RE: OWA - user must log in for every message
If you're using Exchange 2007 SP1, Rollup 6 fixes an issue with OWA on IE8. From: bounce-8431061-8066...@lyris.sunbelt-software.com [mailto:bounce-8431061-8066...@lyris.sunbelt-software.com] On Behalf Of Bob Fronk Sent: 17 February 2009 00:44 To: MS-Exchange Admin Issues Subject: RE: OWA - user must log in for every message No it is IE8 From: James Kerr [mailto:cluster...@gmail.com] Sent: Monday, February 16, 2009 6:55 PM To: MS-Exchange Admin Issues Subject: Re: OWA - user must log in for every message Are you sure the perms are setup on both installs the same cause it sounds like that maybe the issue. - Original Message - From: Bob Fronkmailto:b...@btrfronk.com To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, February 16, 2009 6:05 PM Subject: RE: OWA - user must log in for every message Ok Seems to be IE8 related.. From: Bob Fronk [mailto:b...@btrfronk.com] Sent: Monday, February 16, 2009 5:37 PM To: MS-Exchange Admin Issues Subject: OWA - user must log in for every message Recently OWA has started making users log in to check every message. Example: User logs in to OWA and gets message list. User double clicks a message to open it. Instead of opening the message, the user get the log on form. After re-entering username and password, the message is viewed. This process repeats on every message. I have looked at IIS and don't see anything different when comparing to another OWA setup. Ideas? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: OWA - user must log in for every message
Man, I'm blind - Original Message - From: Bob Fronk To: MS-Exchange Admin Issues Sent: Monday, February 16, 2009 7:44 PM Subject: RE: OWA - user must log in for every message No it is IE8.. From: James Kerr [mailto:cluster...@gmail.com] Sent: Monday, February 16, 2009 6:55 PM To: MS-Exchange Admin Issues Subject: Re: OWA - user must log in for every message Are you sure the perms are setup on both installs the same cause it sounds like that maybe the issue. - Original Message - From: Bob Fronk To: MS-Exchange Admin Issues Sent: Monday, February 16, 2009 6:05 PM Subject: RE: OWA - user must log in for every message Ok.. Seems to be IE8 related.. From: Bob Fronk [mailto:b...@btrfronk.com] Sent: Monday, February 16, 2009 5:37 PM To: MS-Exchange Admin Issues Subject: OWA - user must log in for every message Recently OWA has started making users log in to check every message. Example: User logs in to OWA and gets message list. User double clicks a message to open it. Instead of opening the message, the user get the log on form. After re-entering username and password, the message is viewed. This process repeats on every message. I have looked at IIS and don't see anything different when comparing to another OWA setup. Ideas? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
PS script to timespan MTP Received headers
Powershell script to read and timespan SMTP headers, if anyone is interested.
Copy the headers to file hdr.txt in the same directory as the script, and run
it.
$hdr_txt = gc ./hdr.txt
$from_hdr = $hdr_txt | select-string ^From\:\s.+$
$rec_block = $hdr_txt[0..$($from_hdr.linenumber -2)]
$rec_lines = $rec_block | select-string ^Received\:\sfrom
$sent_hdr = $hdr_txt | select-string ^Date\:\s.+$
$sent_hdr.line -match ^Date\:\s(.+)$ $nul
$sent_ts = [datetime]$matches[1]
$rec_hdr_regex =
[regex]^Received\:\sfrom\s(.+?)\sby\s(.+?)\swith\s(.+?)\;\s(.+?\d\d\:\d\d\:\d\d\s[+|-]\d{4})
foreach ($rec_line in $rec_lines[1..$($rec_lines.count
-1)]){$rec_block[$rec_line.linenumber -1] = ~ + $rec_line.line}
$rec_hdrs = $([string]$rec_block).split(~)
$i = $rec_hdrs.count -1
$last_ts = $sent_ts
Write-host `nMessage sent $($sent_ts)`n
while ($i -ge 0) {
$rec_hdrs[$i] -match $rec_hdr_regex $nul
$rec_ts = [datetime]$matches[4]
$latency = $rec_ts - $last_ts
$last_ts = $rec_ts
write-host latency is $($latency.totalseconds) seconds`n
$matches[1]
$i--
}
Write-host Message received $($last_ts)
write-host Total time is $($($last_ts - $sent_ts).seconds) seconds. `n
**
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~
RE: Multiple cert (Ex 2007) Internal vs. Eternal
Hi Marty, Did you get my post concerning DNS entries and setting those service urls? If you are still having troubles, you might benefit from a support call to Microsoft. Many times I have been stuck on a problem and a call to support not only solves the issue, but gives me in-site into the product itself and helps me understand the big picture. -troy -Original Message- From: Marty Nelson [mailto:mnel...@transdyn.com] Sent: Monday, February 16, 2009 5:58 PM To: MS-Exchange Admin Issues Subject: RE: Multiple cert (Ex 2007) Internal vs. Eternal Aah, maybe the receipts did it. I have it set to default and forgot to uncheck it, I apologize! Thanks, -M -Original Message- From: Marty Nelson [mailto:mnel...@transdyn.com] Sent: Monday, February 16, 2009 5:56 PM To: MS-Exchange Admin Issues Subject: RE: Multiple cert (Ex 2007) Internal vs. Eternal Happy Sunday eve all. I didn't see this thread listed so either I completely missed it or it went away. If it violate the TOS here, I apologize. I still don't completely understand how to do this, so please if this post is improper, feel free to contact me directly @ mnel...@transdyn.com. Thanks, -Marty -Original Message- From: Marty Nelson Sent: Friday, February 13, 2009 1:59 PM To: MS-Exchange Admin Issues Subject: RE: Multiple cert (Ex 2007) Internal vs. Eternal Thanks all. Being a somewhat noob to Exchange, and not wanting to break anything. Can someone translate the following, ie if/where I enter my domain, both internal as well as external I would appreciate it. 1) Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command, and then press ENTER: Set-ClientAccessServer -Identity CAS_Server_Name - AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml 2) Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER: Set-WebServicesVirtualDirectory -Identity CAS_Server_Name\EWS (Default Web Site) -InternalUrl https://mail.contoso.com/ews/exchange.asmx 3) Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER: Set-OABVirtualDirectory -Identity CAS_Server_name\oab (Default Web Site) -InternalUrl https://mail.contoso.com/oab 4) Modify the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press ENTER: Set-UMVirtualDirectory -Identity CAS_Server_Name\unifiedmessaging (Default Web Site) -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx Again, any help would help me out profoundly. -Marty -Original Message- From: Paul Cookman [mailto:paul.cook...