RE: Exchange 2007 Certificates
Generate a new one with new-exchangecertificate. From: Matthew Bullock [EMAIL PROTECTED] Sent: Saturday, 20 September 2008 3:06 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 Certificates Did you enable the new cert? Enable-exchangecertificate –thumbprint oldthumb -services none Enable-exchangecertificate –thumbprint newthumb -services “iis, smtp, pop, imap” Matt From: McCready, Rob [mailto:[EMAIL PROTECTED] Sent: Friday, September 19, 2008 9:25 AM To: MS-Exchange Admin Issues Subject: Exchange 2007 Certificates It looks like our default certificate expired on our Hub Transport Server. Using this article… http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx I tried to clone our current certificate to get another years worth of subscription. However, when I check the Trusted Root Certification Authorities\Certificate, the Hub Transport Server still has an expiration date of today. When I re-run the get-exchangecertificate –domainname hubtransport.domain.com I now get two thumbprints? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2007 Certificates
I tried to clone the current certificate and then use the New-ExchangeCertificate command below, but it didn't appear to work. Perhaps I need to be on SP1 before the below will work I also tried Enable-Exchanghecertificate below, but still no luck. Hmm. Get-ExchangeCertificate -DomainName CAS01.contoso.com Then to clone the certificate, run the following cmdlet. Get-ExchangeCertificate -Thumbprint c4248cd7065c87cb942d60f7293feb7d533a4afc | New-ExchangeCertificate The new cloned certificate will then be stamped with a new expiration date one year after the date you run the cmdlet. From: Greg Mulholland [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 12:44 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 Certificates Generate a new one with new-exchangecertificate. From: Matthew Bullock [EMAIL PROTECTED] Sent: Saturday, 20 September 2008 3:06 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 Certificates Did you enable the new cert? Enable-exchangecertificate -thumbprint oldthumb -services none Enable-exchangecertificate -thumbprint newthumb -services iis, smtp, pop, imap Matt From: McCready, Rob [mailto:[EMAIL PROTECTED] Sent: Friday, September 19, 2008 9:25 AM To: MS-Exchange Admin Issues Subject: Exchange 2007 Certificates It looks like our default certificate expired on our Hub Transport Server. Using this article... http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx I tried to clone our current certificate to get another years worth of subscription. However, when I check the Trusted Root Certification Authorities\Certificate, the Hub Transport Server still has an expiration date of today. When I re-run the get-exchangecertificate -domainname hubtransport.domain.com I now get two thumbprints? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Sent Items
Weird issue. User running outlook 2007. They send items out but only a fraction of their sent items actually stay in the sent items folder. Some are there, some are not. We've checked the deleted items folder and they aren't there. Any reason why only some outgoing emails would be disappearing? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sent Items
None that I can think of, unless your user is periodically using an IMAP client which has a mis-configured Sent Items location? From: Beckett, William (Bill) [mailto:[EMAIL PROTECTED] Sent: 22 September 2008 14:47 To: MS-Exchange Admin Issues Subject: Sent Items Weird issue. User running outlook 2007. They send items out but only a fraction of their sent items actually stay in the sent items folder. Some are there, some are not. We've checked the deleted items folder and they aren't there. Any reason why only some outgoing emails would be disappearing? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2007 Certificates
This article says to Make sure new certificate is working before deleting old certificate, but doesn't mention any steps on how to do that. http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html Can someone tell me how to test and see what certificate is being used? Right now, I really don't think either are, because when I open my MMC, it still says the certificate is expired and points to the old thumbprint (even though I've enabled the newer thumbprint, or at least tried to). Thanks. Rob From: Greg Mulholland [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 12:44 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 Certificates Generate a new one with new-exchangecertificate. From: Matthew Bullock [EMAIL PROTECTED] Sent: Saturday, 20 September 2008 3:06 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 Certificates Did you enable the new cert? Enable-exchangecertificate -thumbprint oldthumb -services none Enable-exchangecertificate -thumbprint newthumb -services iis, smtp, pop, imap Matt From: McCready, Rob [mailto:[EMAIL PROTECTED] Sent: Friday, September 19, 2008 9:25 AM To: MS-Exchange Admin Issues Subject: Exchange 2007 Certificates It looks like our default certificate expired on our Hub Transport Server. Using this article... http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx I tried to clone our current certificate to get another years worth of subscription. However, when I check the Trusted Root Certification Authorities\Certificate, the Hub Transport Server still has an expiration date of today. When I re-run the get-exchangecertificate -domainname hubtransport.domain.com I now get two thumbprints? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
outlook search question
Do any of the free outlook search tools search only the cache files when in cache mode so It doesn't impact the exchange server? I'm thinking MS desktop search or xobni?? We are running windows XP, outlook 2003 in cache mode, and exchange 2003. thanks,jb Jason Benway System/Storage Engineer 616-847-8474 telephone 616-850-1208 fax www.jsjcorp.com http://www.jsjcorp.com/ JSJ Corporation 700 Robbins Road Grand Haven, MI 49417 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~attdf6d.jpg
RE: outlook search question
An application cannot tell if cache mode is available or not. So if cache mode is enabled, it is the cache that is searched, regardless of the application. Carl From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 10:11 AM To: MS-Exchange Admin Issues Subject: outlook search question Do any of the free outlook search tools search only the cache files when in cache mode so It doesn't impact the exchange server? I'm thinking MS desktop search or xobni?? We are running windows XP, outlook 2003 in cache mode, and exchange 2003. thanks,jb Jason Benway System/Storage Engineer 616-847-8474 telephone 616-850-1208 fax http://www.jsjcorp.com/ www.jsjcorp.com JSJ Corporation 700 Robbins Road Grand Haven, MI 49417 _ This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
RE: Exchange 2007 Certificates
