
/HEAD
BODYspan class=3Dstyle2=20
brpotential for monopoly=2E To counter the arguments thatrecalled the
i=
ncident=2E It looks like one of/span=20
brbr
table
tr
td valign=3Dtopdiv
style=3Dheight:89px;width:223px;backgro=
Re: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs
We had a similar issue with Message labs once. A discussion involving our IP Addresses as shown in DNS and the source IP Addresses did result in us being unblocked. We are a moderately large company and though polite, I was obviously irritated. Not sure if that helped or hindered. Steven On Jan 17, 2008 8:46 AM, Don Andrews [EMAIL PROTECTED] wrote: [opinion on] Well, if the headers prove that the messages are not coming via your mail server, you should be quite justified in requesting that messagelabs unblock you and perhaps whitelist you as being part of the same company. My perception of messagelabs is not getting any better. [opinion off] -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:42 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs Hi, Ninja uses RBLs and is also discarding spams. As for the Messagelabs guys, I hardly see why thay are still doing business with them... They are not willing to help a lot. They were supposed to investigate and create a report of their findings and the result was the 3 spam sample I posted... what an investigation and report. That's why I turned myself to this list to try to get outside thoughts about the situations. On Jan 17, 2008 11:26 AM, Don Andrews [EMAIL PROTECTED] wrote: Don't know anything about Ninja - does it or can it be configured to reject rather than discard spam? Perhaps you need to have your HQ guys get Message Labs to work with (rather than against) you to help determine what's happening. -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:18 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] problem with messagelabs Hi, At my site I use Ninja to spam filter. It can't be a station that is infected because the public IP is dedicated to the mail server using a static NAT. The workstations are actually using another IP to hit the internet. As for the headers, the only data I had from MessageLabs was the 3 samples I pasted in the original post. I searched the message-id and some keywords on my exchange servers but can't find anything so they are not sent through our server. Thanks. On Jan 17, 2008 11:09 AM, Don Andrews [EMAIL PROTECTED] wrote: Do you reject spam? Or is it possible that one or more machines at your site are infected? Do the headers indicate that the spam is definitely being sent from your server to HQ? -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 7:40 AM To: MS-Exchange Admin Issues Subject: [JUNK] problem with messagelabs Hi guys, I have a problem sending messages to a site (our HQ) that is protected by Messagelabs. In fact the problem is that they are throttling our connections because they say that we re sending spam. They provided the following samples to prove their point. After looking at all the configs and all, I can't see how we could be sending those. I suspect that the informations are spoofed a la joe job and that's what affect us. Anyone can give me any inputs on how to deal with this because I can't find anything wrong on our system and they keep throttling over and over limiting the contacts from our site ti the HQ, which is at the very least annoying. If you have any ideas that could help me to stop this from happening, it would be very appreciated. Please note that the domain name has been changed. You can contact me off list if you need/want more specific details. //Spam sample 1 Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 7 Jan 2008 19:42:52 -0500 Received: from 60.52.18.165 (HELO localhost.localdomain) (63.51.17.146) by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 Date: Mon, 7 Jan 2008 19:42:35 +0500 Message-Id: [EMAIL PROTECTED] X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) X-Header-CompanyDBUserName: hpccm X-Header-MasterId: 072480 X-Header-Versions: [EMAIL PROTECTED] X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: [EMAIL PROTECTED] From: Marvin Casey [EMAIL PROTECTED] Subject: Re: Your Mortgage Refiinance Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC) FILETIME=[66978B80:01C8518F] Morttggage - lower your rrate! http://0rz.tw/563qc //Spam sample 2 Received: from sufi-isis.org ([85.104.221.208]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Sun, 6 Jan 2008 08:34:53 -0500 Return-Path: [EMAIL PROTECTED] Received: from 206.191.20.150 (HELO magmail.travelgolf.com) by MY_DOMAIN.com
Re: Sunbelt Announces Ninja Blade - The Barracuda Killer
The interface is wonderful. Kudos! Although, the online demo had some bugs. I hope its just cosmetic to the demo! On Jan 17, 2008 11:57 AM, Stu Sjouwerman [EMAIL PROTECTED] wrote: Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox Count
I'll do the same with your VB script: gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername | ft mailboxdisplayname,size -autosize -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 11:15 AM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count I'll take that two liner and make it one... ;-) (gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername).Count Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: Campbell, Rob [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:02 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count Powershell: $mbxs = gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername $mbxs.count -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 10:57 AM To: MS-Exchange Admin Issues Subject: Mailbox Count I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Mailbox Count
and a way to get size using PowerShell :) http://www.blkmtn.org/powershell-list-exchange2k3-mb-info Steven Peck On Jan 17, 2008 9:11 AM, Michael B. Smith [EMAIL PROTECTED] wrote: And if you also want to know how large each one is, here is a report you can run: Wrappage: http://theessentialexchange.com/blogs/michael/archive/2007/11/13/a-script-f or-getting-mailbox-sizes-using-wmi.aspx Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:05 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count Bingo! Thanks!!! -Original Message- From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:01 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count I THINK you can see per database by drilling down to the mailbox menu in system manager and selecting all - there should be a count in the lower left hand corner. -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:57 AM To: MS-Exchange Admin Issues Subject: Mailbox Count I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: [JUNK] Re: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs
Evidently. Our emails to customers were being bounced. The sample they forwarded was an obviously forged header with an IP Address somewhere in Europe. Admittedly this was early last year so things may have changed. My contact with them was through the our intended recipient company opening a case with them and then conferencing me in later in the process. I think it took about a day to resolve the matter. On Jan 17, 2008 9:36 AM, Don Andrews [EMAIL PROTECTED] wrote: Hmm, if they don't block based on IP, what DO they do - use domain? Perhaps they really don't have a clue. -Original Message- From: Steven Peck [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 9:28 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs We had a similar issue with Message labs once. A discussion involving our IP Addresses as shown in DNS and the source IP Addresses did result in us being unblocked. We are a moderately large company and though polite, I was obviously irritated. Not sure if that helped or hindered. Steven On Jan 17, 2008 8:46 AM, Don Andrews [EMAIL PROTECTED] wrote: [opinion on] Well, if the headers prove that the messages are not coming via your mail server, you should be quite justified in requesting that messagelabs unblock you and perhaps whitelist you as being part of the same company. My perception of messagelabs is not getting any better. [opinion off] -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:42 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs Hi, Ninja uses RBLs and is also discarding spams. As for the Messagelabs guys, I hardly see why thay are still doing business with them... They are not willing to help a lot. They were supposed to investigate and create a report of their findings and the result was the 3 spam sample I posted... what an investigation and report. That's why I turned myself to this list to try to get outside thoughts about the situations. On Jan 17, 2008 11:26 AM, Don Andrews [EMAIL PROTECTED] wrote: Don't know anything about Ninja - does it or can it be configured to reject rather than discard spam? Perhaps you need to have your HQ guys get Message Labs to work with (rather than against) you to help determine what's happening. -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:18 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] problem with messagelabs Hi, At my site I use Ninja to spam filter. It can't be a station that is infected because the public IP is dedicated to the mail server using a static NAT. The workstations are actually using another IP to hit the internet. As for the headers, the only data I had from MessageLabs was the 3 samples I pasted in the original post. I searched the message-id and some keywords on my exchange servers but can't find anything so they are not sent through our server. Thanks. On Jan 17, 2008 11:09 AM, Don Andrews [EMAIL PROTECTED] wrote: Do you reject spam? Or is it possible that one or more machines at your site are infected? Do the headers indicate that the spam is definitely being sent from your server to HQ? -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 7:40 AM To: MS-Exchange Admin Issues Subject: [JUNK] problem with messagelabs Hi guys, I have a problem sending messages to a site (our HQ) that is protected by Messagelabs. In fact the problem is that they are throttling our connections because they say that we re sending spam. They provided the following samples to prove their point. After looking at all the configs and all, I can't see how we could be sending those. I suspect that the informations are spoofed a la joe job and that's what affect us. Anyone can give me any inputs on how to deal with this because I can't find anything wrong on our system and they keep throttling over and over limiting the contacts from our site ti the HQ, which is at the very least annoying. If you have any ideas that could help me to stop this from happening, it would be very appreciated. Please note that the domain name has been changed. You can contact me off list if you need/want more specific details. //Spam sample 1 Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 7 Jan 2008 19:42:52 -0500 Received: from 60.52.18.165 (HELO localhost.localdomain) (63.51.17.146) by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 Date: Mon, 7 Jan 2008 19:42:35