@selection.co.uk] Sent: Friday, February 13, 2009 12:34 AM To: MS-Exchange Admin Issues Subject: RE: Multiple cert (Ex 2007) Internal vs. Eternal I had this same issue, my internal domain name was different from my external and outlook 2007 clients were initially connecting to the CAS checking the certificate which had the external domain name causing a certificate error. http://support.microsoft.com/kb/940726 fixed it for me to. Paul Cookman * Technical Account Manager +44(0) 844 874 1000 * +44(0) 844 874 1001 paul.cook...@selection.co.uk * http://www.selection.co.uk/ This e-mail is confidential and is intended for the exclusive use of the addressee only. Selection Services Plc accepts no liability for personal views expressed. While every effort has been made to ensure the attachments are virus-free, they must be checked before further use, especially those containing encrypted data. If you have any problems with this e-mail, please contact our IT Manager on mailto:em...@selection.co.uk Registered in England and Wales Registered Number: 2758710 Registered Office: Provident House, 122 High Street, Bromley, Kent BR1 1EZ -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: 13 February 2009 00:50 To: MS-Exchange Admin Issues Subject: RE: Multiple cert (Ex 2007) Internal vs. Eternal I think you are on the correct motorcycle. The article below is how I fixed this issue with us. http://support.microsoft.com/kb/940726 From: Troy Meyer [troy.me...@monacocoach.com] Sent: Thursday, February 12, 2009 5:09 PM To: MS-Exchange Admin Issues Subject: RE: Multiple cert (Ex 2007) Internal vs. Eternal My money is on the autodiscover service using an internal cert and causing the prompt when Outlook 2007 looks for availability info http://technet.microsoft.com/en-us/library/bb397225.aspx -troy -Original Message- From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Thursday, February 12, 2009 2:05 PM To: MS-Exchange Admin Issues Subject: RE: Multiple cert (Ex 2007) Internal vs.
Incoming spoofed e-mail issue
I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
One way would be to look up the IP address ranges associated with those areas and block access to and from them with your firewall. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 12:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
That's exactly what I'm battling right now Joe...if you look at the header you will see the actual sender / originator. I couldn't give you a correct way how to tackle this issue. But this backscatter has become a pain in the you know what. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 12:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Girl Scouts of Southwest Texas company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
I use MIMEsweeper for SMTP from Clearswift and I can create policies to quarantine when mail comes from *...@mydomain - - - *...@mydomain. I then go a step further as there are cases where some of our services at a colo send in a spoofed fashion that it triggers an allow action based on content. I can also block altogether through settings on what's called the receiver service when it finds spoofed emails. With that being said any chance there are options like that in your Symantec appliance? Sean Donnelly IT Operations Manager tel. (781) 935-6020 x395 fax (781) 998-2682 Service Point USA Document, Print, and Information Management www.servicepointusa.com http://www.servicepointusa.com/ From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 1:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov * This communication is confidential and may contain privileged information intended solely for the named addressee. It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you may not copy or distribute this communication. Unless expressly stated, opinions in this message are those of the individual sender and not of Service Point USA. If you have received this communication in error, please notify Service Point USA by emailing postmas...@servicepointusa.com quoting the sender and delete the message and any attached documents. This footnote confirms that this email message has been swept by MIMEsweeper for Content Security threats, including computer viruses. Service Point USA 150 Presidential Way Ste 210 Woburn, MA 01801 www.servicepointusa.com * ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Incoming spoofed e-mail issue
Incoming SPAM is tackled at the gateway correct? Do your users have individual control over their Blacklists or do you manage that globally? If they manage their own, why not have them blacklist their own address? I know their may be exceptions, but are there any legitimate reasons why incoming mail traversing your gateway should appear to be coming from your domain? - Sean On Tue, Feb 17, 2009 at 9:34 AM, Thomas Gonzalez tgonza...@girlscouts-swtx.org wrote: That's exactly what I'm battling right now Joe…if you look at the header you will see the actual sender / originator. I couldn't give you a correct way how to tackle this issue. But this backscatter has become a pain in the you know what. *From:* Joe Heaton [mailto:jhea...@etp.ca.gov] *Sent:* Tuesday, February 17, 2009 12:30 PM *To:* MS-Exchange Admin Issues *Subject:* Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Girl Scouts of Southwest Texas. Warning: Although precautions have been taken to make sure no viruses are present in this email, Girl Scouts of Southwest Texas cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