Start an https session with the server, then click the lock button on the address bar and choose View Certificates. Carl From: McCready, Rob [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 10:07 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 Certificates This article says to Make sure new certificate is working before deleting old certificate, but doesn't mention any steps on how to do that. http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.htm l Can someone tell me how to test and see what certificate is being used? Right now, I really don't think either are, because when I open my MMC, it still says the certificate is expired and points to the old thumbprint (even though I've enabled the newer thumbprint, or at least tried to). Thanks. Rob _ From: Greg Mulholland [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 12:44 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 Certificates Generate a new one with new-exchangecertificate. _ From: Matthew Bullock [EMAIL PROTECTED] Sent: Saturday, 20 September 2008 3:06 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 Certificates Did you enable the new cert? Enable-exchangecertificate -thumbprint oldthumb -services none Enable-exchangecertificate -thumbprint newthumb -services iis, smtp, pop, imap Matt From: McCready, Rob [mailto:[EMAIL PROTECTED] Sent: Friday, September 19, 2008 9:25 AM To: MS-Exchange Admin Issues Subject: Exchange 2007 Certificates It looks like our default certificate expired on our Hub Transport Server. Using this article. http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx I tried to clone our current certificate to get another years worth of subscription. However, when I check the Trusted Root Certification Authorities\Certificate, the Hub Transport Server still has an expiration date of today. When I re-run the get-exchangecertificate -domainname hubtransport.domain.com I now get two thumbprints? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sent Items
Also check for any rules TOOLSRULES and ALERTS From: Nikki Peterson - OETX [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 10:33 AM To: MS-Exchange Admin Issues Subject: RE: Sent Items Check her Options for: - Tools - Options - E-mail Options button - Under Message handling, is there a check mark for Save copies of Messages in Sent Items folder - Also check Advanced E-mail Options and remove the check mark if There is one next to In folders other than the Inbox, save replies With original message Nikki From: David Mazzaccaro [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 7:22 AM To: MS-Exchange Admin Issues Subject: RE: Sent Items Auto archiving to a PST? From: Sobey, Richard A [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 9:50 AM To: MS-Exchange Admin Issues Subject: RE: Sent Items None that I can think of, unless your user is periodically using an IMAP client which has a mis-configured Sent Items location? From: Beckett, William (Bill) [mailto:[EMAIL PROTECTED] Sent: 22 September 2008 14:47 To: MS-Exchange Admin Issues Subject: Sent Items Weird issue. User running outlook 2007. They send items out but only a fraction of their sent items actually stay in the sent items folder. Some are there, some are not. We've checked the deleted items folder and they aren't there. Any reason why only some outgoing emails would be disappearing? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Sent Items
Will do From: David Mazzaccaro [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 11:36 AM To: MS-Exchange Admin Issues Subject: RE: Sent Items Also check for any rules TOOLSRULES and ALERTS From: Nikki Peterson - OETX [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 10:33 AM To: MS-Exchange Admin Issues Subject: RE: Sent Items Check her Options for: - Tools - Options - E-mail Options button - Under Message handling, is there a check mark for Save copies of Messages in Sent Items folder - Also check Advanced E-mail Options and remove the check mark if There is one next to In folders other than the Inbox, save replies With original message Nikki From: David Mazzaccaro [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 7:22 AM To: MS-Exchange Admin Issues Subject: RE: Sent Items Auto archiving to a PST? From: Sobey, Richard A [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 9:50 AM To: MS-Exchange Admin Issues Subject: RE: Sent Items None that I can think of, unless your user is periodically using an IMAP client which has a mis-configured Sent Items location? From: Beckett, William (Bill) [mailto:[EMAIL PROTECTED] Sent: 22 September 2008 14:47 To: MS-Exchange Admin Issues Subject: Sent Items Weird issue. User running outlook 2007. They send items out but only a fraction of their sent items actually stay in the sent items folder. Some are there, some are not. We've checked the deleted items folder and they aren't there. Any reason why only some outgoing emails would be disappearing? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
ActiveSync Set Up Veterans
Just have a few questions if some of you are using this feature. It seems frighteningly easy to set up on the server side and I want to ensure that the settings are secure. Here are a few observations for you vets on this: * The settings are activated for ALL users when it is enabled. Is it possible to disable it by default and enable specific users in AD? * Is there a log setting to enable for reviewing audit processes for pushes and troubleshooting in Exchange? * For iPhones, I have noticed that the config utility can require a certificate for the server side push set up, but if you set up a device manually, it will accept the connection without this validation. Can this be set to be required to avoid connections this way? This is on Exch 2003. TIA ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: ActiveSync Set Up Veterans
The Exchange Features tab in AD for each account is the place to enable or disable additional Exchange features such as mobile and OWA. All these features are enabled by default and you will have to disable them. When we recently went through the process to setup OWA and ActiveSync, I had to manually disable everyone except those that had the proper approval for mobile and/or OWA. Check with your HR department because there are legal things to consider with employees checking or receiving email during non-business hours. In your IIS settings for ActiveSync you can set it to require SSL and I wouldn't recommend setting it up any other way. No SSL means that you're network credentials are being sent clear text...very bad idea. Haven't had need to do any looking at logging for auditing at this point so I can't address that. On 9/22/08, mqcarp [EMAIL PROTECTED] wrote: Just have a few questions if some of you are using this feature. It seems frighteningly easy to set up on the server side and I want to ensure that the settings are secure. Here are a few observations for you vets on this: * The settings are activated for ALL users when it is enabled. Is it possible to disable it by default and enable specific users in AD? * Is there a log setting to enable for reviewing audit processes for pushes and troubleshooting in Exchange? * For iPhones, I have noticed that the config utility can require a certificate for the server side push set up, but if you set up a device manually, it will accept the connection without this validation. Can this be set to be required to avoid connections this way? This is on Exch 2003. TIA -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: ActiveSync Set Up Veterans