RE: Mailbox Count
HAHAHAHAHA. :-) Got me. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: Campbell, Rob [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:26 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count I'll do the same with your VB script: gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername | ft mailboxdisplayname,size -autosize -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 11:15 AM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count I'll take that two liner and make it one... ;-) (gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername).Count Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: Campbell, Rob [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:02 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count Powershell: $mbxs = gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername $mbxs.count -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 10:57 AM To: MS-Exchange Admin Issues Subject: Mailbox Count I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Stu just got me to drink the Kool-Aid, the roofies came from Shook. -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 11:33 AM To: MS-Exchange Admin Issues Subject: Re: Sunbelt Announces Ninja Blade - The Barracuda Killer Was that before or after the roofie? On Jan 17, 2008 12:19 PM, Tim Vander Kooi [EMAIL PROTECTED] wrote: Stu told me it was FAR superior to all of them. ;-) -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Mailbox Count
heh /me goes to see what he can learn. Steven On Jan 17, 2008 9:27 AM, Michael B. Smith [EMAIL PROTECTED] wrote: Hmph. :-) This one uses PowerShell and sorts the output by Active Directory OU. Wrappage: http://theessentialexchange.com/blogs/michael/archive/2007/11/13/a-script-f or-getting-mailbox-sizes-using-wmi-in-powershell.aspx Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: Steven Peck [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Re: Mailbox Count and a way to get size using PowerShell :) http://www.blkmtn.org/powershell-list-exchange2k3-mb-info Steven Peck On Jan 17, 2008 9:11 AM, Michael B. Smith [EMAIL PROTECTED] wrote: And if you also want to know how large each one is, here is a report you can run: Wrappage: http://theessentialexchange.com/blogs/michael/archive/2007/11/13/a-script-f or-getting-mailbox-sizes-using-wmi.aspx Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:05 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count Bingo! Thanks!!! -Original Message- From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:01 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count I THINK you can see per database by drilling down to the mailbox menu in system manager and selecting all - there should be a count in the lower left hand corner. -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:57 AM To: MS-Exchange Admin Issues Subject: Mailbox Count I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: [JUNK] RE: [JUNK] Re: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs
Gee, it's even for organizations of all sizes ( suitable for organizations with up to 5000 users) -Original Message- From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 9:36 AM To: MS-Exchange Admin Issues Subject: [JUNK] RE: [JUNK] Re: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs Hmm, if they don't block based on IP, what DO they do - use domain? Perhaps they really don't have a clue. -Original Message- From: Steven Peck [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 9:28 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs We had a similar issue with Message labs once. A discussion involving our IP Addresses as shown in DNS and the source IP Addresses did result in us being unblocked. We are a moderately large company and though polite, I was obviously irritated. Not sure if that helped or hindered. Steven On Jan 17, 2008 8:46 AM, Don Andrews [EMAIL PROTECTED] wrote: [opinion on] Well, if the headers prove that the messages are not coming via your mail server, you should be quite justified in requesting that messagelabs unblock you and perhaps whitelist you as being part of the same company. My perception of messagelabs is not getting any better. [opinion off] -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:42 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs Hi, Ninja uses RBLs and is also discarding spams. As for the Messagelabs guys, I hardly see why thay are still doing business with them... They are not willing to help a lot. They were supposed to investigate and create a report of their findings and the result was the 3 spam sample I posted... what an investigation and report. That's why I turned myself to this list to try to get outside thoughts about the situations. On Jan 17, 2008 11:26 AM, Don Andrews [EMAIL PROTECTED] wrote: Don't know anything about Ninja - does it or can it be configured to reject rather than discard spam? Perhaps you need to have your HQ guys get Message Labs to work with (rather than against) you to help determine what's happening. -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:18 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] problem with messagelabs Hi, At my site I use Ninja to spam filter. It can't be a station that is infected because the public IP is dedicated to the mail server using a static NAT. The workstations are actually using another IP to hit the internet. As for the headers, the only data I had from MessageLabs was the 3 samples I pasted in the original post. I searched the message-id and some keywords on my exchange servers but can't find anything so they are not sent through our server. Thanks. On Jan 17, 2008 11:09 AM, Don Andrews [EMAIL PROTECTED] wrote: Do you reject spam? Or is it possible that one or more machines at your site are infected? Do the headers indicate that the spam is definitely being sent from your server to HQ? -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 7:40 AM To: MS-Exchange Admin Issues Subject: [JUNK] problem with messagelabs Hi guys, I have a problem sending messages to a site (our HQ) that is protected by Messagelabs. In fact the problem is that they are throttling our connections because they say that we re sending spam. They provided the following samples to prove their point. After looking at all the configs and all, I can't see how we could be sending those. I suspect that the informations are spoofed a la joe job and that's what affect us. Anyone can give me any inputs on how to deal with this because I can't find anything wrong on our system and they keep throttling over and over limiting the contacts from our site ti the HQ, which is at the very least annoying. If you have any ideas that could help me to stop this from happening, it would be very appreciated. Please note that the domain name has been changed. You can contact me off list if you need/want more specific details. //Spam sample 1 Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 7 Jan 2008 19:42:52 -0500 Received: from 60.52.18.165 (HELO localhost.localdomain) (63.51.17.146) by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 Date: Mon, 7 Jan 2008 19:42:35 +0500 Message-Id: [EMAIL PROTECTED] X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) X-Header-CompanyDBUserName: hpccm X-Header-MasterId: 072480 X-Header-Versions: [EMAIL PROTECTED] X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 Content-Type:
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
ROFL - couldn't have said it better myself. -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 9:33 AM To: MS-Exchange Admin Issues Subject: Re: Sunbelt Announces Ninja Blade - The Barracuda Killer Was that before or after the roofie? On Jan 17, 2008 12:19 PM, Tim Vander Kooi [EMAIL PROTECTED] wrote: Stu told me it was FAR superior to all of them. ;-) -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox Count
I THINK you can see per database by drilling down to the mailbox menu in system manager and selecting all - there should be a count in the lower left hand corner. -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:57 AM To: MS-Exchange Admin Issues Subject: Mailbox Count I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Mailbox Count
oh crap. /me runs for cover. so as not to get hit. Steven On Jan 17, 2008 9:25 AM, Campbell, Rob [EMAIL PROTECTED] wrote: I'll do the same with your VB script: gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername | ft mailboxdisplayname,size -autosize -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 11:15 AM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count I'll take that two liner and make it one... ;-) (gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername).Count Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: Campbell, Rob [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:02 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count Powershell: $mbxs = gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername $mbxs.count -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 10:57 AM To: MS-Exchange Admin Issues Subject: Mailbox Count I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Care to compare it with Tumbleweed's Mailgate - and perhaps some of the others? From: Stu Sjouwerman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:58 AM To: MS-Exchange Admin Issues Subject: Sunbelt Announces Ninja Blade - The Barracuda Killer Importance: High Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox Count
Bingo! Thanks!!! -Original Message- From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:01 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count I THINK you can see per database by drilling down to the mailbox menu in system manager and selecting all - there should be a count in the lower left hand corner. -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:57 AM To: MS-Exchange Admin Issues Subject: Mailbox Count I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox Count
-Original Message-
From: Steven Peck [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 12:41 PM
To: MS-Exchange Admin Issues
Subject: Re: Mailbox Count
non-sequitor
Let's try and interpret this anyway. It may help me understand
PowerShell better :)
On Jan 17, 2008 10:23 AM, Campbell, Rob
[EMAIL PROTECTED] wrote:
Something I was messing with last night:
sets $logfile = to a series of text files. event logs that have
been dumped to text files? (gci is an alias for get-childitem)
*Gets the raw message tracking log files (E2k7)
$logfiles = gci MSGTRK*.log
foreach ($logfile in $logfiles){
@{} designates an array or a for-each?
*Designates and initializes a hash-table (dictionary array)
$src_evt_ht = @{}
get the files (gc = get-content) assigned above
*Yes
gc $logfile |% {
are you replacing stuff with a comma or breaking at comma's only?
