RE: Transaction logs
The method I would use - that gets the same results really - is to run eseutil /mh on the database (it needs to be dismounted first). From: bounce-8435332-8066...@lyris.sunbelt-software.com [mailto:bounce-8435332-8066...@lyris.sunbelt-software.com] On Behalf Of Phil Thompson Sent: 20 February 2009 13:30 To: MS-Exchange Admin Issues Subject: RE: Transaction logs Yes I do, it's a long story. I just want to make sure that it is a valid work around before I do something that could cause more problems. Especially on a 'Friday'!! Thank you again. From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Friday, February 20, 2009 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Transaction logs Do you have a backup solution like Backup Exec? I use BE to flush my commited logs. I've never had to use the steps you mention, but I know they are the ones to use when you need to manually flush the logs. Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Phil Thompson [mailto:ph...@wpiinc.com] Sent: Friday, February 20, 2009 8:07 AM To: MS-Exchange Admin Issues Subject: Transaction logs I have 30 some GB of transaction logs that are no longer used. (for what ever reasons).. I read this article that gave instructions on how to tell where the last log that was committed. The instructions are below. I want to run this by you'll before I do this. It is a valid thing to do? * How to manually (and safely) purge Exchange Server transaction logs To do this from a command line, go to the \Program Files\Exchsvr\bin directory on the server and run the following command: eseutil /mk C:\Program Files\Exchsrvr\MDBDATA\E00.chk (The quotes are important, as they delimit the full pathname for the file.) In the results returned you'll see these lines: LastFullBackupCheckpoint: (0x0,0,0) Checkpoint: (0x2,EC2,1C7) The first number in the Checkpoint entry -- 0x2 -- is a hexadecimal number that refers to the last checkpoint log. Therefore, any logs numbered E01.log or earlier could be removed. If the checkpoint was 0x14C8, then logs numbered E0014C7.log or earlier could be removed. Thank you, Phil ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Transaction logs
It may be a bit late, but I would just do a NTbackup of the Exchange Store. It will flush any log files and give you a good backup before doing anything else.. From: Sobey, Richard A [mailto:r.so...@imperial.ac.uk] Sent: Monday, February 23, 2009 4:45 AM To: MS-Exchange Admin Issues Subject: RE: Transaction logs The method I would use - that gets the same results really - is to run eseutil /mh on the database (it needs to be dismounted first). From: bounce-8435332-8066...@lyris.sunbelt-software.com [mailto:bounce-8435332-8066...@lyris.sunbelt-software.com] On Behalf Of Phil Thompson Sent: 20 February 2009 13:30 To: MS-Exchange Admin Issues Subject: RE: Transaction logs Yes I do, it's a long story. I just want to make sure that it is a valid work around before I do something that could cause more problems. Especially on a 'Friday'!! Thank you again. From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Friday, February 20, 2009 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Transaction logs Do you have a backup solution like Backup Exec? I use BE to flush my commited logs. I've never had to use the steps you mention, but I know they are the ones to use when you need to manually flush the logs. Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Phil Thompson [mailto:ph...@wpiinc.com] Sent: Friday, February 20, 2009 8:07 AM To: MS-Exchange Admin Issues Subject: Transaction logs I have 30 some GB of transaction logs that are no longer used. (for what ever reasons).. I read this article that gave instructions on how to tell where the last log that was committed. The instructions are below. I want to run this by you'll before I do this. It is a valid thing to do? * How to manually (and safely) purge Exchange Server transaction logs To do this from a command line, go to the \Program Files\Exchsvr\bin directory on the server and run the following command: eseutil /mk C:\Program Files\Exchsrvr\MDBDATA\E00.chk (The quotes are important, as they delimit the full pathname for the file.) In the results returned you'll see these lines: LastFullBackupCheckpoint: (0x0,0,0) Checkpoint: (0x2,EC2,1C7) The first number in the Checkpoint entry -- 0x2 -- is a hexadecimal number that refers to the last checkpoint log. Therefore, any logs numbered E01.log or earlier could be removed. If the checkpoint was 0x14C8, then logs numbered E0014C7.log or earlier could be removed. Thank you, Phil ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Joe Heaton Employment Training Panel -Original Message- From: Troy Meyer [mailto:troy.me...@monacocoach.com] Sent: Thursday, February 19, 2009 8:06 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Although it isn't perfect, this link has been out on the list before and is a good way to generate an SPF if you are wondering where to start. http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wiz ard/ -troy -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Thursday, February 19, 2009 6:52 AM To: MS-Exchange Admin Issues Subject: Re: Incoming spoofed e-mail issue +1. Although impossible to quantify, it can only help your situation. -- ME2 On Wed, Feb 18, 2009 at 7:22 PM, Don Andrews don.andr...@safeway.com wrote: You might consider advertising an SPF record - cheap and little effort. No guarantees except that it lets honest domains that check for it ignore spoofed sends. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Wednesday, February 18, 2009 10:24 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Thomas, I think I've found a way to take care of some of this stuff. I have a Watchguard firewall, which has a feature built in called an SMTP Proxy. Within that, I can set a filter to deny any messages coming from specific domains, or, as in this case, from specific country codes (.pl, .ru, etc). I just put it in place, so I'm hoping it's going to help the issue here. As far as backscatter from within the US, I'm still working on that one... Joe Heaton Employment Training Panel From: Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org] Sent: Tuesday, February 17, 2009 10:35 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue That's exactly what I'm battling right now Joe...if you look at the header you will see the actual sender / originator. I couldn't give you a correct way how to tackle this issue. But this backscatter has become a pain in the you know what. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 12:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Girl Scouts of Southwest Texas. Warning: Although precautions have been taken to make sure no viruses are present in this email, Girl Scouts of Southwest Texas cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