The below was current as of the release of Exchange Server 2003 sp2. Not sure if the attribute has additional documented values in Exchange 2007. You can also make the change globally easily using PowerShell or a tool like ADModify.Net. The final Exchange specific tab is Exchange Features, shown in Figure 9-9. The Mobile Services entries allow you to control, on a per-user basis, the mobile capabilities of Exchange. If you, by default, enable mobile services at the global level (Global SettingsRMobile ServicesRPropertiesRGeneral) then this window allows you to disable the capabilities at the per-user level. Using the script made available in Microsoft KB 830188 (How to grant permission to use Outlook Mobile Access to specific users of Exchange Server 2003), you can globally disable all users and then pick and choose which specific users are to be allowed access to mobile service capabilities. The per-user AD attribute that controls these functions is named msExchOmaAdminWirelessEnable. If this attribute has a value of zero or the attribute is not present, then all mobile services are enabled. If Outlook Mobile Access (OMA) is disabled, but the other two features are enabled, then the attribute has a value of two (2). The other two items control specific features associated with Exchange ActiveSync (EAS). User Initiated Synchronization must be enabled for Up-to-date Notifications to be enabled; however Up-to-date Notifications may be disabled on its own. If only Up-to-date Notifications is disabled, then msExchOmaAdminWirelessEnable has a value of one (1). If both User Initiated Synchronization and Up-to-date Notifications are disabled, then msExchOmaAdminWirelessEnable has a value of five (5). If all three Mobile Services are disabled, then msExchOmaAdminWirelessEnable has a value of seven (7). If you search the Internet, you will find that other values can be specified for this attribute. However, the values described in the prior paragraph are the only values which Microsoft has documented. You are better off only using these values. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange From: Sherry Abercrombie [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 12:55 PM To: MS-Exchange Admin Issues Subject: Re: ActiveSync Set Up Veterans The Exchange Features tab in AD for each account is the place to enable or disable additional Exchange features such as mobile and OWA. All these features are enabled by default and you will have to disable them. When we recently went through the process to setup OWA and ActiveSync, I had to manually disable everyone except those that had the proper approval for mobile and/or OWA. Check with your HR department because there are legal things to consider with employees checking or receiving email during non-business hours. In your IIS settings for ActiveSync you can set it to require SSL and I wouldn't recommend setting it up any other way. No SSL means that you're network credentials are being sent clear text...very bad idea. Haven't had need to do any looking at logging for auditing at this point so I can't address that. On 9/22/08, mqcarp [EMAIL PROTECTED] wrote: Just have a few questions if some of you are using this feature. It seems frighteningly easy to set up on the server side and I want to ensure that the settings are secure. Here are a few observations for you vets on this: * The settings are activated for ALL users when it is enabled. Is it possible to disable it by default and enable specific users in AD? * Is there a log setting to enable for reviewing audit processes for pushes and troubleshooting in Exchange? * For iPhones, I have noticed that the config utility can require a certificate for the server side push set up, but if you set up a device manually, it will accept the connection without this validation. Can this be set to be required to avoid connections this way? This is on Exch 2003. TIA -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Relaying through my firewall
I have 1 mailbox set up for testing purposes for imcu.org. I have the imcu.org MX pointed to Messagelabs and they are in turn pointed to an address. That address is allowed pop and smtp through common ports to my Exchange 2003 server. My Exchange 2003 server is set to allow relay from the internal address of the firewall. When Messagelabs attempts to test the connectivity they are getting denied. Here is their string: Connected to tower 95 server 2... Connected to xxx.xxx.123.215 [220] 03030611n4m055.IMCU.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 22 Sep 2008 13:16:04 -0400 EHLO server-2.tower-95.messagelabs.com [250] 03030611n4m055.IMCU.local Hello [216.82.247.83] [250] TURN [250] SIZE [250] ETRN [250] PIPELINING [250] DSN [250] ENHANCEDSTATUSCODES [250] 8bitmime [250] BINARYMIME [250] CHUNKING [250] VRFY [250] X-EXPS GSSAPI NTLM LOGIN [250] X-EXPS=LOGIN [250] AUTH GSSAPI NTLM LOGIN [250] AUTH=LOGIN [250] X-LINK2STATE [250] XEXCH50 [250] OK MAIL FROM: [EMAIL PROTECTED] [250] 2.1.0 [EMAIL PROTECTED] OK RCPT TO: [EMAIL PROTECTED] [550] 5.7.1 Unable to relay for [EMAIL PROTECTED] TEST FAILED What am I missing??? Data Security is everyone's responsibility. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: ActiveSync Set Up Veterans
Sherry are you using ISA in your environment? On Mon, Sep 22, 2008 at 12:15 PM, Michael B. Smith [EMAIL PROTECTED] wrote: The below was current as of the release of Exchange Server 2003 sp2. Not sure if the attribute has additional documented values in Exchange 2007. You can also make the change globally easily using PowerShell or a tool like ADModify.Net. The final Exchange specific tab is Exchange Features, shown in Figure 9-9. The Mobile Services entries allow you to control, on a per-user basis, the mobile capabilities of Exchange. If you, by default, enable mobile services at the global level (Global Settings(R)Mobile Services(R)Properties(R)General) then this window allows you to disable the capabilities at the per-user level. Using the script made available in Microsoft KB 830188 (How to grant permission to use Outlook Mobile Access to specific users of Exchange Server 2003), you can globally disable all users and then pick and choose which specific users are to be allowed access to mobile service capabilities. The per-user AD attribute that controls these functions is named msExchOmaAdminWirelessEnable. If this attribute has a value of zero or the attribute is not present, then all mobile services are enabled. If Outlook Mobile Access (OMA) is disabled, but the other two features are enabled, then the attribute has a value of two (2). The other two items control specific features associated with Exchange ActiveSync (EAS). User Initiated Synchronization must be enabled for Up-to-date Notifications to be enabled; however Up-to-date Notifications may be disabled on its own. If only Up-to-date Notifications is disabled, then msExchOmaAdminWirelessEnable has a value of one (1). If both User Initiated Synchronization and Up-to-date Notifications are disabled, then msExchOmaAdminWirelessEnable has a value of five (5). If all three Mobile Services are disabled, then msExchOmaAdminWirelessEnable has a value of seven (7). If you search the Internet, you will find that other values can be specified for this attribute. However, the values described in the prior paragraph are the only values which Microsoft has documented. You are better off only using these values. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange *From:* Sherry Abercrombie [mailto:[EMAIL PROTECTED] *Sent:* Monday, September 22, 2008 12:55 PM *To:* MS-Exchange Admin Issues *Subject:* Re: ActiveSync Set Up Veterans The Exchange Features tab in AD for each account is the place to enable or disable additional Exchange features such as mobile and OWA. All these features are enabled by default and you will have to disable them. When we recently went through the process to setup OWA and ActiveSync, I had to manually disable everyone except those that had the proper approval for mobile and/or OWA. Check with your HR department because there are legal things to consider with employees checking or receiving email during non-business hours. In your IIS settings for ActiveSync you can set it to require SSL and I wouldn't recommend setting it up any other way. No SSL means that you're network credentials are being sent clear text...very bad idea. Haven't had need to do any looking at logging for auditing at this point so I can't address that. On 9/22/08, *mqcarp* [EMAIL PROTECTED] wrote: Just have a few questions if some of you are using this feature. It seems frighteningly easy to set up on the server side and I want to ensure that the settings are secure. Here are a few observations for you vets on this: * The settings are activated for ALL users when it is enabled. Is it possible to disable it by default and enable specific users in AD? * Is there a log setting to enable for reviewing audit processes for pushes and troubleshooting in Exchange? * For iPhones, I have noticed that the config utility can require a certificate for the server side push set up, but if you set up a device manually, it will accept the connection without this validation. Can this be set to be required to avoid connections this way? This is on Exch 2003. TIA -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Relaying through my firewall
Is that address in the valid recipients list for that domain at Message Labs? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:48 PM To: MS-Exchange Admin Issues Subject: Relaying through my firewall I have 1 mailbox set up for testing purposes for imcu.org. I have the imcu.org MX pointed to Messagelabs and they are in turn pointed to an address. That address is allowed pop and smtp through common ports to my Exchange 2003 server. My Exchange 2003 server is set to allow relay from the internal address of the firewall. When Messagelabs attempts to test the connectivity they are getting denied. Here is their string: Connected to tower 95 server 2... Connected to xxx.xxx.123.215 [220] 03030611n4m055.IMCU.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 22 Sep 2008 13:16:04 -0400 EHLO server-2.tower-95.messagelabs.com [250] 03030611n4m055.IMCU.local Hello [216.82.247.83] [250] TURN [250] SIZE [250] ETRN [250] PIPELINING [250] DSN [250] ENHANCEDSTATUSCODES [250] 8bitmime [250] BINARYMIME [250] CHUNKING [250] VRFY [250] X-EXPS GSSAPI NTLM LOGIN [250] X-EXPS=LOGIN [250] AUTH GSSAPI NTLM LOGIN [250] AUTH=LOGIN [250] X-LINK2STATE [250] XEXCH50 [250] OK MAIL FROM: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] [250] 2.1.0 [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] OK RCPT TO: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] [550] 5.7.1 Unable to relay for [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] TEST FAILED What am I missing??? Data Security is everyone's responsibility. ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Relaying through my firewall
Yes. This testing is outside the context of their production as well. We are looking to begin hosting our own email on our Exchange server instead of paying for it. I am stumbling through all the doc I can find but I am aimlessly just pushing buttons right now. - Original Message - From: Campbell, Rob To: MS-Exchange Admin Issues Sent: Monday, September 22, 2008 2:55 PM Subject: RE: Relaying through my firewall Is that address in the valid recipients list for that domain at Message Labs? -- From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:48 PM To: MS-Exchange Admin Issues Subject: Relaying through my firewall I have 1 mailbox set up for testing purposes for imcu.org. I have the imcu.org MX pointed to Messagelabs and they are in turn pointed to an address. That address is allowed pop and smtp through common ports to my Exchange 2003 server. My Exchange 2003 server is set to allow relay from the internal address of the firewall. When Messagelabs attempts to test the connectivity they are getting denied. Here is their string: Connected to tower 95 server 2... Connected to xxx.xxx.123.215 [220] 03030611n4m055.IMCU.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 22 Sep 2008 13:16:04 -0400 EHLO server-2.tower-95.messagelabs.com [250] 03030611n4m055.IMCU.local Hello [216.82.247.83] [250] TURN [250] SIZE [250] ETRN [250] PIPELINING [250] DSN [250] ENHANCEDSTATUSCODES [250] 8bitmime [250] BINARYMIME [250] CHUNKING [250] VRFY [250] X-EXPS GSSAPI NTLM LOGIN [250] X-EXPS=LOGIN [250] AUTH GSSAPI NTLM LOGIN [250] AUTH=LOGIN [250] X-LINK2STATE [250] XEXCH50 [250] OK MAIL FROM: [EMAIL PROTECTED] [250] 2.1.0 [EMAIL PROTECTED] OK RCPT TO: [EMAIL PROTECTED] [550] 5.7.1 Unable to relay for [EMAIL PROTECTED] TEST FAILED What am I missing??? Data Security is everyone's responsibility. ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** __ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: ActiveSync Set Up Veterans