I tried this, and there are hundreds, if not thousands of IP ranges associated with .pl domains... Joe Heaton Employment Training Panel From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Tuesday, February 17, 2009 10:35 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue One way would be to look up the IP address ranges associated with those areas and block access to and from them with your firewall. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 12:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Incoming spoofed e-mail issue
Though specific for ISA, visit http://isaserver.bm/ and read the article entitled 'Country by Country ISA Computer Sets - Courtesy of THOR'. Since we invested the time to implement this, the resultant amount of time we have to invest in combatting SPAM is minimal. FWIW, Michael. On Tue, Feb 17, 2009 at 11:11 AM, Joe Heaton jhea...@etp.ca.gov wrote: I tried this, and there are hundreds, if not thousands of IP ranges associated with .pl domains… Joe Heaton Employment Training Panel *From:* Kim Longenbaugh [mailto:k...@colonialsavings.com] *Sent:* Tuesday, February 17, 2009 10:35 AM *To:* MS-Exchange Admin Issues *Subject:* RE: Incoming spoofed e-mail issue One way would be to look up the IP address ranges associated with those areas and block access to and from them with your firewall. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
Another way is to scan the list below and whack complete A ranges that you don't need. My user base has no need for email from the far east, Latin America for example so I kill APNIC and LAPNIC. RIPE if you want to drop Europe but be careful with that one, that range is chopped up so you will find parts of Message Labs in the middle for example. http://www.iana.org/assignments/ipv4-address-space/ From: Michael White [mailto:mswhite...@gmail.com] Sent: Tuesday, February 17, 2009 2:35 PM To: MS-Exchange Admin Issues Subject: Re: Incoming spoofed e-mail issue Though specific for ISA, visit http://isaserver.bm/ and read the article entitled 'Country by Country ISA Computer Sets - Courtesy of THOR'. Since we invested the time to implement this, the resultant amount of time we have to invest in combatting SPAM is minimal. FWIW, Michael. On Tue, Feb 17, 2009 at 11:11 AM, Joe Heaton jhea...@etp.ca.govmailto:jhea...@etp.ca.gov wrote: I tried this, and there are hundreds, if not thousands of IP ranges associated with .pl domains... Joe Heaton Employment Training Panel From: Kim Longenbaugh [mailto:k...@colonialsavings.commailto:k...@colonialsavings.com] Sent: Tuesday, February 17, 2009 10:35 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue One way would be to look up the IP address ranges associated with those areas and block access to and from them with your firewall. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
Yeah, and as one of the other network engineers here pointed out, you could supernet some of the ranges to minimize the number of entries you have to make. From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, February 17, 2009 1:44 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Another way is to scan the list below and whack complete A ranges that you don't need. My user base has no need for email from the far east, Latin America for example so I kill APNIC and LAPNIC. RIPE if you want to drop Europe but be careful with that one, that range is chopped up so you will find parts of Message Labs in the middle for example. http://www.iana.org/assignments/ipv4-address-space/ From: Michael White [mailto:mswhite...@gmail.com] Sent: Tuesday, February 17, 2009 2:35 PM To: MS-Exchange Admin Issues Subject: Re: Incoming spoofed e-mail issue Though specific for ISA, visit http://isaserver.bm/ and read the article entitled 'Country by Country ISA Computer Sets - Courtesy of THOR'. Since we invested the time to implement this, the resultant amount of time we have to invest in combatting SPAM is minimal. FWIW, Michael. On Tue, Feb 17, 2009 at 11:11 AM, Joe Heaton jhea...@etp.ca.gov wrote: I tried this, and there are hundreds, if not thousands of IP ranges associated with .pl domains... Joe Heaton Employment Training Panel From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Tuesday, February 17, 2009 10:35 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue One way would be to look up the IP address ranges associated with those areas and block access to and from them with your firewall. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
Probably time to invest in a proper anti-spam solution. S From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 2:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.plmailto:*...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
We use Sunbelt's Ninja, product sold by the list host. Besides having great success with Spam, it filters for viruses, encrypted docs, attachment filtering, disclaimers, handles spoofing emails, gives policy controls for filtering levels and give the end users to manage their own lists (Or not, your choice). You could manually block the IP ranges for these countries, but that would be quite tedious to maintain I would imagine over the long term. Greg From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 1:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
Ninja is an excellent email security product requiring minimal administrative effort ( 1 hour/month) and users can easily manage their own quarantines. I've also used it for many years with great success. Another option is to out-source your spam management solution. Google's Postini Message Filtering service is cheap, effective, and easy to manage. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] Sent: Tuesday, February 17, 2009 2:37 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue We use Sunbelt's Ninja, product sold by the list host. Besides having great success with Spam, it filters for viruses, encrypted docs, attachment filtering, disclaimers, handles spoofing emails, gives policy controls for filtering levels and give the end users to manage their own lists (Or not, your choice). You could manually block the IP ranges for these countries, but that would be quite tedious to maintain I would imagine over the long term. Greg From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 1:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