You appear to have a valid PTR at least for the IP this message came from. -Original Message- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Monday, February 23, 2009 7:47 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Joe Heaton Employment Training Panel -Original Message- From: Troy Meyer [mailto:troy.me...@monacocoach.com] Sent: Thursday, February 19, 2009 8:06 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Although it isn't perfect, this link has been out on the list before and is a good way to generate an SPF if you are wondering where to start. http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wiz ard/ -troy -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Thursday, February 19, 2009 6:52 AM To: MS-Exchange Admin Issues Subject: Re: Incoming spoofed e-mail issue +1. Although impossible to quantify, it can only help your situation. -- ME2 On Wed, Feb 18, 2009 at 7:22 PM, Don Andrews don.andr...@safeway.com wrote: You might consider advertising an SPF record - cheap and little effort. No guarantees except that it lets honest domains that check for it ignore spoofed sends. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Wednesday, February 18, 2009 10:24 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Thomas, I think I've found a way to take care of some of this stuff. I have a Watchguard firewall, which has a feature built in called an SMTP Proxy. Within that, I can set a filter to deny any messages coming from specific domains, or, as in this case, from specific country codes (.pl, .ru, etc). I just put it in place, so I'm hoping it's going to help the issue here. As far as backscatter from within the US, I'm still working on that one... Joe Heaton Employment Training Panel From: Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org] Sent: Tuesday, February 17, 2009 10:35 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue That's exactly what I'm battling right now Joe...if you look at the header you will see the actual sender / originator. I couldn't give you a correct way how to tackle this issue. But this backscatter has become a pain in the you know what. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 12:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Girl Scouts of Southwest Texas. Warning: Although precautions have been taken to make sure no viruses are present in this email, Girl Scouts of Southwest Texas cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
Thanks Don. So in the creation process, since I only have one IP that should be sending e-mail, I can check the box saying that all the reverse DNS records for my domain resolve to outbound e-mail servers? Or could there be PTR records for my web servers as well? Joe Heaton Employment Training Panel -Original Message- From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Monday, February 23, 2009 8:38 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue You appear to have a valid PTR at least for the IP this message came from. -Original Message- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Monday, February 23, 2009 7:47 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Joe Heaton Employment Training Panel -Original Message- From: Troy Meyer [mailto:troy.me...@monacocoach.com] Sent: Thursday, February 19, 2009 8:06 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Although it isn't perfect, this link has been out on the list before and is a good way to generate an SPF if you are wondering where to start. http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wiz ard/ -troy -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Thursday, February 19, 2009 6:52 AM To: MS-Exchange Admin Issues Subject: Re: Incoming spoofed e-mail issue +1. Although impossible to quantify, it can only help your situation. -- ME2 On Wed, Feb 18, 2009 at 7:22 PM, Don Andrews don.andr...@safeway.com wrote: You might consider advertising an SPF record - cheap and little effort. No guarantees except that it lets honest domains that check for it ignore spoofed sends. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Wednesday, February 18, 2009 10:24 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Thomas, I think I've found a way to take care of some of this stuff. I have a Watchguard firewall, which has a feature built in called an SMTP Proxy. Within that, I can set a filter to deny any messages coming from specific domains, or, as in this case, from specific country codes (.pl, .ru, etc). I just put it in place, so I'm hoping it's going to help the issue here. As far as backscatter from within the US, I'm still working on that one... Joe Heaton Employment Training Panel From: Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org] Sent: Tuesday, February 17, 2009 10:35 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue That's exactly what I'm battling right now Joe...if you look at the header you will see the actual sender / originator. I couldn't give you a correct way how to tackle this issue. But this backscatter has become a pain in the you know what. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 12:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Girl Scouts of Southwest Texas. Warning: Although precautions have been taken to make sure no viruses are present in this email, Girl Scouts of Southwest Texas cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~
RE: Incoming spoofed e-mail issue
Any IP that SHOULD be allowed to send email directly to external recipients - if your web servers have port 25 open intentionally so they can send directly rather then relaying through your normal email source, they would be blocked by systems checking for SPF records if you don't supply SPF and PTR records for them. -Original Message- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Monday, February 23, 2009 8:40 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Thanks Don. So in the creation process, since I only have one IP that should be sending e-mail, I can check the box saying that all the reverse DNS records for my domain resolve to outbound e-mail servers? Or could there be PTR records for my web servers as well? Joe Heaton Employment Training Panel -Original Message- From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Monday, February 23, 2009 8:38 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue You appear to have a valid PTR at least for the IP this message came from. -Original Message- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Monday, February 23, 2009 7:47 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Joe Heaton Employment Training Panel -Original Message- From: Troy Meyer [mailto:troy.me...@monacocoach.com] Sent: Thursday, February 19, 2009 8:06 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Although it isn't perfect, this link has been out on the list before and is a good way to generate an SPF if you are wondering where to start. http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wiz ard/ -troy -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Thursday, February 19, 2009 6:52 AM To: MS-Exchange Admin Issues Subject: Re: Incoming spoofed e-mail issue +1. Although impossible to quantify, it can only help your situation. -- ME2 On Wed, Feb 18, 2009 at 7:22 PM, Don Andrews don.andr...@safeway.com wrote: You might consider advertising an SPF record - cheap and little effort. No guarantees except that it lets honest domains that check for it ignore spoofed sends. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Wednesday, February 18, 2009 10:24 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Thomas, I think I've found a way to take care of some of this stuff. I have a Watchguard firewall, which has a feature built in called an SMTP Proxy. Within that, I can set a filter to deny any messages coming from specific domains, or, as in this case, from specific country codes (.pl, .ru, etc). I just put it in place, so I'm hoping it's going to help the issue here. As far as backscatter from within the US, I'm still working on that one... Joe Heaton Employment Training Panel From: Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org] Sent: Tuesday, February 17, 2009 10:35 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue That's exactly what I'm battling right now Joe...if you look at the header you will see the actual sender / originator. I couldn't give you a correct way how to tackle this issue. But this backscatter has become a pain in the you know what. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 12:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or