I have ISA in my environment, but it is not a part of the OWA/ActiveSync setup. I have a reverse proxy setup at my colo that is used for both OWA and ActiveSync. On 9/22/08, mqcarp [EMAIL PROTECTED] wrote: Sherry are you using ISA in your environment? On Mon, Sep 22, 2008 at 12:15 PM, Michael B. Smith [EMAIL PROTECTED] wrote: The below was current as of the release of Exchange Server 2003 sp2. Not sure if the attribute has additional documented values in Exchange 2007. You can also make the change globally easily using PowerShell or a tool like ADModify.Net. The final Exchange specific tab is Exchange Features, shown in Figure 9-9. The Mobile Services entries allow you to control, on a per-user basis, the mobile capabilities of Exchange. If you, by default, enable mobile services at the global level (Global Settings(R)Mobile Services(R)Properties(R)General) then this window allows you to disable the capabilities at the per-user level. Using the script made available in Microsoft KB 830188 (How to grant permission to use Outlook Mobile Access to specific users of Exchange Server 2003), you can globally disable all users and then pick and choose which specific users are to be allowed access to mobile service capabilities. The per-user AD attribute that controls these functions is named msExchOmaAdminWirelessEnable. If this attribute has a value of zero or the attribute is not present, then all mobile services are enabled. If Outlook Mobile Access (OMA) is disabled, but the other two features are enabled, then the attribute has a value of two (2). The other two items control specific features associated with Exchange ActiveSync (EAS). User Initiated Synchronization must be enabled for Up-to-date Notifications to be enabled; however Up-to-date Notifications may be disabled on its own. If only Up-to-date Notifications is disabled, then msExchOmaAdminWirelessEnable has a value of one (1). If both User Initiated Synchronization and Up-to-date Notifications are disabled, then msExchOmaAdminWirelessEnable has a value of five (5). If all three Mobile Services are disabled, then msExchOmaAdminWirelessEnable has a value of seven (7). If you search the Internet, you will find that other values can be specified for this attribute. However, the values described in the prior paragraph are the only values which Microsoft has documented. You are better off only using these values. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange *From:* Sherry Abercrombie [mailto:[EMAIL PROTECTED] *Sent:* Monday, September 22, 2008 12:55 PM *To:* MS-Exchange Admin Issues *Subject:* Re: ActiveSync Set Up Veterans The Exchange Features tab in AD for each account is the place to enable or disable additional Exchange features such as mobile and OWA. All these features are enabled by default and you will have to disable them. When we recently went through the process to setup OWA and ActiveSync, I had to manually disable everyone except those that had the proper approval for mobile and/or OWA. Check with your HR department because there are legal things to consider with employees checking or receiving email during non-business hours. In your IIS settings for ActiveSync you can set it to require SSL and I wouldn't recommend setting it up any other way. No SSL means that you're network credentials are being sent clear text...very bad idea. Haven't had need to do any looking at logging for auditing at this point so I can't address that. On 9/22/08, *mqcarp* [EMAIL PROTECTED] wrote: Just have a few questions if some of you are using this feature. It seems frighteningly easy to set up on the server side and I want to ensure that the settings are secure. Here are a few observations for you vets on this: * The settings are activated for ALL users when it is enabled. Is it possible to disable it by default and enable specific users in AD? * Is there a log setting to enable for reviewing audit processes for pushes and troubleshooting in Exchange? * For iPhones, I have noticed that the config utility can require a certificate for the server side push set up, but if you set up a device manually, it will accept the connection without this validation. Can this be set to be required to avoid connections this way? This is on Exch 2003. TIA -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Relaying through my firewall
Is your Exchange server authoritative for that domain? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall Yes. This testing is outside the context of their production as well. We are looking to begin hosting our own email on our Exchange server instead of paying for it. I am stumbling through all the doc I can find but I am aimlessly just pushing buttons right now. - Original Message - From: Campbell, Robmailto:[EMAIL PROTECTED] To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, September 22, 2008 2:55 PM Subject: RE: Relaying through my firewall Is that address in the valid recipients list for that domain at Message Labs? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:48 PM To: MS-Exchange Admin Issues Subject: Relaying through my firewall I have 1 mailbox set up for testing purposes for imcu.org. I have the imcu.org MX pointed to Messagelabs and they are in turn pointed to an address. That address is allowed pop and smtp through common ports to my Exchange 2003 server. My Exchange 2003 server is set to allow relay from the internal address of the firewall. When Messagelabs attempts to test the connectivity they are getting denied. Here is their string: Connected to tower 95 server 2... Connected to xxx.xxx.123.215 [220] 03030611n4m055.IMCU.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 22 Sep 2008 13:16:04 -0400 EHLO server-2.tower-95.messagelabs.com [250] 03030611n4m055.IMCU.local Hello [216.82.247.83] [250] TURN [250] SIZE [250] ETRN [250] PIPELINING [250] DSN [250] ENHANCEDSTATUSCODES [250] 8bitmime [250] BINARYMIME [250] CHUNKING [250] VRFY [250] X-EXPS GSSAPI NTLM LOGIN [250] X-EXPS=LOGIN [250] AUTH GSSAPI NTLM LOGIN [250] AUTH=LOGIN [250] X-LINK2STATE [250] XEXCH50 [250] OK MAIL FROM: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] [250] 2.1.0 [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] OK RCPT TO: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] [550] 5.7.1 Unable to relay for [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] TEST FAILED What am I missing??? Data Security is everyone's responsibility. ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** __ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Relaying through my firewall
I do not know. My internal domain is im_dom1.indanafcu.com. I thought I coudl just blindly relay off of the exchange box - Original Message - From: Campbell, Rob To: MS-Exchange Admin Issues Sent: Monday, September 22, 2008 3:04 PM Subject: RE: Relaying through my firewall Is your Exchange server authoritative for that domain? -- From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall Yes. This testing is outside the context of their production as well. We are looking to begin hosting our own email on our Exchange server instead of paying for it. I am stumbling through all the doc I can find but I am aimlessly just pushing buttons right now. - Original Message - From: Campbell, Rob To: MS-Exchange Admin Issues Sent: Monday, September 22, 2008 2:55 PM Subject: RE: Relaying through my firewall Is that address in the valid recipients list for that domain at Message Labs? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:48 PM To: MS-Exchange Admin Issues Subject: Relaying through my firewall I have 1 mailbox set up for testing purposes for imcu.org. I have the imcu.org MX pointed to Messagelabs and they are in turn pointed to an address. That address is allowed pop and smtp through common ports to my Exchange 2003 server. My Exchange 2003 server is set to allow relay from the internal address of the firewall. When Messagelabs attempts to test the connectivity they are getting denied. Here is their string: Connected to tower 95 server 2... Connected to xxx.xxx.123.215 [220] 03030611n4m055.IMCU.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 22 Sep 2008 13:16:04 -0400 EHLO server-2.tower-95.messagelabs.com [250] 03030611n4m055.IMCU.local Hello [216.82.247.83] [250] TURN [250] SIZE [250] ETRN [250] PIPELINING [250] DSN [250] ENHANCEDSTATUSCODES [250] 8bitmime [250] BINARYMIME [250] CHUNKING [250] VRFY [250] X-EXPS GSSAPI NTLM LOGIN [250] X-EXPS=LOGIN [250] AUTH GSSAPI NTLM LOGIN [250] AUTH=LOGIN [250] X-LINK2STATE [250] XEXCH50 [250] OK MAIL FROM: [EMAIL PROTECTED] [250] 2.1.0 [EMAIL PROTECTED] OK RCPT TO: [EMAIL PROTECTED] [550] 5.7.1 Unable to relay for [EMAIL PROTECTED] TEST FAILED What am I missing??? Data Security is everyone's responsibility. **Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** __ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is