OT: Internation Travel
Hello everyone, Let me start off by apologizing for the off-topic post. I've been lurking on this list for several years and have come to appreciate the vast majority of technical expertise from individuals all over the world. Based on the dispersement of that expertise, I'm looking for assistance of a different type. :) I just proposed to my girlfriend of over 2 years this past weekend. Thankfully, she accepted. Obviously we're very early in the planning stages but the one thing I want to get right is the honeymoon. She has wanted to visit Ireland her entire life, and although I've travelled extensively thoughout the US and Canada, I'm a novice when it comes to crossing the pond. I'd love to hear from anyone who has personally been to Ireland and could recommend some interesting spots to visit. I've briefly looked at www.authenticireland.com and reviewed some of their packages. I have to say, staying in some of the Castles and touring the pubs is very intriguing, but I'd also appreciate advice on some of must visit sites in Ireland. I'm planning on a 10-14 day excursion with a rental car, so driving long distances shouldn't be too big of a problem. Any advice on the best time of year would be greatly appreciated as well. Thanks in advance :) - Sean ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Calendar info between Exchange 2003 and 2007
I am currently in the process of migrating to Exchange 2007sp1 from Exchange 2003sp2 in a single server environment. During this migration, users that have mailboxes moved to the Exchange 2007 server notice that they are unable to view the calendar info when creating a meeting request for a user still housed on the Exchange 2003 server. But, those on 2003 can view calendar info (free/busy) for those on 2007. Any thoughts or solutions to this problem? Thanks, Scott ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: OT: Internation Travel
I've only ever travelled to Canada, when I was like 8. But wanted to congratulate you on your engagement. On Tue, Feb 17, 2009 at 3:52 PM, Sean Martin seanmarti...@gmail.com wrote: Hello everyone, Let me start off by apologizing for the off-topic post. I've been lurking on this list for several years and have come to appreciate the vast majority of technical expertise from individuals all over the world. Based on the dispersement of that expertise, I'm looking for assistance of a different type. :) I just proposed to my girlfriend of over 2 years this past weekend. Thankfully, she accepted. Obviously we're very early in the planning stages but the one thing I want to get right is the honeymoon. She has wanted to visit Ireland her entire life, and although I've travelled extensively thoughout the US and Canada, I'm a novice when it comes to crossing the pond. I'd love to hear from anyone who has personally been to Ireland and could recommend some interesting spots to visit. I've briefly looked at www.authenticireland.com and reviewed some of their packages. I have to say, staying in some of the Castles and touring the pubs is very intriguing, but I'd also appreciate advice on some of must visit sites in Ireland. I'm planning on a 10-14 day excursion with a rental car, so driving long distances shouldn't be too big of a problem. Any advice on the best time of year would be greatly appreciated as well. Thanks in advance :) - Sean ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Internation Travel
Remember that marriage is a three-ring circus: Engagement ring, wedding ring, and suffering. :-) All fun aside, congratulations and good luck! And don't take your Blackberry with you! From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Tuesday, February 17, 2009 2:52 PM To: MS-Exchange Admin Issues Subject: OT: Internation Travel Hello everyone, Let me start off by apologizing for the off-topic post. I've been lurking on this list for several years and have come to appreciate the vast majority of technical expertise from individuals all over the world. Based on the dispersement of that expertise, I'm looking for assistance of a different type. :) I just proposed to my girlfriend of over 2 years this past weekend. Thankfully, she accepted. Obviously we're very early in the planning stages but the one thing I want to get right is the honeymoon. She has wanted to visit Ireland her entire life, and although I've travelled extensively thoughout the US and Canada, I'm a novice when it comes to crossing the pond. I'd love to hear from anyone who has personally been to Ireland and could recommend some interesting spots to visit. I've briefly looked at www.authenticireland.com http://www.authenticireland.com/ and reviewed some of their packages. I have to say, staying in some of the Castles and touring the pubs is very intriguing, but I'd also appreciate advice on some of must visit sites in Ireland. I'm planning on a 10-14 day excursion with a rental car, so driving long distances shouldn't be too big of a problem. Any advice on the best time of year would be greatly appreciated as well. Thanks in advance :) - Sean ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Internation Travel