Default Mailbox Features POP and IMAP to Disabled
Hello all - Anyone have a way to tweak things so that new users created in a Windows 2008, Exchange 2007 forest all default to disabled for POP and IMAP? We have a real business need to have those OFF for the vast majority of our users. I know you can script existing boxes with Set-CASMailbozx (I think) - but we really need - in the GUI - for a new blank user dialog box to come up with the defaults already at DISABLED. Anyone have any suggestions? As always - thanks in advance! ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Incoming spoofed e-mail issue
Any IP that SHOULD be allowed to send email directly to external destinations should have them - if your web servers have port 25 open intentionally so they can send directly rather then relaying through your normal email source, they would be blocked by systems checking for SPF records if you don't supply SPF and PTR records for them. -Original Message- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Monday, February 23, 2009 8:40 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Thanks Don. So in the creation process, since I only have one IP that should be sending e-mail, I can check the box saying that all the reverse DNS records for my domain resolve to outbound e-mail servers? Or could there be PTR records for my web servers as well? Joe Heaton Employment Training Panel -Original Message- From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Monday, February 23, 2009 8:38 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue You appear to have a valid PTR at least for the IP this message came from. -Original Message- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Monday, February 23, 2009 7:47 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Joe Heaton Employment Training Panel -Original Message- From: Troy Meyer [mailto:troy.me...@monacocoach.com] Sent: Thursday, February 19, 2009 8:06 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Although it isn't perfect, this link has been out on the list before and is a good way to generate an SPF if you are wondering where to start. http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wiz ard/ -troy -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Thursday, February 19, 2009 6:52 AM To: MS-Exchange Admin Issues Subject: Re: Incoming spoofed e-mail issue +1. Although impossible to quantify, it can only help your situation. -- ME2 On Wed, Feb 18, 2009 at 7:22 PM, Don Andrews don.andr...@safeway.com wrote: You might consider advertising an SPF record - cheap and little effort. No guarantees except that it lets honest domains that check for it ignore spoofed sends. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Wednesday, February 18, 2009 10:24 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Thomas, I think I've found a way to take care of some of this stuff. I have a Watchguard firewall, which has a feature built in called an SMTP Proxy. Within that, I can set a filter to deny any messages coming from specific domains, or, as in this case, from specific country codes (.pl, .ru, etc). I just put it in place, so I'm hoping it's going to help the issue here. As far as backscatter from within the US, I'm still working on that one... Joe Heaton Employment Training Panel From: Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org] Sent: Tuesday, February 17, 2009 10:35 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue That's exactly what I'm battling right now Joe...if you look at the header you will see the actual sender / originator. I couldn't give you a correct way how to tackle this issue. But this backscatter has become a pain in the you know what. From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 12:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages claiming to be from the following:, but these messages are actually claiming to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read,
RE: Loving your new body?
Results:The following members were successfully deleted: squaliderks...@campingalporto.com Warm regards, Stu Sjouwerman Founder, VP Marketing. P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com From: Carmela Calloway [mailto:squaliderks...@campingalporto.com] Sent: Saturday, February 21, 2009 11:46 PM To: MS-Exchange Admin Issues Subject: Loving your new body? Surely the easiest way to lose weight Click for access http://tesobiciz.cn .. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
HOWTO: do reverse lookups (PTR records) with the nslookup tool
Note: the dig tool is easier and better than nslookup, but unfortunately doesn't come with windows. You can download the Windows port of the BIND name server and find dig there, but that's extra steps to find out just what dlls you also need, etc... If you're going to do this a lot I do recommend that you take the time to learn dig instead of nslookup. In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Open cmd prompt. Type nslookup and press enter. At the new prompt type set type=ptr and press enter wacky thing #1: IP addy that you query is backwards from what it is wacky thing #2: you are querying for the backwards address in this weird domain called in-addr.arpa. You can think of .in-addr.arpa as being to IP addresses the same as .com. or .org. are to domain names. It is the story of the whale; it's just how it is. So, for example let's look up some aol.com PTR records...3 MX records I see are: mailin-01.mx.aol.cominternet address = 205.188.156.248 mailin-02.mx.aol.cominternet address = 205.188.249.91 mailin-03.mx.aol.cominternet address = 205.188.252.17 Hey, let's see if their ducks are in a row! To query the PTR record for the first one just type this: 248.156.188.205.in-addr.arpa After pressing enter you should see something like this : Non-authoritative answer: 248.156.188.205.in-addr.arpaname = dd.mx.aol.com What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is probably not sending any mail out from this box here ;) Likely, that box is a load balancer of some type... OK, trawling through some logs here I do see them sending mail from host imo-d05.mx.aol.com which has an address of 205.188.157.37. Let's check it out! set type=a imo-d05.mx.aol.com Server: dns-01.ns.aol.com Address: 64.12.51.132 Name:imo-d05.mx.aol.com Address: 205.188.157.37 [Yup, still sitting on the same addy] set type=ptr 37.157.188.205.in-addr.arpa Server: dns-01.ns.aol.com Address: 64.12.51.132 37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com [This time we have a match! AOL admins know what they're doing.] 