*Splitting the line into a collection of strings separated at the
commas.
if ($_ -notmatch ^\#.+$){
$rec = $_ -split ,
pull out source and event id's from the file ...
$source = $rec[7]
$event_id = $rec[8]
combine them and compare to each other and do something
*combines them, and adds each unique combination to the hash table if it
isn't already there, and sets an initial value of 1. Increments the
existing entry value by 1 if it is already there.
$src_evt = $source + . + $event_id
if ($src_evt_ht.$src_evt){$src_evt_ht.$src_evt =
[int]$src_evt_ht.$src_evt + 1}
else {$src_evt_ht.add($src_evt,1)}
}
}
write results to log file...
*displays the name of the log file being processed, and writes the
resulting hash table to the console.
$logfile.name
write-host `n
$src_evt_ht
}
How did I do?
*Not bad.
Steven
**
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
Re: Mailbox Count
non-sequitor
Let's try and interpret this anyway. It may help me understand
PowerShell better :)
On Jan 17, 2008 10:23 AM, Campbell, Rob
[EMAIL PROTECTED] wrote:
Something I was messing with last night:
sets $logfile = to a series of text files. event logs that have
been dumped to text files? (gci is an alias for get-childitem)
$logfiles = gci MSGTRK*.log
foreach ($logfile in $logfiles){
@{} designates an array or a for-each?
$src_evt_ht = @{}
get the files (gc = get-content) assigned above
gc $logfile |% {
are you replacing stuff with a comma or breaking at comma's only?
if ($_ -notmatch ^\#.+$){
$rec = $_ -split ,
pull out source and event id's from the file ...
$source = $rec[7]
$event_id = $rec[8]
combine them and compare to each other and do something
$src_evt = $source + . + $event_id
if ($src_evt_ht.$src_evt){$src_evt_ht.$src_evt =
[int]$src_evt_ht.$src_evt + 1}
else {$src_evt_ht.add($src_evt,1)}
}
}
write results to log file...
$logfile.name
write-host `n
$src_evt_ht
}
How did I do?
Steven
-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 11:15 AM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
I'll take that two liner and make it one... ;-)
(gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox
-computer
servername).Count
Regards,
Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Campbell, Rob [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 12:02 PM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
Powershell:
$mbxs = gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox
-computer servername
$mbxs.count
-Original Message-
From: John Hornbuckle [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 10:57 AM
To: MS-Exchange Admin Issues
Subject: Mailbox Count
I think there's an easy way to do this, but I'm drawing a blank... With
Exchange 2003, how can I quickly see how many mailboxes I have?
John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347
www.taylor.k12.fl.us
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
**
Note:
The information contained in this message may be privileged and
confidential
and
protected from disclosure. If the reader of this message is not the
intended
recipient, or an employee or agent responsible for delivering this
message
to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If
you
have received this communication in error, please notify us immediately
by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
**
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox Count
Something I was messing with last night:
$logfiles = gci MSGTRK*.log
foreach ($logfile in $logfiles){
$src_evt_ht = @{}
gc $logfile |% {
if ($_ -notmatch ^\#.+$){
$rec = $_ -split ,
$source = $rec[7]
$event_id = $rec[8]
$src_evt = $source + . + $event_id
if ($src_evt_ht.$src_evt){$src_evt_ht.$src_evt =
[int]$src_evt_ht.$src_evt + 1}
else {$src_evt_ht.add($src_evt,1)}
}
}
$logfile.name
write-host `n
$src_evt_ht
}
-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 11:15 AM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
I'll take that two liner and make it one... ;-)
(gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox
-computer
servername).Count
Regards,
Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Campbell, Rob [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 12:02 PM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
Powershell:
$mbxs = gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox
-computer servername
$mbxs.count
-Original Message-
From: John Hornbuckle [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 10:57 AM
To: MS-Exchange Admin Issues
Subject: Mailbox Count
I think there's an easy way to do this, but I'm drawing a blank... With
Exchange 2003, how can I quickly see how many mailboxes I have?
John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347
www.taylor.k12.fl.us
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
**
Note:
The information contained in this message may be privileged and
confidential
and
protected from disclosure. If the reader of this message is not the
intended
recipient, or an employee or agent responsible for delivering this
message
to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If
you
have received this communication in error, please notify us immediately
by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
**
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
I think in general you'll find that Ninja has everything you need, nothing you don't. Feature comparison checklists abound, but the product is focused on delivering high quality email filtering. As we continue development, more bells and whistles will come out. To me, the standout features on this product is a) the pricing (personally, I think it's way too low, and we don't make much on these things), b) Dell hardware, with 4-hour onsite service free with every box and b) the quality of the underlying engines. Alex From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:06 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Care to compare it with Tumbleweed's Mailgate - and perhaps some of the others? From: Stu Sjouwerman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:58 AM To: MS-Exchange Admin Issues Subject: Sunbelt Announces Ninja Blade - The Barracuda Killer Importance: High Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox Count
I'll take that two liner and make it one... ;-) (gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername).Count Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: Campbell, Rob [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:02 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count Powershell: $mbxs = gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername $mbxs.count -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 10:57 AM To: MS-Exchange Admin Issues Subject: Mailbox Count I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs
Hi, That's my thoughts, they're showing the FQDN in the headers, not the IP so I'm wondering how they are blocking stuff. I asked my co worker (which is in the HQ) to call hem again and request that the IP only was taken care of, not the FQDN. It's a forgery of the headers. On Jan 17, 2008 12:28 PM, Steven Peck [EMAIL PROTECTED] wrote: We had a similar issue with Message labs once. A discussion involving our IP Addresses as shown in DNS and the source IP Addresses did result in us being unblocked. We are a moderately large company and though polite, I was obviously irritated. Not sure if that helped or hindered. Steven On Jan 17, 2008 8:46 AM, Don Andrews [EMAIL PROTECTED] wrote: [opinion on] Well, if the headers prove that the messages are not coming via your mail server, you should be quite justified in requesting that messagelabs unblock you and perhaps whitelist you as being part of the same company. My perception of messagelabs is not getting any better. [opinion off] -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:42 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs Hi, Ninja uses RBLs and is also discarding spams. As for the Messagelabs guys, I hardly see why thay are still doing business with them... They are not willing to help a lot. They were supposed to investigate and create a report of their findings and the result was the 3 spam sample I posted... what an investigation and report. That's why I turned myself to this list to try to get outside thoughts about the situations. On Jan 17, 2008 11:26 AM, Don Andrews [EMAIL PROTECTED] wrote: Don't know anything about Ninja - does it or can it be configured to reject rather than discard spam? Perhaps you need to have your HQ guys get Message Labs to work with (rather than against) you to help determine what's happening. -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:18 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] problem with messagelabs Hi, At my site I use Ninja to spam filter. It can't be a station that is infected because the public IP is dedicated to the mail server using a static NAT. The workstations are actually using another IP to hit the internet. As for the headers, the only data I had from MessageLabs was the 3 samples I pasted in the original post. I searched the message-id and some keywords on my exchange servers but can't find anything so they are not sent through our server. Thanks. On Jan 17, 2008 11:09 AM, Don Andrews [EMAIL PROTECTED] wrote: Do you reject spam? Or is it possible that one or more machines at your site are infected? Do the headers indicate that the spam is definitely being sent from your server to HQ? -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 7:40 AM To: MS-Exchange Admin Issues Subject: [JUNK] problem with messagelabs Hi guys, I have a problem sending messages to a site (our HQ) that is protected by Messagelabs. In fact the problem is that they are throttling our connections because they say that we re sending spam. They provided the following samples to prove their point. After looking at all the configs and all, I can't see how we could be sending those. I suspect that the informations are spoofed a la joe job and that's what affect us. Anyone can give me any inputs on how to deal with this because I can't find anything wrong on our system and they keep throttling over and over limiting the contacts from our site ti the HQ, which is at the very least annoying. If you have any ideas that could help me to stop this from happening, it would be very appreciated. Please note that the domain name has been changed. You can contact me off list if you need/want more specific details. //Spam sample 1 Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 7 Jan 2008 19:42:52 -0500 Received: from 60.52.18.165 (HELO localhost.localdomain) (63.51.17.146) by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 Date: Mon, 7 Jan 2008 19:42:35 +0500 Message-Id: [EMAIL PROTECTED] X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) X-Header-CompanyDBUserName: hpccm X-Header-MasterId: 072480 X-Header-Versions: [EMAIL PROTECTED] X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: [EMAIL PROTECTED] From: Marvin Casey [EMAIL PROTECTED] Subject: Re: Your Mortgage Refiinance Return-Path: [EMAIL
RE: Mailbox Count
Maybe you can talk them into at least replacing what's on the perimeter
with an Edge and Hub Transport server, even if they're not ready to
start upgrading the mailbox servers yet.