Sean, email me off-list, I grew up in Ireland. - Original Message - From: Sean Martin To: MS-Exchange Admin Issues Sent: Tuesday, February 17, 2009 3:52 PM Subject: OT: Internation Travel Hello everyone, Let me start off by apologizing for the off-topic post. I've been lurking on this list for several years and have come to appreciate the vast majority of technical expertise from individuals all over the world. Based on the dispersement of that expertise, I'm looking for assistance of a different type. :) I just proposed to my girlfriend of over 2 years this past weekend. Thankfully, she accepted. Obviously we're very early in the planning stages but the one thing I want to get right is the honeymoon. She has wanted to visit Ireland her entire life, and although I've travelled extensively thoughout the US and Canada, I'm a novice when it comes to crossing the pond. I'd love to hear from anyone who has personally been to Ireland and could recommend some interesting spots to visit. I've briefly looked at www.authenticireland.com and reviewed some of their packages. I have to say, staying in some of the Castles and touring the pubs is very intriguing, but I'd also appreciate advice on some of must visit sites in Ireland. I'm planning on a 10-14 day excursion with a rental car, so driving long distances shouldn't be too big of a problem. Any advice on the best time of year would be greatly appreciated as well. Thanks in advance :) - Sean ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
+1 - gateway From: Steve Moffat [mailto:st...@optimum.bm] On Behalf Of Exchange (Sunbelt) Sent: Tuesday, February 17, 2009 12:22 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Probably time to invest in a proper anti-spam solution. S From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 2:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
The spoofing alone should fix this particular issue. We definitely do not allow it either. From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] Sent: Tuesday, February 17, 2009 11:37 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue We use Sunbelt's Ninja, product sold by the list host. Besides having great success with Spam, it filters for viruses, encrypted docs, attachment filtering, disclaimers, handles spoofing emails, gives policy controls for filtering levels and give the end users to manage their own lists (Or not, your choice). You could manually block the IP ranges for these countries, but that would be quite tedious to maintain I would imagine over the long term. Greg From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 1:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
I love my 'cuda Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Steve Moffat [mailto:st...@optimum.bm] On Behalf Of Exchange (Sunbelt) Sent: Tuesday, February 17, 2009 3:22 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Probably time to invest in a proper anti-spam solution. S From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 2:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
There are DNSBLs that map source IP to country code (ie http://countries.nerd.dk/). I used to use tqmcube.com a couple of years ago, but they have changed their offerings (and domain name). They weren't really a block list, but a cross-reference list. tqmcube, like nerd.dk I mentioned above, used to use return codes specific to ISO country code. So, you get an email from source IP which is checked against an IP-to-country code list. The country code is assigned a return code 127.0.0.xx (10-254) and your server can act based on the return code. I may start working on hosting something like that in April. From: Joe Heaton jhea...@etp.ca.gov Sent: Tuesday, February 17, 2009 12:29 PM To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Subject: RE: Incoming spoofed e-mail issue I tried this, and there are hundreds, if not thousands of IP ranges associated with .pl domains. Joe Heaton Employment Training Panel From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Tuesday, February 17, 2009 10:35 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue One way would be to look up the IP address ranges associated with those areas and block access to and from them with your firewall. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 12:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Calendar info between Exchange 2003 and 2007
Scott, Do you have public folders in your new 2007 environment? If so, are mailboxes in 2007 defaulting to a 2007 public folder replica ? If so are you replicating your First Administrative Group Free/Busy public folder to that 2007 replica? -troy -Original Message- From: Scott Mercer [mailto:smer...@kuendowment.org] Sent: Tuesday, February 17, 2009 12:56 PM To: MS-Exchange Admin Issues Subject: Calendar info between Exchange 2003 and 2007 I am currently in the process of migrating to Exchange 2007sp1 from Exchange 2003sp2 in a single server environment. During this migration, users that have mailboxes moved to the Exchange 2007 server notice that they are unable to view the calendar info when creating a meeting request for a user still housed on the Exchange 2003 server. But, those on 2003 can view calendar info (free/busy) for those on 2007. Any thoughts or solutions to this problem? Thanks, Scott ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
AMEN Brother!!! Unfortunately, I work for the state of California, and still don't know if I'm going to have a job in a couple months... Joe Heaton Employment Training Panel From: Steve Moffat [mailto:st...@optimum.bm] On Behalf Of Exchange (Sunbelt) Sent: Tuesday, February 17, 2009 12:22 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Probably time to invest in a proper anti-spam solution. S From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 2:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
I would propose installing something like Ninja in 30-day trial mode. Perhaps when you the benefits are seen the funds may appear to keep it going. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 5:29 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue AMEN Brother!!! Unfortunately, I work for the state of California, and still don't know if I'm going to have a job in a couple months... Joe Heaton Employment Training Panel From: Steve Moffat [mailto:st...@optimum.bm] On Behalf Of Exchange (Sunbelt) Sent: Tuesday, February 17, 2009 12:22 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Probably time to invest in a proper anti-spam solution. S From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 2:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