157.188.205.in-addr.arpanameserver = dns-02.ns.aol.com 157.188.205.in-addr.arpanameserver = dns-01.ns.aol.com dns-01.ns.aol.com internet address = 64.12.51.132 dns-02.ns.aol.com internet address = 205.188.157.232 So yeppers, all aol.com ducks in a row for that outbound server. As you can see nslookup also tells you what name servers have authority for the address space containing 205.188.157.37. Using a whois tool you can lookup who has registered ownership of the IP block. Now we're getting off on a spam fighting tangent if you want to script nslookup to do auditing you can use the tool like this to query one address at a time. Now you can loop over a whole block of IPs that you might own in a batch file or powershell or whatever: C:\nslookup -type=ptr 37.157.188.205.in-addr.arpa dns-01.ns.aol.com The last argument (dns server to query) is optional. By default, nslookup should be querying the first dns server listed in your ipconfig /all output. If you're at the nslookup prompt the command server serverName|IP will do the same thing. Check the ? command to see other commands. Note: -type=a would be redundant since it's the default query type assumed and obviously -type=mx could be useful in the email world as well. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool
I ran across this over the weekend. Haven't tried it yet, but looks like it might be good stuff. http://huddledmasses.org/update-to-poshnet-and-get-dns/ -Original Message- From: Jason Gurtz [mailto:jasongu...@npumail.com] Sent: Monday, February 23, 2009 11:23 AM To: MS-Exchange Admin Issues Subject: HOWTO: do reverse lookups (PTR records) with the nslookup tool Note: the dig tool is easier and better than nslookup, but unfortunately doesn't come with windows. You can download the Windows port of the BIND name server and find dig there, but that's extra steps to find out just what dlls you also need, etc... If you're going to do this a lot I do recommend that you take the time to learn dig instead of nslookup. In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Open cmd prompt. Type nslookup and press enter. At the new prompt type set type=ptr and press enter wacky thing #1: IP addy that you query is backwards from what it is wacky thing #2: you are querying for the backwards address in this weird domain called in-addr.arpa. You can think of .in-addr.arpa as being to IP addresses the same as .com. or .org. are to domain names. It is the story of the whale; it's just how it is. So, for example let's look up some aol.com PTR records...3 MX records I see are: mailin-01.mx.aol.cominternet address = 205.188.156.248 mailin-02.mx.aol.cominternet address = 205.188.249.91 mailin-03.mx.aol.cominternet address = 205.188.252.17 Hey, let's see if their ducks are in a row! To query the PTR record for the first one just type this: 248.156.188.205.in-addr.arpa After pressing enter you should see something like this : Non-authoritative answer: 248.156.188.205.in-addr.arpaname = dd.mx.aol.com What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is probably not sending any mail out from this box here ;) Likely, that box is a load balancer of some type... OK, trawling through some logs here I do see them sending mail from host imo-d05.mx.aol.com which has an address of 205.188.157.37. Let's check it out! set type=a imo-d05.mx.aol.com Server: dns-01.ns.aol.com Address: 64.12.51.132 Name:imo-d05.mx.aol.com Address: 205.188.157.37 [Yup, still sitting on the same addy] set type=ptr 37.157.188.205.in-addr.arpa Server: dns-01.ns.aol.com Address: 64.12.51.132 37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com [This time we have a match! AOL admins know what they're doing.] 157.188.205.in-addr.arpanameserver = dns-02.ns.aol.com 157.188.205.in-addr.arpanameserver = dns-01.ns.aol.com dns-01.ns.aol.com internet address = 64.12.51.132 dns-02.ns.aol.com internet address = 205.188.157.232 So yeppers, all aol.com ducks in a row for that outbound server. As you can see nslookup also tells you what name servers have authority for the address space containing 205.188.157.37. Using a whois tool you can lookup who has registered ownership of the IP block. Now we're getting off on a spam fighting tangent if you want to script nslookup to do auditing you can use the tool like this to query one address at a time. Now you can loop over a whole block of IPs that you might own in a batch file or powershell or whatever: C:\nslookup -type=ptr 37.157.188.205.in-addr.arpa dns-01.ns.aol.com The last argument (dns server to query) is optional. By default, nslookup should be querying the first dns server listed in your ipconfig /all output. If you're at the nslookup prompt the command server serverName|IP will do the same thing. Check the ? command to see other commands. Note: -type=a would be redundant since it's the default query type assumed and obviously -type=mx could be useful in the email world as well. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Excessive Connections Between Outlook 2007 SP1 and Exchange 2003 SP2
I am still seeing the same issue after running update KB948496 (disable SNP). I am also running down the angle of Desktop Search, we have primarily XP SP2 clients running WDS version 6.0.6000.16431 and some Vista SP1 running 6.0.6001.18000. We also may have rouge installs of Google, etc. -Original Message- From: jamwel [mailto:jam...@gmail.com] Sent: Tuesday, February 10, 2009 5:26 PM To: MS-Exchange Admin Issues Subject: Re: Excessive Connections Between Outlook 2007 SP1 and Exchange 2003 SP2 The disable TCP chimneying might be accurate. I haven't seen that combo with SNP myself, but it sounds reasonable. A network trace will show a TCP ACK flood, more than likely, if SNP is to blame. See KB 948496 if you haven't already read it... --James On 2/10/09, Severson, Kyle M kyle.sever...@kcc.com wrote: I am seeing an excessive number of connections between some of our Outlook 2007 SP1 clients and Exchange 2003 SP2. Anybody else seen this? Microsoft isn't coming up with much other then disable TCP Chimney and possibly some 3rd party add-ins. Both client and server are NOT having performance issues. Most users seem to average about 4 connections, but the ones with the issue have between 100-300. Thanks, Kyle Severson Messaging Engineer Kimberly-Clark Corp. This e-mail is intended for the use of the addressee(s) only and may contain privileged, confidential, or proprietary information that is exempt from disclosure under law. If you have received this message in error, please inform us promptly by reply e-mail, then delete the e-mail and destroy any printed copy. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- Sent from my mobile device ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ This e-mail is intended for the use of the addressee(s) only and may contain privileged, confidential, or proprietary information that is exempt from disclosure under law. If you have received this message in error, please inform us promptly by reply e-mail, then delete the e-mail and destroy any printed copy. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool
Sam Spade is still good -Original Message- From: Jason Gurtz [mailto:jasongu...@npumail.com] Sent: Monday, February 23, 2009 1:23 PM To: MS-Exchange Admin Issues Subject: HOWTO: do reverse lookups (PTR records) with the nslookup tool Note: the dig tool is easier and better than nslookup, but unfortunately doesn't come with windows. You can download the Windows port of the BIND name server and find dig there, but that's extra steps to find out just what dlls you also need, etc... If you're going to do this a lot I do recommend that you take the time to learn dig instead of nslookup. In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Open cmd prompt. Type nslookup and press enter. At the new prompt type set type=ptr and press enter wacky thing #1: IP addy that you query is backwards from what it is wacky thing #2: you are querying for the backwards address in this weird domain called in-addr.arpa. You can think of .in-addr.arpa as being to IP addresses the same as .com. or .org. are to domain names. It is the story of the whale; it's just how it is. So, for example let's look up some aol.com PTR records...3 MX records I see are: mailin-01.mx.aol.cominternet address = 205.188.156.248 mailin-02.mx.aol.cominternet address = 205.188.249.91 mailin-03.mx.aol.cominternet address = 205.188.252.17 Hey, let's see if their ducks are in a row! To query the PTR record for the first one just type this: 248.156.188.205.in-addr.arpa After pressing enter you should see something like this : Non-authoritative answer: 248.156.188.205.in-addr.arpaname = dd.mx.aol.com What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is probably not sending any mail out from this box here ;) Likely, that box is a load balancer of some type... OK, trawling through some logs here I do see them sending mail from host imo-d05.mx.aol.com which has an address of 205.188.157.37. Let's check it out! set type=a imo-d05.mx.aol.com Server: dns-01.ns.aol.com Address: 64.12.51.132 Name:imo-d05.mx.aol.com Address: 205.188.157.37 [Yup, still sitting on the same addy] set type=ptr 37.157.188.205.in-addr.arpa Server: dns-01.ns.aol.com Address: 64.12.51.132 37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com [This time we have a match! AOL admins know what they're doing.] 157.188.205.in-addr.arpanameserver = dns-02.ns.aol.com 157.188.205.in-addr.arpanameserver = dns-01.ns.aol.com dns-01.ns.aol.com internet address = 64.12.51.132 dns-02.ns.aol.com internet address = 205.188.157.232 So yeppers, all aol.com ducks in a row for that outbound server. As you can see nslookup also tells you what name servers have authority for the address space containing 205.188.157.37. Using a whois tool you can lookup who has registered ownership of the IP block. Now we're getting off on a spam fighting tangent if you want to script nslookup to do auditing you can use the tool like this to query one address at a time. Now you can loop over a whole block of IPs that you might own in a batch file or powershell or whatever: C:\nslookup -type=ptr 37.157.188.205.in-addr.arpa dns-01.ns.aol.com The last argument (dns server to query) is optional. By default, nslookup should be querying the first dns server listed in your ipconfig /all output. If you're at the nslookup prompt the command server serverName|IP will do the same thing. Check the ? command to see other commands. Note: -type=a would be redundant since it's the default query type assumed and obviously -type=mx could be useful in the email world as well. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool
An easier way is; nslookup -q=ptr 205.188.156.248 -Original Message- From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, February 23, 2009 9:31 AM To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool I ran across this over the weekend. Haven't tried it yet, but looks like it might be good stuff. http://huddledmasses.org/update-to-poshnet-and-get-dns/ -Original Message- From: Jason Gurtz [mailto:jasongu...@npumail.com] Sent: Monday, February 23, 2009 11:23 AM To: MS-Exchange Admin Issues Subject: HOWTO: do reverse lookups (PTR records) with the nslookup tool Note: the dig tool is easier and better than nslookup, but unfortunately doesn't come with windows. You can download the Windows port of the BIND name server and find dig there, but that's extra steps to find out just what dlls you also need, etc... If you're going to do this a lot I do recommend that you take the time to learn dig instead of nslookup. In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Open cmd prompt. Type nslookup and press enter. At the new prompt type set type=ptr and press enter wacky thing #1: IP addy that you query is backwards from what it is wacky thing #2: you are querying for the backwards address in this weird domain called in-addr.arpa. You can think of .in-addr.arpa as being to IP addresses the same as .com. or .org. are to domain names. It is the story of the whale; it's just how it is. So, for example let's look up some aol.com PTR records...3 MX records I see are: mailin-01.mx.aol.cominternet address = 205.188.156.248 mailin-02.mx.aol.cominternet address = 205.188.249.91 mailin-03.mx.aol.cominternet address = 205.188.252.17 Hey, let's see if their ducks are in a row! To query the PTR record for the first one just type this: 248.156.188.205.in-addr.arpa After pressing enter you should see something like this : Non-authoritative answer: 248.156.188.205.in-addr.arpaname = dd.mx.aol.com What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is probably not sending any mail out from this box here ;) Likely, that box is a load balancer of some type... OK, trawling through some logs here I do see them sending mail from host imo-d05.mx.aol.com which has an address of 205.188.157.37. Let's check it out! set type=a imo-d05.mx.aol.com Server: dns-01.ns.aol.com Address: 64.12.51.132 Name:imo-d05.mx.aol.com Address: 205.188.157.37 [Yup, still sitting on the same addy] set type=ptr 37.157.188.205.in-addr.arpa Server: dns-01.ns.aol.com Address: 64.12.51.132 37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com [This time we have a match! AOL admins know what they're doing.] 157.188.205.in-addr.arpanameserver = dns-02.ns.aol.com 157.188.205.in-addr.arpanameserver = dns-01.ns.aol.com dns-01.ns.aol.com internet address = 64.12.51.132 dns-02.ns.aol.com internet address = 205.188.157.232 So yeppers, all aol.com ducks in a row for that outbound server. As you can see nslookup also tells you what name servers have authority for the address space containing 205.188.157.37. Using a whois tool you can lookup who has registered ownership of the IP block. Now we're getting off on a spam fighting tangent if you want to script nslookup to do auditing you can use the tool like this to query one address at a time. Now you can loop over a whole block of IPs that you might own in a batch file or powershell or whatever: C:\nslookup -type=ptr 37.157.188.205.in-addr.arpa dns-01.ns.aol.com The last argument (dns server to query) is optional. By default, nslookup should be querying the first dns server listed in your ipconfig /all output. If you're at the nslookup prompt the command server serverName|IP will do the same thing. Check the ? command to see other commands. Note: -type=a would be redundant since it's the default query type assumed and obviously -type=mx could be useful in the email world as well. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.
RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool
Maybe. Depends on what you want to do with the information after you get it. IMHO. -Original Message- From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Monday, February 23, 2009 11:47 AM To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool An easier way is; nslookup -q=ptr 205.188.156.248 -Original Message- From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, February 23, 2009 9:31 AM To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool I ran across this over the weekend. Haven't tried it yet, but looks like it might be good stuff. http://huddledmasses.org/update-to-poshnet-and-get-dns/ -Original Message- From: Jason Gurtz [mailto:jasongu...@npumail.com] Sent: Monday, February 23, 2009 11:23 AM To: MS-Exchange Admin Issues Subject: HOWTO: do reverse lookups (PTR records) with the nslookup tool Note: the dig tool is easier and better than nslookup, but unfortunately doesn't come with windows. You can download the Windows port of the BIND name server and find dig there, but that's extra steps to find out just what dlls you also need, etc... If you're going to do this a lot I do recommend that you take the time to learn dig instead of nslookup. In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Open cmd prompt. Type nslookup and press enter. At the new prompt type set type=ptr and press enter wacky thing #1: IP addy that you query is backwards from what it is wacky thing #2: you are querying for the backwards address in this weird domain called in-addr.arpa. You can think of .in-addr.arpa as being to IP addresses the same as .com. or .org. are to domain names. It is the story of the whale; it's just how it is. So, for example let's look up some aol.com PTR records...3 MX records I see are: mailin-01.mx.aol.cominternet address = 205.188.156.248 mailin-02.mx.aol.cominternet address = 205.188.249.91 mailin-03.mx.aol.cominternet address = 205.188.252.17 Hey, let's see if their ducks are in a row! To query the PTR record for the first one just type this: 248.156.188.205.in-addr.arpa After pressing enter you should see something like this : Non-authoritative answer: 248.156.188.205.in-addr.arpaname = dd.mx.aol.com What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is probably not sending any mail out from this box here ;) Likely, that box is a load balancer of some type... OK, trawling through some logs here I do see them sending mail from host imo-d05.mx.aol.com which has an address of 205.188.157.37. Let's check it out! set type=a imo-d05.mx.aol.com Server: dns-01.ns.aol.com Address: 64.12.51.132 Name:imo-d05.mx.aol.com Address: 205.188.157.37 [Yup, still sitting on the same addy] set type=ptr 37.157.188.205.in-addr.arpa Server: dns-01.ns.aol.com Address: 64.12.51.132 37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com [This time we have a match! AOL admins know what they're doing.] 157.188.205.in-addr.arpanameserver = dns-02.ns.aol.com 157.188.205.in-addr.arpanameserver = dns-01.ns.aol.com dns-01.ns.aol.com internet address = 64.12.51.132 dns-02.ns.aol.com internet address = 205.188.157.232 So yeppers, all aol.com ducks in a row for that outbound server. As you can see nslookup also tells you what name servers have authority for the address space containing 205.188.157.37. Using a whois tool you can lookup who has registered ownership of the IP block. Now we're getting off on a spam fighting tangent if you want to script nslookup to do auditing you can use the tool like this to query one address at a time. Now you can loop over a whole block of IPs that you might own in a batch file or powershell or whatever: C:\nslookup -type=ptr 37.157.188.205.in-addr.arpa dns-01.ns.aol.com The last argument (dns server to query) is optional. By default, nslookup should be querying the first dns server listed in your ipconfig /all output. If you're at the nslookup prompt the command server serverName|IP will do the same thing. Check the ? command to see other commands. Note: -type=a would be redundant since it's the default query type assumed and obviously -type=mx could be useful in the email world as well. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby
RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool
True 'nough - but for the basic question (don't know what PTR records are out there) - running this against the sending IPs will give the answer. -Original Message- From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, February 23, 2009 9:56 AM To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool Maybe. Depends on what you want to do with the information after you get it. IMHO. -Original Message- From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Monday, February 23, 2009 11:47 AM To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool An easier way is; nslookup -q=ptr 205.188.156.248 -Original Message- From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, February 23, 2009 9:31 AM To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool I ran across this over the weekend. Haven't tried it yet, but looks like it might be good stuff. http://huddledmasses.org/update-to-poshnet-and-get-dns/ -Original Message- From: Jason Gurtz [mailto:jasongu...@npumail.com] Sent: Monday, February 23, 2009 11:23 AM To: MS-Exchange Admin Issues Subject: HOWTO: do reverse lookups (PTR records) with the nslookup tool Note: the dig tool is easier and better than nslookup, but unfortunately doesn't come with windows. You can download the Windows port of the BIND name server and find dig there, but that's extra steps to find out just what dlls you also need, etc... If you're going to do this a lot I do recommend that you take the time to learn dig instead of nslookup. In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Open cmd prompt. Type nslookup and press enter. At the new prompt type set type=ptr and press enter wacky thing #1: IP addy that you query is backwards from what it is wacky thing #2: you are querying for the backwards address in this weird domain called in-addr.arpa. You can think of .in-addr.arpa as being to IP addresses the same as .com. or .org. are to domain names. It is the story of the whale; it's just how it is. So, for example let's look up some aol.com PTR records...3 MX records I see are: mailin-01.mx.aol.cominternet address = 205.188.156.248 mailin-02.mx.aol.cominternet address = 205.188.249.91 mailin-03.mx.aol.cominternet address = 205.188.252.17 Hey, let's see if their ducks are in a row! To query the PTR record for the first one just type this: 248.156.188.205.in-addr.arpa After pressing enter you should see something like this : Non-authoritative answer: 248.156.188.205.in-addr.arpaname = dd.mx.aol.com What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is probably not sending any mail out from this box here ;) Likely, that box is a load balancer of some type... OK, trawling through some logs here I do see them sending mail from host imo-d05.mx.aol.com which has an address of 205.188.157.37. Let's check it out! set type=a imo-d05.mx.aol.com Server: dns-01.ns.aol.com Address: 64.12.51.132 Name:imo-d05.mx.aol.com Address: 205.188.157.37 [Yup, still sitting on the same addy] set type=ptr 37.157.188.205.in-addr.arpa Server: dns-01.ns.aol.com Address: 64.12.51.132 37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com [This time we have a match! AOL admins know what they're doing.] 