-Original Message-
From: Steven Peck [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 1:13 PM
To: MS-Exchange Admin Issues
Subject: Re: Mailbox Count
ahh... I need to get Exchange 2007 here. They are tormenting us with
a 'chance' if time permits in Q2 if projects wrap early in Q1.
Otherwise we just continue with E2k3 until 'some other time'.
Thanks,
Steven
On Jan 17, 2008 10:52 AM, Campbell, Rob
[EMAIL PROTECTED] wrote:
-Original Message-
From: Steven Peck [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 12:41 PM
To: MS-Exchange Admin Issues
Subject: Re: Mailbox Count
non-sequitor
Let's try and interpret this anyway. It may help me understand
PowerShell better :)
On Jan 17, 2008 10:23 AM, Campbell, Rob
[EMAIL PROTECTED] wrote:
Something I was messing with last night:
sets $logfile = to a series of text files. event logs that have
been dumped to text files? (gci is an alias for get-childitem)
*Gets the raw message tracking log files (E2k7)
$logfiles = gci MSGTRK*.log
foreach ($logfile in $logfiles){
@{} designates an array or a for-each?
*Designates and initializes a hash-table (dictionary array)
$src_evt_ht = @{}
get the files (gc = get-content) assigned above
*Yes
gc $logfile |% {
are you replacing stuff with a comma or breaking at comma's only?
*Splitting the line into a collection of strings separated at the
commas.
if ($_ -notmatch ^\#.+$){
$rec = $_ -split ,
pull out source and event id's from the file ...
$source = $rec[7]
$event_id = $rec[8]
combine them and compare to each other and do something
*combines them, and adds each unique combination to the hash table if
it
isn't already there, and sets an initial value of 1. Increments the
existing entry value by 1 if it is already there.
$src_evt = $source + . + $event_id
if ($src_evt_ht.$src_evt){$src_evt_ht.$src_evt =
[int]$src_evt_ht.$src_evt + 1}
else {$src_evt_ht.add($src_evt,1)}
}
}
write results to log file...
*displays the name of the log file being processed, and writes the
resulting hash table to the console.
$logfile.name
write-host `n
$src_evt_ht
}
How did I do?
*Not bad.
Steven
**
Note:
The information contained in this message may be privileged and
confidential and
protected from disclosure. If the reader of this message is not the
intended
recipient, or an employee or agent responsible for delivering this
message to
the intended recipient, you are hereby notified that any
dissemination,
distribution or copying of this communication is strictly prohibited.
If you
have received this communication in error, please notify us
immediately by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
**
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
RE: [JUNK] Re: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs
Hmm, if they don't block based on IP, what DO they do - use domain? Perhaps they really don't have a clue. -Original Message- From: Steven Peck [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 9:28 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs We had a similar issue with Message labs once. A discussion involving our IP Addresses as shown in DNS and the source IP Addresses did result in us being unblocked. We are a moderately large company and though polite, I was obviously irritated. Not sure if that helped or hindered. Steven On Jan 17, 2008 8:46 AM, Don Andrews [EMAIL PROTECTED] wrote: [opinion on] Well, if the headers prove that the messages are not coming via your mail server, you should be quite justified in requesting that messagelabs unblock you and perhaps whitelist you as being part of the same company. My perception of messagelabs is not getting any better. [opinion off] -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:42 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs Hi, Ninja uses RBLs and is also discarding spams. As for the Messagelabs guys, I hardly see why thay are still doing business with them... They are not willing to help a lot. They were supposed to investigate and create a report of their findings and the result was the 3 spam sample I posted... what an investigation and report. That's why I turned myself to this list to try to get outside thoughts about the situations. On Jan 17, 2008 11:26 AM, Don Andrews [EMAIL PROTECTED] wrote: Don't know anything about Ninja - does it or can it be configured to reject rather than discard spam? Perhaps you need to have your HQ guys get Message Labs to work with (rather than against) you to help determine what's happening. -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:18 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] problem with messagelabs Hi, At my site I use Ninja to spam filter. It can't be a station that is infected because the public IP is dedicated to the mail server using a static NAT. The workstations are actually using another IP to hit the internet. As for the headers, the only data I had from MessageLabs was the 3 samples I pasted in the original post. I searched the message-id and some keywords on my exchange servers but can't find anything so they are not sent through our server. Thanks. On Jan 17, 2008 11:09 AM, Don Andrews [EMAIL PROTECTED] wrote: Do you reject spam? Or is it possible that one or more machines at your site are infected? Do the headers indicate that the spam is definitely being sent from your server to HQ? -Original Message- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 7:40 AM To: MS-Exchange Admin Issues Subject: [JUNK] problem with messagelabs Hi guys, I have a problem sending messages to a site (our HQ) that is protected by Messagelabs. In fact the problem is that they are throttling our connections because they say that we re sending spam. They provided the following samples to prove their point. After looking at all the configs and all, I can't see how we could be sending those. I suspect that the informations are spoofed a la joe job and that's what affect us. Anyone can give me any inputs on how to deal with this because I can't find anything wrong on our system and they keep throttling over and over limiting the contacts from our site ti the HQ, which is at the very least annoying. If you have any ideas that could help me to stop this from happening, it would be very appreciated. Please note that the domain name has been changed. You can contact me off list if you need/want more specific details. //Spam sample 1 Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 7 Jan 2008 19:42:52 -0500 Received: from 60.52.18.165 (HELO localhost.localdomain) (63.51.17.146) by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 Date: Mon, 7 Jan 2008 19:42:35 +0500 Message-Id: [EMAIL PROTECTED] X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) X-Header-CompanyDBUserName: hpccm X-Header-MasterId: 072480 X-Header-Versions: [EMAIL PROTECTED] X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: [EMAIL PROTECTED] From: Marvin Casey [EMAIL PROTECTED] Subject: Re: Your Mortgage Refiinance Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC) FILETIME=[66978B80:01C8518F] Morttggage - lower your rrate!