I may do that. The price wasn't really that bad for the number of seats we have. Right now, I'm working through the manual for my Watchguard, trying to set up the SMTP proxy... Joe Heaton Employment Training Panel From: Roger Wright [mailto:rwri...@evatone.com] Sent: Tuesday, February 17, 2009 2:36 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue I would propose installing something like Ninja in 30-day trial mode. Perhaps when you the benefits are seen the funds may appear to keep it going. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 5:29 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue AMEN Brother!!! Unfortunately, I work for the state of California, and still don't know if I'm going to have a job in a couple months... Joe Heaton Employment Training Panel From: Steve Moffat [mailto:st...@optimum.bm] On Behalf Of Exchange (Sunbelt) Sent: Tuesday, February 17, 2009 12:22 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Probably time to invest in a proper anti-spam solution. S From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 2:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
BB Curve 8320, BES 4.1, and Exchange 2003
New to BB, Please help me to make those three work together. Thanks. Henry Shih ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: BB Curve 8320, BES 4.1, and Exchange 2003
::waves magic wand:: POOF!!! Your crackberry is now working... On Tue, Feb 17, 2009 at 3:29 PM, Shih, Henry hms...@ci.livermore.ca.uswrote: New to BB, Please help me to make those three work together. Thanks. Henry Shih ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
You will have a job --- but will you get paid for it J David A fellow Californian From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 2:29 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue AMEN Brother!!! Unfortunately, I work for the state of California, and still don't know if I'm going to have a job in a couple months... Joe Heaton Employment Training Panel From: Steve Moffat [mailto:st...@optimum.bm] On Behalf Of Exchange (Sunbelt) Sent: Tuesday, February 17, 2009 12:22 PM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Probably time to invest in a proper anti-spam solution. S From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 2:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Names in the News company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: BB Curve 8320, BES 4.1, and Exchange 2003
You are in luck! When you are new to blackberry they give you 30 days of free support (maybe more, I cant remember). And they will assist you in setting up the server and making it hum! If you aren't doing a new install and you just inherited someone else's BES, then you are in even more luck, because a curve works just like any other BB on the BES server. Make sure your provider has you setup for BB data and then complete enterprise activation. *poof* -troy -Original Message- From: Shih, Henry [mailto:hms...@ci.livermore.ca.us] Sent: Tuesday, February 17, 2009 3:30 PM To: MS-Exchange Admin Issues Subject: BB Curve 8320, BES 4.1, and Exchange 2003 New to BB, Please help me to make those three work together. Thanks. Henry Shih ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: BB Curve 8320, BES 4.1, and Exchange 2003
Start here: http://na.blackberry.com/eng/services/professional/toolkit.jsp Lots of reading and don't skip a step unless it completely does not apply. One missed permission or step could make it not work. Also with Blackberry Pro you get free installation support. Good luck From: Don Ely [mailto:don@gmail.com] Sent: Tuesday, February 17, 2009 6:32 PM To: MS-Exchange Admin Issues Subject: Re: BB Curve 8320, BES 4.1, and Exchange 2003 ::waves magic wand:: POOF!!! Your crackberry is now working... On Tue, Feb 17, 2009 at 3:29 PM, Shih, Henry hms...@ci.livermore.ca.us wrote: New to BB, Please help me to make those three work together. Thanks. Henry Shih ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: BB Curve 8320, BES 4.1, and Exchange 2003
Do you currently have a working BES 4.1? (with users on your Exchange 2003 system) If so, all you should need to do is add your userid to the server using Blackberry Manager (BES admin should know how to do this) and perform an enterprise activation. All this presupposes that you have an active working data plan on your BB. From: Shih, Henry [mailto:hms...@ci.livermore.ca.us] Sent: Tuesday, February 17, 2009 3:30 PM To: MS-Exchange Admin Issues Subject: BB Curve 8320, BES 4.1, and Exchange 2003 New to BB, Please help me to make those three work together. Thanks. Henry Shih ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Whitelist adds
For various sundry and corporate reasons, we've got two Exchange 2007 servers. Each one is running the Exchange anti-spam tools as a hub transport server. Funding for an external spam solution is lacking. We're using Spamhaus and a rather long list of ugly words with surprising success. We have myriads of customers (well at least a notable few) that are running businesses from their garages with yahoo and aol accounts. Others are using cheap, not quite so reputable ISPs. We do printing for pharmaceutical customers and we have at least one customer with an unfortunate last name that's typically filtered. Whitelist management has become a daily task. I've adapted an online Exchange Shell script to our use. Adding an address to the Server1 whitelist involves a simple text edit to the script and then running it in the shell. Then I have to remote to the second server and run the same script there. All in all, it's only five minutes, but five minutes several times a week is getting annoying. Is there an easier way to manage these little whitelist additions? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: BB Curve 8320, BES 4.1, and Exchange 2003