157.188.205.in-addr.arpanameserver = dns-02.ns.aol.com 157.188.205.in-addr.arpanameserver = dns-01.ns.aol.com dns-01.ns.aol.com internet address = 64.12.51.132 dns-02.ns.aol.com internet address = 205.188.157.232 So yeppers, all aol.com ducks in a row for that outbound server. As you can see nslookup also tells you what name servers have authority for the address space containing 205.188.157.37. Using a whois tool you can lookup who has registered ownership of the IP block. Now we're getting off on a spam fighting tangent if you want to script nslookup to do auditing you can use the tool like this to query one address at a time. Now you can loop over a whole block of IPs that you might own in a batch file or powershell or whatever: C:\nslookup -type=ptr 37.157.188.205.in-addr.arpa dns-01.ns.aol.com The last argument (dns server to query) is optional. By default, nslookup should be querying the first dns server listed in your ipconfig /all output. If you're at the nslookup prompt the command server serverName|IP will do the same thing. Check the ? command to see other commands. Note: -type=a would be redundant since it's the default query type assumed and obviously -type=mx could be useful in the email world as well. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool
Oh... NOW you've done it! Ya broke the website... Internet Explorer cannot display the webpage Most likely causes: You are not connected to the Internet. The website is encountering problems. There might be a typing error in the address. What you can try: Diagnose Connection Problems More information This problem can be caused by a variety of issues, including: Internet connectivity has been lost. The website is temporarily unavailable. The Domain Name Server (DNS) is not reachable. The Domain Name Server (DNS) does not have a listing for the website's domain. If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section. For offline users You can still view subscribed feeds and some recently viewed webpages. To view subscribed feeds Click the Favorites Center button , click Feeds, and then click the feed you want to view. To view recently visited webpages (might not work on all pages) Click Tools , and then click Work Offline. Click the Favorites Center button , click History, and then click the page you want to view. -Original Message- From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, February 23, 2009 11:31 AM To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool I ran across this over the weekend. Haven't tried it yet, but looks like it might be good stuff. http://huddledmasses.org/update-to-poshnet-and-get-dns/ -Original Message- From: Jason Gurtz [mailto:jasongu...@npumail.com] Sent: Monday, February 23, 2009 11:23 AM To: MS-Exchange Admin Issues Subject: HOWTO: do reverse lookups (PTR records) with the nslookup tool Note: the dig tool is easier and better than nslookup, but unfortunately doesn't come with windows. You can download the Windows port of the BIND name server and find dig there, but that's extra steps to find out just what dlls you also need, etc... If you're going to do this a lot I do recommend that you take the time to learn dig instead of nslookup. In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Open cmd prompt. Type nslookup and press enter. At the new prompt type set type=ptr and press enter wacky thing #1: IP addy that you query is backwards from what it is wacky thing #2: you are querying for the backwards address in this weird domain called in-addr.arpa. You can think of .in-addr.arpa as being to IP addresses the same as .com. or .org. are to domain names. It is the story of the whale; it's just how it is. So, for example let's look up some aol.com PTR records...3 MX records I see are: mailin-01.mx.aol.cominternet address = 205.188.156.248 mailin-02.mx.aol.cominternet address = 205.188.249.91 mailin-03.mx.aol.cominternet address = 205.188.252.17 Hey, let's see if their ducks are in a row! To query the PTR record for the first one just type this: 248.156.188.205.in-addr.arpa After pressing enter you should see something like this : Non-authoritative answer: 248.156.188.205.in-addr.arpaname = dd.mx.aol.com What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is probably not sending any mail out from this box here ;) Likely, that box is a load balancer of some type... OK, trawling through some logs here I do see them sending mail from host imo-d05.mx.aol.com which has an address of 205.188.157.37. Let's check it out! set type=a imo-d05.mx.aol.com Server: dns-01.ns.aol.com Address: 64.12.51.132 Name:imo-d05.mx.aol.com Address: 205.188.157.37 [Yup, still sitting on the same addy] set type=ptr 37.157.188.205.in-addr.arpa Server: dns-01.ns.aol.com Address: 64.12.51.132 37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com [This time we have a match! AOL admins know what they're doing.] 157.188.205.in-addr.arpanameserver = dns-02.ns.aol.com 157.188.205.in-addr.arpanameserver = dns-01.ns.aol.com dns-01.ns.aol.com internet address = 64.12.51.132 dns-02.ns.aol.com internet address = 205.188.157.232 So yeppers, all aol.com ducks in a row for that outbound server. As you can see nslookup also tells you what name servers have authority for the address space containing 205.188.157.37. Using a whois tool you can lookup who has registered ownership of the IP block. Now we're getting off on a spam fighting tangent if you want to script nslookup to do auditing you can use the tool like this to query one address at a time. Now you can loop over a whole block of IPs that you might own in a batch file or powershell or whatever: C:\nslookup -type=ptr 37.157.188.205.in-addr.arpa dns-01.ns.aol.com The last argument (dns server to query) is optional. By default, nslookup should be querying the first dns server listed in
RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool
The canonical http://downforeveryoneorjustme.com/ -Original Message- From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, February 23, 2009 13:07 To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool It works for me -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Monday, February 23, 2009 12:05 PM To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool Oh... NOW you've done it! Ya broke the website... Internet Explorer cannot display the webpage Most likely causes: You are not connected to the Internet. The website is encountering problems. There might be a typing error in the address. What you can try: Diagnose Connection Problems More information This problem can be caused by a variety of issues, including: Internet connectivity has been lost. The website is temporarily unavailable. The Domain Name Server (DNS) is not reachable. The Domain Name Server (DNS) does not have a listing for the website's domain. If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section. For offline users You can still view subscribed feeds and some recently viewed webpages. To view subscribed feeds Click the Favorites Center button , click Feeds, and then click the feed you want to view. To view recently visited webpages (might not work on all pages) Click Tools , and then click Work Offline. Click the Favorites Center button , click History, and then click the page you want to view. -Original Message- From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, February 23, 2009 11:31 AM To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool I ran across this over the weekend. Haven't tried it yet, but looks like it might be good stuff. http://huddledmasses.org/update-to-poshnet-and-get-dns/ -Original Message- From: Jason Gurtz [mailto:jasongu...