Re: Sunbelt Announces Ninja Blade - The Barracuda Killer
Was that before or after the roofie? On Jan 17, 2008 12:19 PM, Tim Vander Kooi [EMAIL PROTECTED] wrote: Stu told me it was FAR superior to all of them. ;-) -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Sunbelt Announces Ninja Blade - The Barracuda Killer
Not to disparage, but a couple of friends and went through the interface of the online demo and were surprised to find a bunch of abilities not there. Is the demo up-to-date with the production release? On Jan 17, 2008 1:32 PM, Alex Eckelberry [EMAIL PROTECTED] wrote: I think in general you'll find that Ninja has everything you need, nothing you don't. Feature comparison checklists abound, but the product is focused on delivering high quality email filtering. As we continue development, more bells and whistles will come out. To me, the standout features on this product is a) the pricing (personally, I think it's way too low, and we don't make much on these things), b) Dell hardware, with 4-hour onsite service free with every box and b) the quality of the underlying engines. Alex From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:06 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Care to compare it with Tumbleweed's Mailgate – and perhaps some of the others? From: Stu Sjouwerman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:58 AM To: MS-Exchange Admin Issues Subject: Sunbelt Announces Ninja Blade - The Barracuda Killer Importance: High Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox Count
Hmph. :-) This one uses PowerShell and sorts the output by Active Directory OU. Wrappage: http://theessentialexchange.com/blogs/michael/archive/2007/11/13/a-script-f or-getting-mailbox-sizes-using-wmi-in-powershell.aspx Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: Steven Peck [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:25 PM To: MS-Exchange Admin Issues Subject: Re: Mailbox Count and a way to get size using PowerShell :) http://www.blkmtn.org/powershell-list-exchange2k3-mb-info Steven Peck On Jan 17, 2008 9:11 AM, Michael B. Smith [EMAIL PROTECTED] wrote: And if you also want to know how large each one is, here is a report you can run: Wrappage: http://theessentialexchange.com/blogs/michael/archive/2007/11/13/a-script-f or-getting-mailbox-sizes-using-wmi.aspx Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:05 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count Bingo! Thanks!!! -Original Message- From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:01 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count I THINK you can see per database by drilling down to the mailbox menu in system manager and selecting all - there should be a count in the lower left hand corner. -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:57 AM To: MS-Exchange Admin Issues Subject: Mailbox Count I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Stu told me it was FAR superior to all of them. ;-) From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 11:06 AM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Care to compare it with Tumbleweed's Mailgate - and perhaps some of the others? From: Stu Sjouwerman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:58 AM To: MS-Exchange Admin Issues Subject: Sunbelt Announces Ninja Blade - The Barracuda Killer Importance: High Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Not to disparage, but a couple of friends and went through the interface of the online demo and were surprised to find a bunch of abilities not there. Is the demo up-to-date with the production release? I read through the complete datasheet and this looks pretty low end from a software feature standpoint. As long as it doesn't NDR by default on dictionary attacks I could recommend this as a 'cuda replacement. It will probably be fine for small and the low-end medium size shops, but they will have to add a lot more functionality to compete successfully with the Ironports and the Can-It Pros of the world. Non customizable file extension filtering is the most glaring defect I see. There's a lot more that seems similarly limited. Docs are decent, but it would be nice to see some wording in the setup docs to steer the clueless towards better practices such as NOT having disclaimers. Low end shops would probably also appreciate some exchange hand holding WRT smart hosts setup and etc... I guess (for around 20 aliases) $1500 would be reasonable for the 500 model w/ a year of 24x7x365 support and 4hr replacement. Maybe $500 per year after that for support. my 2¢ ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox Count
Powershell: $mbxs = gwmi -namespace root\microsoftexchangev2 -class exchange_mailbox -computer servername $mbxs.count -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 10:57 AM To: MS-Exchange Admin Issues Subject: Mailbox Count I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Aw, now I'm gonna have to look closer. From: Tim Vander Kooi [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 9:20 AM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Stu told me it was FAR superior to all of them. ;-) From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 11:06 AM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Care to compare it with Tumbleweed's Mailgate - and perhaps some of the others? From: Stu Sjouwerman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:58 AM To: MS-Exchange Admin Issues Subject: Sunbelt Announces Ninja Blade - The Barracuda Killer Importance: High Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox Count
And if you also want to know how large each one is, here is a report you can run: Wrappage: http://theessentialexchange.com/blogs/michael/archive/2007/11/13/a-script-f or-getting-mailbox-sizes-using-wmi.aspx Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:05 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count Bingo! Thanks!!! -Original Message- From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:01 PM To: MS-Exchange Admin Issues Subject: RE: Mailbox Count I THINK you can see per database by drilling down to the mailbox menu in system manager and selecting all - there should be a count in the lower left hand corner. -Original Message- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:57 AM To: MS-Exchange Admin Issues Subject: Mailbox Count I think there's an easy way to do this, but I'm drawing a blank... With Exchange 2003, how can I quickly see how many mailboxes I have? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Mailbox Count
ahh... I need to get Exchange 2007 here. They are tormenting us with
a 'chance' if time permits in Q2 if projects wrap early in Q1.
Otherwise we just continue with E2k3 until 'some other time'.
Thanks,
Steven
On Jan 17, 2008 10:52 AM, Campbell, Rob
[EMAIL PROTECTED] wrote:
-Original Message-
From: Steven Peck [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 12:41 PM
To: MS-Exchange Admin Issues
Subject: Re: Mailbox Count
non-sequitor
Let's try and interpret this anyway. It may help me understand
PowerShell better :)
On Jan 17, 2008 10:23 AM, Campbell, Rob
[EMAIL PROTECTED] wrote:
Something I was messing with last night:
sets $logfile = to a series of text files. event logs that have
been dumped to text files? (gci is an alias for get-childitem)
*Gets the raw message tracking log files (E2k7)
$logfiles = gci MSGTRK*.log
foreach ($logfile in $logfiles){
@{} designates an array or a for-each?
*Designates and initializes a hash-table (dictionary array)
$src_evt_ht = @{}
get the files (gc = get-content) assigned above
*Yes
gc $logfile |% {
are you replacing stuff with a comma or breaking at comma's only?
*Splitting the line into a collection of strings separated at the
commas.
if ($_ -notmatch ^\#.+$){
$rec = $_ -split ,
pull out source and event id's from the file ...
$source = $rec[7]
$event_id = $rec[8]
combine them and compare to each other and do something
*combines them, and adds each unique combination to the hash table if it
isn't already there, and sets an initial value of 1. Increments the
existing entry value by 1 if it is already there.
$src_evt = $source + . + $event_id
if ($src_evt_ht.$src_evt){$src_evt_ht.$src_evt =
[int]$src_evt_ht.$src_evt + 1}
else {$src_evt_ht.add($src_evt,1)}
}
}
write results to log file...
*displays the name of the log file being processed, and writes the
resulting hash table to the console.
$logfile.name
write-host `n
$src_evt_ht
}
How did I do?
*Not bad.
Steven
**
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Alex, I just read your blog. Does the blade support or have any future plans to support failover/clustering/or load balancing ? Encryption partner? The product looks great, I'm not a fan whatsoever of cuda's, granted this is targeted at a smaller market than I am in, but I would give the blade a hard look if I were to have an opportunity to again. Good luck with the product. - John From: Alex Eckelberry [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 10:20 AM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer I've also blogged about it here: http://sunbeltblog.blogspot.com/2008/01/our-first-hardware-product-ninja blade.html From: Stu Sjouwerman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 11:58 AM To: MS-Exchange Admin Issues Subject: Sunbelt Announces Ninja Blade - The Barracuda Killer Importance: High Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Michael, We started out with this first iteration of the GUI, and provide the basic required features right out of the box. That feature set will be expanded upon significantly over time and we're happy to get suggestions. There -will- be a lot more to tweak, but Blade as it is was put together to have it up and running in 10 minutes. Let us know what you'd like to see added? Warm regards, Stu -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:36 PM To: MS-Exchange Admin Issues Subject: Re: Sunbelt Announces Ninja Blade - The Barracuda Killer I meant to add: mainly was the ability to edit parts of the config - and not just add/delete. You know - tweak something you already configured. On Jan 17, 2008 2:11 PM, Micheal Espinola Jr [EMAIL PROTECTED] wrote: Not to disparage, but a couple of friends and went through the interface of the online demo and were surprised to find a bunch of abilities not there. Is the demo up-to-date with the production release? On Jan 17, 2008 1:32 PM, Alex Eckelberry [EMAIL PROTECTED] wrote: I think in general you'll find that Ninja has everything you need, nothing you don't. Feature comparison checklists abound, but the product is focused on delivering high quality email filtering. As we continue development, more bells and whistles will come out. To me, the standout features on this product is a) the pricing (personally, I think it's way too low, and we don't make much on these things), b) Dell hardware, with 4-hour onsite service free with every box and b) the quality of the underlying engines. Alex From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:06 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Care to compare it with Tumbleweed's Mailgate - and perhaps some of the others? From: Stu Sjouwerman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:58 AM To: MS-Exchange Admin Issues Subject: Sunbelt Announces Ninja Blade - The Barracuda Killer Importance: High Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Sunbelt Announces Ninja Blade - The Barracuda Killer