RE: Relaying through my firewall
Are you trying to receive that email into a mailbox on your Exchange server, or have the Exchange server accept it and then relay it to somewhere else? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 2:09 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall I do not know. My internal domain is im_dom1.indanafcu.com. I thought I coudl just blindly relay off of the exchange box - Original Message - From: Campbell, Robmailto:[EMAIL PROTECTED] To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, September 22, 2008 3:04 PM Subject: RE: Relaying through my firewall Is your Exchange server authoritative for that domain? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall Yes. This testing is outside the context of their production as well. We are looking to begin hosting our own email on our Exchange server instead of paying for it. I am stumbling through all the doc I can find but I am aimlessly just pushing buttons right now. - Original Message - From: Campbell, Robmailto:[EMAIL PROTECTED] To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, September 22, 2008 2:55 PM Subject: RE: Relaying through my firewall Is that address in the valid recipients list for that domain at Message Labs? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:48 PM To: MS-Exchange Admin Issues Subject: Relaying through my firewall I have 1 mailbox set up for testing purposes for imcu.org. I have the imcu.org MX pointed to Messagelabs and they are in turn pointed to an address. That address is allowed pop and smtp through common ports to my Exchange 2003 server. My Exchange 2003 server is set to allow relay from the internal address of the firewall. When Messagelabs attempts to test the connectivity they are getting denied. Here is their string: Connected to tower 95 server 2... Connected to xxx.xxx.123.215 [220] 03030611n4m055.IMCU.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 22 Sep 2008 13:16:04 -0400 EHLO server-2.tower-95.messagelabs.com [250] 03030611n4m055.IMCU.local Hello [216.82.247.83] [250] TURN [250] SIZE [250] ETRN [250] PIPELINING [250] DSN [250] ENHANCEDSTATUSCODES [250] 8bitmime [250] BINARYMIME [250] CHUNKING [250] VRFY [250] X-EXPS GSSAPI NTLM LOGIN [250] X-EXPS=LOGIN [250] AUTH GSSAPI NTLM LOGIN [250] AUTH=LOGIN [250] X-LINK2STATE [250] XEXCH50 [250] OK MAIL FROM: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] [250] 2.1.0 [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] OK RCPT TO: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] [550] 5.7.1 Unable to relay for [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] TEST FAILED What am I missing??? Data Security is everyone's responsibility. ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** __ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are
Re: Relaying through my firewall
Exchange server has my mailbox. I want the mail to come to me. via smtp. - Original Message - From: Campbell, Rob To: MS-Exchange Admin Issues Sent: Monday, September 22, 2008 3:15 PM Subject: RE: Relaying through my firewall Are you trying to receive that email into a mailbox on your Exchange server, or have the Exchange server accept it and then relay it to somewhere else? -- From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 2:09 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall I do not know. My internal domain is im_dom1.indanafcu.com. I thought I coudl just blindly relay off of the exchange box - Original Message - From: Campbell, Rob To: MS-Exchange Admin Issues Sent: Monday, September 22, 2008 3:04 PM Subject: RE: Relaying through my firewall Is your Exchange server authoritative for that domain? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall Yes. This testing is outside the context of their production as well. We are looking to begin hosting our own email on our Exchange server instead of paying for it. I am stumbling through all the doc I can find but I am aimlessly just pushing buttons right now. - Original Message - From: Campbell, Rob To: MS-Exchange Admin Issues Sent: Monday, September 22, 2008 2:55 PM Subject: RE: Relaying through my firewall Is that address in the valid recipients list for that domain at Message Labs? -- From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:48 PM To: MS-Exchange Admin Issues Subject: Relaying through my firewall I have 1 mailbox set up for testing purposes for imcu.org. I have the imcu.org MX pointed to Messagelabs and they are in turn pointed to an address. That address is allowed pop and smtp through common ports to my Exchange 2003 server. My Exchange 2003 server is set to allow relay from the internal address of the firewall. When Messagelabs attempts to test the connectivity they are getting denied. Here is their string: Connected to tower 95 server 2... Connected to xxx.xxx.123.215 [220] 03030611n4m055.IMCU.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 22 Sep 2008 13:16:04 -0400 EHLO server-2.tower-95.messagelabs.com [250] 03030611n4m055.IMCU.local Hello [216.82.247.83] [250] TURN [250] SIZE [250] ETRN [250] PIPELINING [250] DSN [250] ENHANCEDSTATUSCODES [250] 8bitmime [250] BINARYMIME [250] CHUNKING [250] VRFY [250] X-EXPS GSSAPI NTLM LOGIN [250] X-EXPS=LOGIN [250] AUTH GSSAPI NTLM LOGIN [250] AUTH=LOGIN [250] X-LINK2STATE [250] XEXCH50 [250] OK MAIL FROM: [EMAIL PROTECTED] [250] 2.1.0 [EMAIL PROTECTED] OK RCPT TO: [EMAIL PROTECTED] [550] 5.7.1 Unable to relay for [EMAIL PROTECTED] TEST FAILED What am I missing??? Data Security is everyone's responsibility. **Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** __ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message
RE: Relaying through my firewall