+1 Everything you need to know is in the docs that are available for installing. For a first timer it may take an hour. -Original Message- From: Troy Meyer [mailto:troy.me...@monacocoach.com] Sent: Tuesday, February 17, 2009 3:38 PM To: MS-Exchange Admin Issues Subject: RE: BB Curve 8320, BES 4.1, and Exchange 2003 You are in luck! When you are new to blackberry they give you 30 days of free support (maybe more, I cant remember). And they will assist you in setting up the server and making it hum! If you aren't doing a new install and you just inherited someone else's BES, then you are in even more luck, because a curve works just like any other BB on the BES server. Make sure your provider has you setup for BB data and then complete enterprise activation. *poof* -troy -Original Message- From: Shih, Henry [mailto:hms...@ci.livermore.ca.us] Sent: Tuesday, February 17, 2009 3:30 PM To: MS-Exchange Admin Issues Subject: BB Curve 8320, BES 4.1, and Exchange 2003 New to BB, Please help me to make those three work together. Thanks. Henry Shih ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Whitelist adds
Yes, there is an easier way. I whitelist at the gateway so I don't know the specific exchange command, but first I would use a variable for the address so you don't have to mod you script every time. Something like Write-host Give me your address please: Read-host $whiteaddy I am not sure how you add these addresses, to me it looks like the default HT spam tools have IP whitelisting but not individual email addresses. What command are you using? If you were using the IP Allow list, that is stored in AD and shouldn't be server specific (ie you shouldn't have to TS into the 2nd box). If your command isn't storing the data in AD, I bet you can add -server to the command to specify which box it effects. -troy -Original Message- From: Steve Hart [mailto:sh...@wrightbg.com] Sent: Tuesday, February 17, 2009 4:03 PM To: MS-Exchange Admin Issues Subject: Whitelist adds For various sundry and corporate reasons, we've got two Exchange 2007 servers. Each one is running the Exchange anti-spam tools as a hub transport server. Funding for an external spam solution is lacking. We're using Spamhaus and a rather long list of ugly words with surprising success. We have myriads of customers (well at least a notable few) that are running businesses from their garages with yahoo and aol accounts. Others are using cheap, not quite so reputable ISPs. We do printing for pharmaceutical customers and we have at least one customer with an unfortunate last name that's typically filtered. Whitelist management has become a daily task. I've adapted an online Exchange Shell script to our use. Adding an address to the Server1 whitelist involves a simple text edit to the script and then running it in the shell. Then I have to remote to the second server and run the same script there. All in all, it's only five minutes, but five minutes several times a week is getting annoying. Is there an easier way to manage these little whitelist additions? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Whitelist adds
You should be able to run that script from any desktop/server where the Exchange Management Tools are installed. Specifically, you can definitely do them both from the first server. That being said, without seeing exactly what you are doing (at least in pseudocode) it's hard to give you specific guidance. -Original Message- From: Steve Hart [mailto:sh...@wrightbg.com] Sent: Tuesday, February 17, 2009 7:03 PM To: MS-Exchange Admin Issues Subject: Whitelist adds For various sundry and corporate reasons, we've got two Exchange 2007 servers. Each one is running the Exchange anti-spam tools as a hub transport server. Funding for an external spam solution is lacking. We're using Spamhaus and a rather long list of ugly words with surprising success. We have myriads of customers (well at least a notable few) that are running businesses from their garages with yahoo and aol accounts. Others are using cheap, not quite so reputable ISPs. We do printing for pharmaceutical customers and we have at least one customer with an unfortunate last name that's typically filtered. Whitelist management has become a daily task. I've adapted an online Exchange Shell script to our use. Adding an address to the Server1 whitelist involves a simple text edit to the script and then running it in the shell. Then I have to remote to the second server and run the same script there. All in all, it's only five minutes, but five minutes several times a week is getting annoying. Is there an easier way to manage these little whitelist additions? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
I will work on an Out of Office DNSBL list as well. From: will...@lefkovics.net will...@lefkovics.net Sent: Tuesday, February 17, 2009 2:37 PM To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Subject: RE: Incoming spoofed e-mail issue There are DNSBLs that map source IP to country code (ie http://countries.nerd.dk/). I used to use tqmcube.com a couple of years ago, but they have changed their offerings (and domain name). They weren't really a block list, but a cross-reference list. tqmcube, like nerd.dk I mentioned above, used to use return codes specific to ISO country code. So, you get an email from source IP which is checked against an IP-to-country code list. The country code is assigned a return code 127.0.0.xx (10-254) and your server can act based on the return code. I may start working on hosting something like that in April. From: Joe Heaton jhea...@etp.ca.gov Sent: Tuesday, February 17, 2009 12:29 PM To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Subject: RE: Incoming spoofed e-mail issue I tried this, and there are hundreds, if not thousands of IP ranges associated with .pl domains. Joe Heaton Employment Training Panel From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Tuesday, February 17, 2009 10:35 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue One way would be to look up the IP address ranges associated with those areas and block access to and from them with your firewall. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 12:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: BB Curve 8320, BES 4.1, and Exchange 2003