I meant to add: mainly was the ability to edit parts of the config - and not just add/delete. You know - tweak something you already configured. On Jan 17, 2008 2:11 PM, Micheal Espinola Jr [EMAIL PROTECTED] wrote: Not to disparage, but a couple of friends and went through the interface of the online demo and were surprised to find a bunch of abilities not there. Is the demo up-to-date with the production release? On Jan 17, 2008 1:32 PM, Alex Eckelberry [EMAIL PROTECTED] wrote: I think in general you'll find that Ninja has everything you need, nothing you don't. Feature comparison checklists abound, but the product is focused on delivering high quality email filtering. As we continue development, more bells and whistles will come out. To me, the standout features on this product is a) the pricing (personally, I think it's way too low, and we don't make much on these things), b) Dell hardware, with 4-hour onsite service free with every box and b) the quality of the underlying engines. Alex From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:06 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Care to compare it with Tumbleweed's Mailgate – and perhaps some of the others? From: Stu Sjouwerman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:58 AM To: MS-Exchange Admin Issues Subject: Sunbelt Announces Ninja Blade - The Barracuda Killer Importance: High Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Is there LDAP filtering support? From: Stu Sjouwerman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 9:58 AM To: MS-Exchange Admin Issues Subject: Sunbelt Announces Ninja Blade - The Barracuda Killer Importance: High Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Handy PST Password Utility
Just tried this utility - worked like a champ! Small and nothing to install. http://www.nirsoft.net/utils/pst_password.html Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 I have all the money I need... if I die by 4 pm this afternoon. - Henny Youngman ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
I've also blogged about it here: http://sunbeltblog.blogspot.com/2008/01/our-first-hardware-product-ninja blade.html From: Stu Sjouwerman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 11:58 AM To: MS-Exchange Admin Issues Subject: Sunbelt Announces Ninja Blade - The Barracuda Killer Importance: High Hi All, Here is one of my infamous, genuine 100% commercial messages ! ;-D The subject essentially said it all. We built a very high quality appliance, with carrier-grade software, using a Dell server. We're quite excited to be able to offer this now, in addition to the Ninja Email Security software product itself. The pricing is -very- competitive. Check out the microsite we built for our new 'Blade': http://www.sunbeltsoftware.com/rd/?id=080117BL-NINJABLADE Warm regards, Stu PS, If you want to play with the actual interface, you need to fill out the 'request eval' form, and in the auto-return email will be a link with a username and password so you can see how it looks. A world of difference compared to the 'cuda. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Sunbelt Announces Ninja Blade - The Barracuda Killer
Good points. Other best practices - no catchall accounts, and no NDRs for non-existent accounts, or rather, just issue a 5xx response and don't accept the message. On Jan 17, 2008 11:44 AM, Jason Gurtz [EMAIL PROTECTED] wrote: Not to disparage, but a couple of friends and went through the interface of the online demo and were surprised to find a bunch of abilities not there. Is the demo up-to-date with the production release? I read through the complete datasheet and this looks pretty low end from a software feature standpoint. As long as it doesn't NDR by default on dictionary attacks I could recommend this as a 'cuda replacement. It will probably be fine for small and the low-end medium size shops, but they will have to add a lot more functionality to compete successfully with the Ironports and the Can-It Pros of the world. Non customizable file extension filtering is the most glaring defect I see. There's a lot more that seems similarly limited. Docs are decent, but it would be nice to see some wording in the setup docs to steer the clueless towards better practices such as NOT having disclaimers. Low end shops would probably also appreciate some exchange hand holding WRT smart hosts setup and etc... I guess (for around 20 aliases) $1500 would be reasonable for the 500 model w/ a year of 24x7x365 support and 4hr replacement. Maybe $500 per year after that for support. my 2¢ ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
Sure, but you'll need a 2003 server to install it on. It's not typically part of the internal AD domain. Isn't it called Forefront Security now or something? -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. Will ISA 2006 work in a Windows 2000 environment? -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:39 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
The VPNs are gateways but nothing stops them from putting the OWA address in a kiosk browser. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. What if I'm at an airport kiosk? If I have access to VPN, I'll probably want to use Outlook. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Exchange 2000 OWA is open.
I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
Add a second server. Install Exchange on it Configure it as a front end exchange server. Enable forms-based authentication and SSL on this front end box. Get a SSL cert either from Entrust, Verisign, etc or configure your own in-house Certificate Authority and get a cert from that server. Enable http https redirection to the front end server. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:39 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
Will ISA 2006 work in a Windows 2000 environment? -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:39 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: BUE Exchange Logs
In the job properties under settings\Microsoft Exchange the Information Store Backups method should show Full - Database Logs (flush committed logs). That and selecting the information store should be all you need to do. Larry Didtel From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Jan 15, 2008 7:31 PM To: MS-Exchange Admin Issues Subject: BUE Exchange Logs I've been playing with Backup Exec and it seems to be doing a good job, however, my Exchange logs are not getting flushed when I do a full backup of the server. Is this a simple configuration setting I missed somewhere? Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 Neckties strangle clear thinking. --Lin Yutang This e-mail transmission and any accompanying documents contain information from the company, Stemilt Growers, Inc., which is confidential or privileged. The information is intended to be for the use of the individual or entity named in this transmission. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this transmission is prohibited. If you have received this transmission in error, please notify us by telephone immediately at 509-663-1451. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
What if I'm at an airport kiosk? If I have access to VPN, I'll probably want to use Outlook. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
It's not a bad product. :) So what Lunix [sic] are you running? CentOS All your other points are noted (and agreed) Non customizable file extension filtering is the most glaring defect I see. Not sure I get that, the product supports such a feature. Alex -Original Message- From: Jason Gurtz [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 4:08 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Incidentally, this is the MTA that's under-the-hood: http://www.messagesystems.com/carrier_suite/carrierSuiteSpecifications.h tm l It's not a bad product. :) So what Lunix [sic] are you running? ...and what's the official word on the default NDR settings? While you're at it adding features, you might want to iptables drop any connections from the BOGON list and the Spamhaus DROP list. That'll free up the cpu by an order of magnitude. BTW, you will make the Spamhaus people happy if you offer the zen list instead when people pick both xbl and sbl (and you get the pbl for free). You'll make them even happier if you donate every year and will gain community goodwill and higher sales. Of note is barracuda who has and continues to bite, stamp on, throw away, and generally defecate on all the various hands that feed them... Ignore their history at your peril. I think Stu knows very well what it's like when you piss off the OS community. I think it's funny when I see fallout today from things he did nearly a decade ago; that should tell you how serious of a thing a reputation is. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
I believe you are correct that ISA is now a part of Forefront along with the new application gateway, which is really nice. Excellent way to present OWA. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:49 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. Sure, but you'll need a 2003 server to install it on. It's not typically part of the internal AD domain. Isn't it called Forefront Security now or something? -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. Will ISA 2006 work in a Windows 2000 environment? -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:39 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange 2000 OWA is open.
There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. As long as OWA is freely accessible, it WILL be attacked. If the business owners want it to stop, OWA _HAS_ to not be available publicly. An SSL VPN would take care of this, as it forces the authentication through a web accessible technology before anything else can occur. ISA would do something similar. In both cases, you're just moving the point of attack. On 1/17/08 12:48, Stephan Barr [EMAIL PROTECTED] wrote: The VPNs are gateways but nothing stops them from putting the OWA address in a kiosk browser. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. What if I'm at an airport kiosk? If I have access to VPN, I'll probably want to use Outlook. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
ISA 2000, ISA 2004, ISA 2006. Newer is better? -Original Message- From: Tim Vander Kooi [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:04 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. Donning Dr. Tom mask If it ain't ISA it sucks, but ISA is perfection on a shiny plastic platter! Removing Dr. Tom mask In all seriousness, ISA is your best solution for this situation. TVK -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Non customizable file extension filtering is the most glaring defect I see. Not sure I get that, the product supports such a feature. Maybe... What I got from the documentation is that you could only choose from 3 pre-configured levels (medium being the most ideal, yet missing many). It's nice to offer preconfigured options but it really should be a user-definable, delimited string. It's certainly possible that I missed that this feature is available. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange 2000 OWA is open.
Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Jason, all great points. You're going to see a lot of feature enhancements coming out in updates over the coming months. There's a vast amount of functionality in the MTA that we simply haven't exposed through the UI. It's a matter of us exposing it, testing it, and then shipping it. Incidentally, this is the MTA that's under-the-hood: http://www.messagesystems.com/carrier_suite/carrierSuiteSpecifications.html Alex -Original Message- From: Jason Gurtz [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:45 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Not to disparage, but a couple of friends and went through the interface of the online demo and were surprised to find a bunch of abilities not there. Is the demo up-to-date with the production release? I read through the complete datasheet and this looks pretty low end from a software feature standpoint. As long as it doesn't NDR by default on dictionary attacks I could recommend this as a 'cuda replacement. It will probably be fine for small and the low-end medium size shops, but they will have to add a lot more functionality to compete successfully with the Ironports and the Can-It Pros of the world. Non customizable file extension filtering is the most glaring defect I see. There's a lot more that seems similarly limited. Docs are decent, but it would be nice to see some wording in the setup docs to steer the clueless towards better practices such as NOT having disclaimers. Low end shops would probably also appreciate some exchange hand holding WRT smart hosts setup and etc... I guess (for around 20 aliases) $1500 would be reasonable for the 500 model w/ a year of 24x7x365 support and 4hr replacement. Maybe $500 per year after that for support. my 2¢ ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Hi Jason, It does not NDR a dictionary attack. At the connection layer, the security and functionality is essentially identical to that supported in the MessageSystems carrier suite MTA, since it's the same product (we figured, if it's good enough for Verizon) Not all the functionality is exposed in the UI, partly because this is the first release, and partly because we locked down the config to keep it manageable without having a full time admin on it. Chad Loeven e: [EMAIL PROTECTED] p: 727.562.0101 x274 -Original Message- From: Jason Gurtz [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 4:08 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Incidentally, this is the MTA that's under-the-hood: http://www.messagesystems.com/carrier_suite/carrierSuiteSpecifications.h tm l It's not a bad product. :) So what Lunix [sic] are you running? ...and what's the official word on the default NDR settings? While you're at it adding features, you might want to iptables drop any connections from the BOGON list and the Spamhaus DROP list. That'll free up the cpu by an order of magnitude. BTW, you will make the Spamhaus people happy if you offer the zen list instead when people pick both xbl and sbl (and you get the pbl for free). You'll make them even happier if you donate every year and will gain community goodwill and higher sales. Of note is barracuda who has and continues to bite, stamp on, throw away, and generally defecate on all the various hands that feed them... Ignore their history at your peril. I think Stu knows very well what it's like when you piss off the OS community. I think it's funny when I see fallout today from things he did nearly a decade ago; that should tell you how serious of a thing a reputation is. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RBLs
Does anyone have RBL providers to recommend or stay away from? Steve ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
Thanks for the replies you guys. Very much appreciated. Cheers. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
We do that via reverse proxy and hardware token. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. What if I'm at an airport kiosk? If I have access to VPN, I'll probably want to use Outlook. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
IF its externally available. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:48 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. The VPNs are gateways but nothing stops them from putting the OWA address in a kiosk browser. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. What if I'm at an airport kiosk? If I have access to VPN, I'll probably want to use Outlook. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: RBLs
http://www.asspsmtp.org/wiki/DNSBL That's an excellent list, thanks for putting it together! ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. Put it on a non-standard port and distribute shortcuts via logon scripting. That'll stop most of the worms at least (is it still codered you're seeing). You could also invest in an IPS box to put in front of everything (e.g. TippingPoint, SecureWorks iSensor, etc...). ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
It does not NDR a dictionary attack. Hey great, good to know! :) Not all the functionality is exposed in the UI, partly because this is the first release, and partly because we locked down the config to keep it manageable without having a full time admin on it. That's probably pretty standard for these types of boxes I'd guess. ~Jason -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Ah! Yes there are three preconfigured levels, but you can add or delete any attachment rule within any of those levels. Chad Loeven e: [EMAIL PROTECTED] p: 727.562.0101 x274 -Original Message- From: Jason Gurtz [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 4:39 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Non customizable file extension filtering is the most glaring defect I see. Not sure I get that, the product supports such a feature. Maybe... What I got from the documentation is that you could only choose from 3 pre-configured levels (medium being the most ideal, yet missing many). It's nice to offer preconfigured options but it really should be a user-definable, delimited string. It's certainly possible that I missed that this feature is available. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: RBLs
My best results have always been with Spamhaus. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 If you can count your money, you don't have a billion dollars. -Original Message- From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 4:18 PM To: MS-Exchange Admin Issues Subject: RBLs Does anyone have RBL providers to recommend or stay away from? Steve ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: RBLs
This is my write-up about which DNSBLs (also referred to as RBLs) that I use and why: http://www.asspsmtp.org/wiki/DNSBL On Jan 17, 2008 4:17 PM, Steve Hart [EMAIL PROTECTED] wrote: Does anyone have RBL providers to recommend or stay away from? Steve ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Mailbox Count
Servers are on three year lease. The other Exchange admin and I timed
it this way on purpose. If they won't let us upgrade, we can add new
systems into the cluster with little interruption. Routing group
servers are easier. Well, we knew E2k7 was going to be a swing
upgrade so we planned to use this as a 'best time is _now_' argument.
We had some other delayed projects and a surprise project that ate
into our initial window, but we have high hopes management will let
us. Our direct manager is convinced, when we get a more realistic
view of the near term workload then business justifications will go
forth :)
Steven
On Jan 17, 2008 11:22 AM, Campbell, Rob
[EMAIL PROTECTED] wrote:
Maybe you can talk them into at least replacing what's on the perimeter
with an Edge and Hub Transport server, even if they're not ready to
start upgrading the mailbox servers yet.
-Original Message-
From: Steven Peck [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 1:13 PM
To: MS-Exchange Admin Issues
Subject: Re: Mailbox Count
ahh... I need to get Exchange 2007 here. They are tormenting us with
a 'chance' if time permits in Q2 if projects wrap early in Q1.
Otherwise we just continue with E2k3 until 'some other time'.
Thanks,
Steven
On Jan 17, 2008 10:52 AM, Campbell, Rob
[EMAIL PROTECTED] wrote:
-Original Message-
From: Steven Peck [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 12:41 PM
To: MS-Exchange Admin Issues
Subject: Re: Mailbox Count
non-sequitor
Let's try and interpret this anyway. It may help me understand
PowerShell better :)
On Jan 17, 2008 10:23 AM, Campbell, Rob
[EMAIL PROTECTED] wrote:
Something I was messing with last night:
sets $logfile = to a series of text files. event logs that have
been dumped to text files? (gci is an alias for get-childitem)
*Gets the raw message tracking log files (E2k7)
$logfiles = gci MSGTRK*.log
foreach ($logfile in $logfiles){
@{} designates an array or a for-each?
*Designates and initializes a hash-table (dictionary array)
$src_evt_ht = @{}
get the files (gc = get-content) assigned above
*Yes
gc $logfile |% {
are you replacing stuff with a comma or breaking at comma's only?
*Splitting the line into a collection of strings separated at the
commas.
if ($_ -notmatch ^\#.+$){
$rec = $_ -split ,
pull out source and event id's from the file ...
$source = $rec[7]
$event_id = $rec[8]
combine them and compare to each other and do something
*combines them, and adds each unique combination to the hash table if
it
isn't already there, and sets an initial value of 1. Increments the
existing entry value by 1 if it is already there.
$src_evt = $source + . + $event_id
if ($src_evt_ht.$src_evt){$src_evt_ht.$src_evt =
[int]$src_evt_ht.$src_evt + 1}
else {$src_evt_ht.add($src_evt,1)}
}
}
write results to log file...
*displays the name of the log file being processed, and writes the
resulting hash table to the console.
$logfile.name
write-host `n
$src_evt_ht
}
How did I do?
*Not bad.
Steven
**
Note:
The information contained in this message may be privileged and
confidential and
protected from disclosure. If the reader of this message is not the
intended
recipient, or an employee or agent responsible for delivering this
message to
the intended recipient, you are hereby notified that any
dissemination,
distribution or copying of this communication is strictly prohibited.
If you
have received this communication in error, please notify us
immediately by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
**
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**
~ Ninja Email
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Yes there are three preconfigured levels, but you can add or delete any attachment rule within any of those levels. Excellent, maybe a UI improvement is in order for a future release, this should be an obvious and easy to change feature (like right there on that page with the three levels as a 4th option with a customize... button). Thanks for the quick replies, that's a good sign. :) ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
good point, thanks, keep it all coming. -Original Message- From: Jason Gurtz [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 4:49 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Yes there are three preconfigured levels, but you can add or delete any attachment rule within any of those levels. Excellent, maybe a UI improvement is in order for a future release, this should be an obvious and easy to change feature (like right there on that page with the three levels as a 4th option with a customize... button). Thanks for the quick replies, that's a good sign. :) ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: RBLs
Agreed. Thank you Michael! Steve -Original Message- From: Jason Gurtz [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 1:45 PM To: MS-Exchange Admin Issues Subject: RE: RBLs http://www.asspsmtp.org/wiki/DNSBL That's an excellent list, thanks for putting it together! ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: RBLs
You're welcome - I'm glad it helps! -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: RBLs
Agreed. Spamhaus is the best over all, and quite safe to use - IMO. On Jan 17, 2008 4:48 PM, Roger Wright [EMAIL PROTECTED] wrote: My best results have always been with Spamhaus. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 If you can count your money, you don't have a billion dollars. -Original Message- From: Steve Hart [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 4:18 PM To: MS-Exchange Admin Issues Subject: RBLs Does anyone have RBL providers to recommend or stay away from? Steve ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox Count
Thanks, I'll give it a try.