You need to set up a recipient policy for that domain, and tell the Exchange server it's responsible for delivering email for that domain. From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 2:24 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall Exchange server has my mailbox. I want the mail to come to me. via smtp. - Original Message - From: Campbell, Robmailto:[EMAIL PROTECTED] To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, September 22, 2008 3:15 PM Subject: RE: Relaying through my firewall Are you trying to receive that email into a mailbox on your Exchange server, or have the Exchange server accept it and then relay it to somewhere else? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 2:09 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall I do not know. My internal domain is im_dom1.indanafcu.com. I thought I coudl just blindly relay off of the exchange box - Original Message - From: Campbell, Robmailto:[EMAIL PROTECTED] To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, September 22, 2008 3:04 PM Subject: RE: Relaying through my firewall Is your Exchange server authoritative for that domain? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall Yes. This testing is outside the context of their production as well. We are looking to begin hosting our own email on our Exchange server instead of paying for it. I am stumbling through all the doc I can find but I am aimlessly just pushing buttons right now. - Original Message - From: Campbell, Robmailto:[EMAIL PROTECTED] To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, September 22, 2008 2:55 PM Subject: RE: Relaying through my firewall Is that address in the valid recipients list for that domain at Message Labs? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:48 PM To: MS-Exchange Admin Issues Subject: Relaying through my firewall I have 1 mailbox set up for testing purposes for imcu.org. I have the imcu.org MX pointed to Messagelabs and they are in turn pointed to an address. That address is allowed pop and smtp through common ports to my Exchange 2003 server. My Exchange 2003 server is set to allow relay from the internal address of the firewall. When Messagelabs attempts to test the connectivity they are getting denied. Here is their string: Connected to tower 95 server 2... Connected to xxx.xxx.123.215 [220] 03030611n4m055.IMCU.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 22 Sep 2008 13:16:04 -0400 EHLO server-2.tower-95.messagelabs.com [250] 03030611n4m055.IMCU.local Hello [216.82.247.83] [250] TURN [250] SIZE [250] ETRN [250] PIPELINING [250] DSN [250] ENHANCEDSTATUSCODES [250] 8bitmime [250] BINARYMIME [250] CHUNKING [250] VRFY [250] X-EXPS GSSAPI NTLM LOGIN [250] X-EXPS=LOGIN [250] AUTH GSSAPI NTLM LOGIN [250] AUTH=LOGIN [250] X-LINK2STATE [250] XEXCH50 [250] OK MAIL FROM: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] [250] 2.1.0 [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] OK RCPT TO: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] [550] 5.7.1 Unable to relay for [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] TEST FAILED What am I missing??? Data Security is everyone's responsibility. ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** __ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or
Re: Relaying through my firewall
I have done that. - Original Message - From: Campbell, Rob To: MS-Exchange Admin Issues Sent: Monday, September 22, 2008 3:29 PM Subject: RE: Relaying through my firewall You need to set up a recipient policy for that domain, and tell the Exchange server it's responsible for delivering email for that domain. -- From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 2:24 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall Exchange server has my mailbox. I want the mail to come to me. via smtp. - Original Message - From: Campbell, Rob To: MS-Exchange Admin Issues Sent: Monday, September 22, 2008 3:15 PM Subject: RE: Relaying through my firewall Are you trying to receive that email into a mailbox on your Exchange server, or have the Exchange server accept it and then relay it to somewhere else? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 2:09 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall I do not know. My internal domain is im_dom1.indanafcu.com. I thought I coudl just blindly relay off of the exchange box - Original Message - From: Campbell, Rob To: MS-Exchange Admin Issues Sent: Monday, September 22, 2008 3:04 PM Subject: RE: Relaying through my firewall Is your Exchange server authoritative for that domain? -- From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall Yes. This testing is outside the context of their production as well. We are looking to begin hosting our own email on our Exchange server instead of paying for it. I am stumbling through all the doc I can find but I am aimlessly just pushing buttons right now. - Original Message - From: Campbell, Rob To: MS-Exchange Admin Issues Sent: Monday, September 22, 2008 2:55 PM Subject: RE: Relaying through my firewall Is that address in the valid recipients list for that domain at Message Labs? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:48 PM To: MS-Exchange Admin Issues Subject: Relaying through my firewall I have 1 mailbox set up for testing purposes for imcu.org. I have the imcu.org MX pointed to Messagelabs and they are in turn pointed to an address. That address is allowed pop and smtp through common ports to my Exchange 2003 server. My Exchange 2003 server is set to allow relay from the internal address of the firewall. When Messagelabs attempts to test the connectivity they are getting denied. Here is their string: Connected to tower 95 server 2... Connected to xxx.xxx.123.215 [220] 03030611n4m055.IMCU.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 22 Sep 2008 13:16:04 -0400 EHLO server-2.tower-95.messagelabs.com [250] 03030611n4m055.IMCU.local Hello [216.82.247.83] [250] TURN [250] SIZE [250] ETRN [250] PIPELINING [250] DSN [250] ENHANCEDSTATUSCODES [250] 8bitmime [250] BINARYMIME [250] CHUNKING [250] VRFY [250] X-EXPS GSSAPI NTLM LOGIN [250] X-EXPS=LOGIN [250] AUTH GSSAPI NTLM LOGIN [250] AUTH=LOGIN [250] X-LINK2STATE [250] XEXCH50 [250] OK MAIL FROM: [EMAIL PROTECTED] [250] 2.1.0 [EMAIL PROTECTED] OK RCPT TO: [EMAIL PROTECTED] [550] 5.7.1 Unable to relay for [EMAIL PROTECTED] TEST FAILED What am I missing??? Data Security is everyone's responsibility. **Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any
RE: Relaying through my firewall