I just did one yesterday that ran into a glitch. Turned out the phone had been programmed wrong and getting it setup just required an over-the-air reprogramming courtesy of Sprint, and wham! It was activated and receiving messages. It took about an hour since I was no ton site to see what was happening, and had a user trying to explain to me what he was seeing. Normally, when they get new phones, it takes less than 15 minutes to wipe the old phone and activate the new one. \\Steve// From: Shih, Henry [mailto:hms...@ci.livermore.ca.us] Sent: Tuesday, February 17, 2009 6:30 PM To: MS-Exchange Admin Issues Subject: BB Curve 8320, BES 4.1, and Exchange 2003 New to BB, Please help me to make those three work together. Thanks. Henry Shih ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Whitelist adds
Are these two Exchange servers in two separate Active Directory forests? Otherwise, as always, psexec is your friend (and maybe even then). You can do this with winrm, but configuring that is more trouble than it's worth right now. As a shortcut... $list = Get-ContentFilterCOnfig $arr = $list.BypassedSenderDomains $arr += example.com $list.BypassedSenderDomains = $arr $arr = $null $list | Set-ContentFilterConfig Etc.etc.etc. -Original Message- From: Steve Hart [mailto:sh...@wrightbg.com] Sent: Tuesday, February 17, 2009 7:26 PM To: MS-Exchange Admin Issues Subject: RE: Whitelist adds Here's an abbreviated version of my script: $list=Get-ContentFilterConfig $list.BypassedSenderDomains =domain1.com $list.BypassedSenderDomains +=domain2.com $list.BypassedSenderDomains +=domain3.com $list.BypassedSenders =us...@aol.com $list.BypassedSenders +=us...@aol.com $list | set-ContentFilterConfig Basically, it just recreates the list of addresses in BypassedSenderDomains and BypassedSenders. Of course, the real version has a lot more addresses. I stole the idea from a forum; all I've really done is change the names to protect our specific innocent. You've brought up a point that I have to research though. I don't know if this data is server-specific or enterprise-wide. I might be duplicating my efforts. It sure seems like this should be in a GUI somewhere. Steve Steve Hart I T Manager Wright Business Graphics Inc. wrightbg.com Wright Imaging Inc. wrightimg.com P.O. Box 20489 18440 NE San Rafael Portland, OR 97230 503-491-4343 Direct sh...@wrightbg.com -Original Message- From: Troy Meyer [mailto:troy.me...@monacocoach.com] Sent: Tuesday, February 17, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: Whitelist adds Yes, there is an easier way. I whitelist at the gateway so I don't know the specific exchange command, but first I would use a variable for the address so you don't have to mod you script every time. Something like Write-host Give me your address please: Read-host $whiteaddy I am not sure how you add these addresses, to me it looks like the default HT spam tools have IP whitelisting but not individual email addresses. What command are you using? If you were using the IP Allow list, that is stored in AD and shouldn't be server specific (ie you shouldn't have to TS into the 2nd box). If your command isn't storing the data in AD, I bet you can add -server to the command to specify which box it effects. -troy -Original Message- From: Steve Hart [mailto:sh...@wrightbg.com] Sent: Tuesday, February 17, 2009 4:03 PM To: MS-Exchange Admin Issues Subject: Whitelist adds For various sundry and corporate reasons, we've got two Exchange 2007 servers. Each one is running the Exchange anti-spam tools as a hub transport server. Funding for an external spam solution is lacking. We're using Spamhaus and a rather long list of ugly words with surprising success. We have myriads of customers (well at least a notable few) that are running businesses from their garages with yahoo and aol accounts. Others are using cheap, not quite so reputable ISPs. We do printing for pharmaceutical customers and we have at least one customer with an unfortunate last name that's typically filtered. Whitelist management has become a daily task. I've adapted an online Exchange Shell script to our use. Adding an address to the Server1 whitelist involves a simple text edit to the script and then running it in the shell. Then I have to remote to the second server and run the same script there. All in all, it's only five minutes, but five minutes several times a week is getting annoying. Is there an easier way to manage these little whitelist additions? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: OWA - user must log in for every message - Resolved
Turns out IE8 and forms based authentication don't play well. From: James Kerr [mailto:cluster...@gmail.com] Sent: Tuesday, February 17, 2009 9:38 AM To: MS-Exchange Admin Issues Subject: Re: OWA - user must log in for every message Man, I'm blind - Original Message - From: Bob Fronkmailto:b...@btrfronk.com To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, February 16, 2009 7:44 PM Subject: RE: OWA - user must log in for every message No it is IE8 From: James Kerr [mailto:cluster...@gmail.com] Sent: Monday, February 16, 2009 6:55 PM To: MS-Exchange Admin Issues Subject: Re: OWA - user must log in for every message Are you sure the perms are setup on both installs the same cause it sounds like that maybe the issue. - Original Message - From: Bob Fronkmailto:b...@btrfronk.com To: MS-Exchange Admin Issuesmailto:exchangelist@lyris.sunbelt-software.com Sent: Monday, February 16, 2009 6:05 PM Subject: RE: OWA - user must log in for every message Ok Seems to be IE8 related.. From: Bob Fronk [mailto:b...@btrfronk.com] Sent: Monday, February 16, 2009 5:37 PM To: MS-Exchange Admin Issues Subject: OWA - user must log in for every message Recently OWA has started making users log in to check every message. Example: User logs in to OWA and gets message list. User double clicks a message to open it. Instead of opening the message, the user get the log on form. After re-entering username and password, the message is viewed. This process repeats on every message. I have looked at IIS and don't see anything different when comparing to another OWA setup. Ideas? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