It probably seems like a trivial exercise, but it's helping me learn the
workings of Powershell, and helped me figure whan a problem started that
looked like it was going to be a tedious process using the gui.
-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 4:38 PM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
Slightly denser (untested but seems right):
gci MSGTRK*.log -name |% {
$src_evt_ht = @{}
$_.Name
gc $_ |
foreach {
if ($_[0] -neq #){
$rec = $_ -split ,
$src_evt_ht.[($rec[7] + . + $rec[8])] += 1
}
}
write-host
$src_evt_ht
}
Regards,
Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Campbell, Rob [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 3:54 PM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
Thanks! That makes it much easier!
$logfiles = gci MSGTRK*.log
foreach ($logfile in $logfiles){
$src_evt_ht = @{}
gc $logfile |% {
if ($_ -notmatch ^\#.+$){
$rec = $_ -split ,
$source = $rec[7]
$event_id = $rec[8]
$src_evt = $source + . + $event_id
$src_evt_ht.$src_evt += 1
}
}
$logfile.name
write-host `n
$src_evt_ht
}
-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 2:08 PM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
Associative arrays (hash tables) support Lazy Add. So this
if ($src_evt_ht.$src_evt){$src_evt_ht.$src_evt =
[int]$src_evt_ht.$src_evt + 1}
else {$src_evt_ht.add($src_evt,1)}
just needs to be
$src_evt_ht[$src_evt] += 1
Regards,
Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Campbell, Rob [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 1:23 PM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
Something I was messing with last night:
$logfiles = gci MSGTRK*.log
foreach ($logfile in $logfiles){
$src_evt_ht = @{}
gc $logfile |% {
if ($_ -notmatch ^\#.+$){
$rec = $_ -split ,
$source = $rec[7]
$event_id = $rec[8]
$src_evt = $source + . + $event_id
if ($src_evt_ht.$src_evt){$src_evt_ht.$src_evt =
[int]$src_evt_ht.$src_evt + 1}
else {$src_evt_ht.add($src_evt,1)}
}
}
$logfile.name
write-host `n
$src_evt_ht
}
**
Note:
The information contained in this message may be privileged and
confidential
and
protected from disclosure. If the reader of this message is not the
intended
recipient, or an employee or agent responsible for delivering this
message
to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If
you
have received this communication in error, please notify us immediately
by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
**
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
RE: Mailbox Count
I don't think it's trivial at all.
Good practice. :-)
Regards,
Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Campbell, Rob [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 5:56 PM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
Thanks, I'll give it a try.
It probably seems like a trivial exercise, but it's helping me learn the
workings of Powershell, and helped me figure whan a problem started that
looked like it was going to be a tedious process using the gui.
-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 4:38 PM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
Slightly denser (untested but seems right):
gci MSGTRK*.log -name |% {
$src_evt_ht = @{}
$_.Name
gc $_ |
foreach {
if ($_[0] -neq #){
$rec = $_ -split ,
$src_evt_ht.[($rec[7] + . + $rec[8])] += 1
}
}
write-host
$src_evt_ht
}
Regards,
Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Campbell, Rob [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 3:54 PM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
Thanks! That makes it much easier!
$logfiles = gci MSGTRK*.log
foreach ($logfile in $logfiles){
$src_evt_ht = @{}
gc $logfile |% {
if ($_ -notmatch ^\#.+$){
$rec = $_ -split ,
$source = $rec[7]
$event_id = $rec[8]
$src_evt = $source + . + $event_id
$src_evt_ht.$src_evt += 1
}
}
$logfile.name
write-host `n
$src_evt_ht
}
-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 2:08 PM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
Associative arrays (hash tables) support Lazy Add. So this
if ($src_evt_ht.$src_evt){$src_evt_ht.$src_evt =
[int]$src_evt_ht.$src_evt + 1}
else {$src_evt_ht.add($src_evt,1)}
just needs to be
$src_evt_ht[$src_evt] += 1
Regards,
Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Campbell, Rob [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 17, 2008 1:23 PM
To: MS-Exchange Admin Issues
Subject: RE: Mailbox Count
Something I was messing with last night:
$logfiles = gci MSGTRK*.log
foreach ($logfile in $logfiles){
$src_evt_ht = @{}
gc $logfile |% {
if ($_ -notmatch ^\#.+$){
$rec = $_ -split ,
$source = $rec[7]
$event_id = $rec[8]
$src_evt = $source + . + $event_id
if ($src_evt_ht.$src_evt){$src_evt_ht.$src_evt =
[int]$src_evt_ht.$src_evt + 1}
else {$src_evt_ht.add($src_evt,1)}
}
}
$logfile.name
write-host `n
$src_evt_ht
}
**
Note:
The information contained in this message may be privileged and
confidential
and
protected from disclosure. If the reader of this message is not the
intended
recipient, or an employee or agent responsible for delivering this
message
to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If
you
have received this communication in error, please notify us immediately
by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
**
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the
intended
recipient, or an employee or agent responsible for delivering this message
to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
RE: RBLs
Micheal: Since the site is blocked from where I'm sitting, can you tell me if they have improved their reputation any? Most that I've had to deal with were arrogant, self-important, ego inflated id-ten-t's that had problems with cranial-rectal inversions. It seemed that an IP or a whole net-block would get black listed based on the list admin's whim and getting off the list was next to impossible. John H. Matteson, Jr. Systems Administrator/ITT Systems FOB Orgun-E Afghanistan DSN - 318 431 8000 VoSIP - (308) 431 - Iridium - 717.633.3823 A man who thinks of himself as belonging to a particular national group in America has not yet become an American. And the man who goes among you to trade upon your nationality is no worthy son to live under the Stars and Stripes. Woodrow Wilson -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Friday, January 18, 2008 2:01 AM To: MS-Exchange Admin Issues Subject: Re: RBLs This is my write-up about which DNSBLs (also referred to as RBLs) that I use and why: http://www.asspsmtp.org/wiki/DNSBL On Jan 17, 2008 4:17 PM, Steve Hart [EMAIL PROTECTED] wrote: Does anyone have RBL providers to recommend or stay away from? Steve ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Be wary of any product that claims to be a 'killer' of other products. It reeks of mediocrity or an inferiority complex. From: Alex Eckelberry [EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:35 PM To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer good point, thanks, keep it all coming. -Original Message- From: Jason Gurtz [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 4:49 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Yes there are three preconfigured levels, but you can add or delete any attachment rule within any of those levels. Excellent, maybe a UI improvement is in order for a future release, this should be an obvious and easy to change feature (like right there on that page with the three levels as a 4th option with a customize... button). Thanks for the quick replies, that's a good sign. :) ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sunbelt Announces Ninja Blade - The Barracuda Killer
Time will tell William, if it works as well as Ninja and removes it off the servers for larger installs than by jove...its good enough.. If there support is as good as they are with everything else than I am not worried about getting issues resolved. Will it be as refined as Ironport in rev 1...nah... but for the price am I willing to deal with functionality over form...yes. I do remember some reviews saying that the Motorola Q would be the BB killer...We all know how that turned out. I think Sunbelt will have a better turn out here by far than that. Greg From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 11:44 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Be wary of any product that claims to be a 'killer' of other products. It reeks of mediocrity or an inferiority complex. From: Alex Eckelberry [EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:35 PM To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer good point, thanks, keep it all coming. -Original Message- From: Jason Gurtz [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 4:49 PM To: MS-Exchange Admin Issues Subject: RE: Sunbelt Announces Ninja Blade - The Barracuda Killer Yes there are three preconfigured levels, but you can add or delete any attachment rule within any of those levels. Excellent, maybe a UI improvement is in order for a future release, this should be an obvious and easy to change feature (like right there on that page with the three levels as a 4th option with a customize... button). Thanks for the quick replies, that's a good sign. :) ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