If you telnet to port 25 on your Exchange server, can you manually send email to that address? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 2:51 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall I have done that. - Original Message - From: Campbell, Robmailto:[EMAIL PROTECTED] To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, September 22, 2008 3:29 PM Subject: RE: Relaying through my firewall You need to set up a recipient policy for that domain, and tell the Exchange server it's responsible for delivering email for that domain. From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 2:24 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall Exchange server has my mailbox. I want the mail to come to me. via smtp. - Original Message - From: Campbell, Robmailto:[EMAIL PROTECTED] To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, September 22, 2008 3:15 PM Subject: RE: Relaying through my firewall Are you trying to receive that email into a mailbox on your Exchange server, or have the Exchange server accept it and then relay it to somewhere else? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 2:09 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall I do not know. My internal domain is im_dom1.indanafcu.com. I thought I coudl just blindly relay off of the exchange box - Original Message - From: Campbell, Robmailto:[EMAIL PROTECTED] To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, September 22, 2008 3:04 PM Subject: RE: Relaying through my firewall Is your Exchange server authoritative for that domain? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: Re: Relaying through my firewall Yes. This testing is outside the context of their production as well. We are looking to begin hosting our own email on our Exchange server instead of paying for it. I am stumbling through all the doc I can find but I am aimlessly just pushing buttons right now. - Original Message - From: Campbell, Robmailto:[EMAIL PROTECTED] To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, September 22, 2008 2:55 PM Subject: RE: Relaying through my firewall Is that address in the valid recipients list for that domain at Message Labs? From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 1:48 PM To: MS-Exchange Admin Issues Subject: Relaying through my firewall I have 1 mailbox set up for testing purposes for imcu.org. I have the imcu.org MX pointed to Messagelabs and they are in turn pointed to an address. That address is allowed pop and smtp through common ports to my Exchange 2003 server. My Exchange 2003 server is set to allow relay from the internal address of the firewall. When Messagelabs attempts to test the connectivity they are getting denied. Here is their string: Connected to tower 95 server 2... Connected to xxx.xxx.123.215 [220] 03030611n4m055.IMCU.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Mon, 22 Sep 2008 13:16:04 -0400 EHLO server-2.tower-95.messagelabs.com [250] 03030611n4m055.IMCU.local Hello [216.82.247.83] [250] TURN [250] SIZE [250] ETRN [250] PIPELINING [250] DSN [250] ENHANCEDSTATUSCODES [250] 8bitmime [250] BINARYMIME [250] CHUNKING [250] VRFY [250] X-EXPS GSSAPI NTLM LOGIN [250] X-EXPS=LOGIN [250] AUTH GSSAPI NTLM LOGIN [250] AUTH=LOGIN [250] X-LINK2STATE [250] XEXCH50 [250] OK MAIL FROM: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] [250] 2.1.0 [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] OK RCPT TO: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] [550] 5.7.1 Unable to relay for [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] TEST FAILED What am I missing??? Data Security is everyone's responsibility. ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. **
Re: Serious issue with POP3 in Exchange 2007
Sounds more like a serious issue with SMTP... Any info regarding your SMTP setup? Where are the users located (internal vs. external) when trying to send, what errors if any, etc, etc. -alex On Thu, Sep 4, 2008 at 3:22 AM, Liby Philip Mathew [EMAIL PROTECTED] wrote: Hi All, I am desperate having a serious issue with my POP3 clients. At times clients are able to send mail and at times not able to. But they always receive mails. I have published OWA, OA, POP3 587 and POP3 995 on ISA 2006 SP1. I have 2 Exchange 2007 Ent. SP1. My internal server kwmail.path.local holds the all the roles except Edge. Edge is in the DMZ. My Public domain is path-solutions.com. My public DNS zone is on the Edge Server behind the ISA and port 53 from Edge also published on ISA. I am using self generated certificates from MS PKI. I want to use https://kw.path-solutions.com as my url for all CAServices. I have generated the certificate as given below: *new-ExchangeCertificate* -GenerateRequest -Path c:\certificates\kwmail.req -SubjectName c=KW, o=ICT Professional Services, cn=kw.path-solutions.com -DomainName kw.path-solutions.com, kwmail.path-solutions.com,kwmail.path.local,kwmail -PrivateKeyExportable $true *import-exchangecertificate* -path c:\Certificates\Issued_cert_for_kwmail\DerEncodcert\kwmail.cer | enable-exchangecertificate -services SMTP,IIS,POP,IMAP,UM *On the ISA I see the below error:* * * *Upstream Chaining Credential* *Description: *ISA Server was unable to establish an SSL connection with * kwmail.path.local*. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. If I check the certificate on kwmail.path.local, in the, *details, Subject Alternative Name field* I see a warning on the left side. I suspect this is the cause of SMTP 587 port on ISA behaving inconsistent. Any help appreciated. This is in production and staffs all around the world calling and shouting at me. Please help me Regards Liby -- Disclaimer - This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Serious issue with POP3 in Exchange 2007
Really good point. I saw POP and sorta faded out - am out of practice w/POP. Sending is SMTP not POP. - Sent from my BlackBerry Wireless Handheld - Original Message - From: Alex Fontana [EMAIL PROTECTED] To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Mon Sep 22 20:11:43 2008 Subject: Re: Serious issue with POP3 in Exchange 2007 Sounds more like a serious issue with SMTP... Any info regarding your SMTP setup? Where are the users located (internal vs. external) when trying to send, what errors if any, etc, etc. -alex On Thu, Sep 4, 2008 at 3:22 AM, Liby Philip Mathew [EMAIL PROTECTED] wrote: Hi All, I am desperate having a serious issue with my POP3 clients. At times clients are able to send mail and at times not able to. But they always receive mails. I have published OWA, OA, POP3 587 and POP3 995 on ISA 2006 SP1. I have 2 Exchange 2007 Ent. SP1. My internal server kwmail.path.local holds the all the roles except Edge. Edge is in the DMZ. My Public domain is path-solutions.com. My public DNS zone is on the Edge Server behind the ISA and port 53 from Edge also published on ISA. I am using self generated certificates from MS PKI. I want to use https://kw.path-solutions.com https://kw.path-solutions.com/ as my url for all CAServices. I have generated the certificate as given below: new-ExchangeCertificate -GenerateRequest -Path c:\certificates\kwmail.req -SubjectName c=KW, o=ICT Professional Services, cn=kw.path-solutions.com -DomainName kw.path-solutions.com,kwmail.path-solutions.com,kwmail.path.local,kwmail -PrivateKeyExportable $true import-exchangecertificate -path c:\Certificates\Issued_cert_for_kwmail\DerEncodcert\kwmail.cer | enable-exchangecertificate -services SMTP,IIS,POP,IMAP,UM On the ISA I see the below error: Upstream Chaining Credential Description: ISA Server was unable to establish an SSL connection with kwmail.path.local. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. If I check the certificate on kwmail.path.local, in the, details, Subject Alternative Name field I see a warning on the left side. I suspect this is the cause of SMTP 587 port on ISA behaving inconsistent. Any help appreciated. This is in production and staffs all around the world calling and shouting at me. Please help me Regards Liby Disclaimer - This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