@npumail.com] Sent: Monday, February 23, 2009 11:23 AM To: MS-Exchange Admin Issues Subject: HOWTO: do reverse lookups (PTR records) with the nslookup tool Note: the dig tool is easier and better than nslookup, but unfortunately doesn't come with windows. You can download the Windows port of the BIND name server and find dig there, but that's extra steps to find out just what dlls you also need, etc... If you're going to do this a lot I do recommend that you take the time to learn dig instead of nslookup. In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Open cmd prompt. Type nslookup and press enter. At the new prompt type set type=ptr and press enter wacky thing #1: IP addy that you query is backwards from what it is wacky thing #2: you are querying for the backwards address in this weird domain called in-addr.arpa. You can think of .in-addr.arpa as being to IP addresses the same as .com. or .org. are to domain names. It is the story of the whale; it's just how it is. So, for example let's look up some aol.com PTR records...3 MX records I see are: mailin-01.mx.aol.cominternet address = 205.188.156.248 mailin-02.mx.aol.cominternet address = 205.188.249.91 mailin-03.mx.aol.cominternet address = 205.188.252.17 Hey, let's see if their ducks are in a row! To query the PTR record for the first one just type this: 248.156.188.205.in-addr.arpa After pressing enter you should see something like this : Non-authoritative answer: 248.156.188.205.in-addr.arpaname = dd.mx.aol.com What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is probably not sending any mail out from this box here ;) Likely, that box is a load balancer of some type... OK, trawling through some logs here I do see them sending mail from host imo-d05.mx.aol.com which has an address of 205.188.157.37. Let's check it out! set type=a imo-d05.mx.aol.com Server: dns-01.ns.aol.com Address: 64.12.51.132 Name:imo-d05.mx.aol.com Address: 205.188.157.37 [Yup, still sitting on the same addy] set type=ptr 37.157.188.205.in-addr.arpa Server: dns-01.ns.aol.com Address: 64.12.51.132 37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com [This time we have a match! AOL admins know what they're doing.] 157.188.205.in-addr.arpanameserver = dns-02.ns.aol.com 157.188.205.in-addr.arpanameserver = dns-01.ns.aol.com dns-01.ns.aol.com internet address = 64.12.51.132 dns-02.ns.aol.com internet address = 205.188.157.232 So yeppers, all aol.com ducks in a row for that outbound server. As you can
RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool
Very nice! -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 23, 2009 13:52 To: MS-Exchange Admin Issues Subject: Re: HOWTO: do reverse lookups (PTR records) with the nslookup tool A Win32 version of digL http://members.shaw.ca/nicholas.fong/dig/ On Mon, Feb 23, 2009 at 09:23, Jason Gurtz jasongu...@npumail.com wrote: Note: the dig tool is easier and better than nslookup, but unfortunately doesn't come with windows. You can download the Windows port of the BIND name server and find dig there, but that's extra steps to find out just what dlls you also need, etc... If you're going to do this a lot I do recommend that you take the time to learn dig instead of nslookup. In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Open cmd prompt. Type nslookup and press enter. At the new prompt type set type=ptr and press enter wacky thing #1: IP addy that you query is backwards from what it is wacky thing #2: you are querying for the backwards address in this weird domain called in-addr.arpa. You can think of .in-addr.arpa as being to IP addresses the same as .com. or .org. are to domain names. It is the story of the whale; it's just how it is. So, for example let's look up some aol.com PTR records...3 MX records I see are: mailin-01.mx.aol.cominternet address = 205.188.156.248 mailin-02.mx.aol.cominternet address = 205.188.249.91 mailin-03.mx.aol.cominternet address = 205.188.252.17 Hey, let's see if their ducks are in a row! To query the PTR record for the first one just type this: 248.156.188.205.in-addr.arpa After pressing enter you should see something like this : Non-authoritative answer: 248.156.188.205.in-addr.arpaname = dd.mx.aol.com What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is probably not sending any mail out from this box here ;) Likely, that box is a load balancer of some type... OK, trawling through some logs here I do see them sending mail from host imo-d05.mx.aol.com which has an address of 205.188.157.37. Let's check it out! set type=a imo-d05.mx.aol.com Server: dns-01.ns.aol.com Address: 64.12.51.132 Name:imo-d05.mx.aol.com Address: 205.188.157.37 [Yup, still sitting on the same addy] set type=ptr 37.157.188.205.in-addr.arpa Server: dns-01.ns.aol.com Address: 64.12.51.132 37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com [This time we have a match! AOL admins know what they're doing.] 157.188.205.in-addr.arpanameserver = dns-02.ns.aol.com 157.188.205.in-addr.arpanameserver = dns-01.ns.aol.com dns-01.ns.aol.com internet address = 64.12.51.132 dns-02.ns.aol.com internet address = 205.188.157.232 So yeppers, all aol.com ducks in a row for that outbound server. As you can see nslookup also tells you what name servers have authority for the address space containing 205.188.157.37. Using a whois tool you can lookup who has registered ownership of the IP block. Now we're getting off on a spam fighting tangent if you want to script nslookup to do auditing you can use the tool like this to query one address at a time. Now you can loop over a whole block of IPs that you might own in a batch file or powershell or whatever: C:\nslookup -type=ptr 37.157.188.205.in-addr.arpa dns-01.ns.aol.com The last argument (dns server to query) is optional. By default, nslookup should be querying the first dns server listed in your ipconfig /all output. If you're at the nslookup prompt the command server serverName|IP will do the same thing. Check the ? command to see other commands. Note: -type=a would be redundant since it's the default query type assumed and obviously -type=mx could be useful in the email world as well. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: backscatter issue
Sounds promising, but not widely-implemented (or, apparently, an option with Exchange without 3rd party software). John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us -Original Message- From: Jason Gurtz [mailto:jasongu...@npumail.com] Sent: Friday, February 13, 2009 4:34 PM To: MS-Exchange Admin Issues Subject: RE: backscatter issue What I came up with based on feedback from this list and some research I did was that not a heck of a lot can be done about it. BATV will take care of this in 99% of cases. http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation and http://mipassoc.org/batv/ explain in detail. ~JasonG ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
outlook locking up
I have a problem with outlook locking up when you try to delete mutiple documents at one time. We use outlook 2003 on a xp workstation. It is not in cache mode. I have uninstalled outlook and installed it again and it still did not fix the problem. It will let me empty the recycle bin at one time but it want not let me delete mutiple documents that I select. I don't know what else to do. Does anyone have any suggestions. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: HOWTO: do reverse lookups (PTR records) with the nslookup tool
Google is your friend... On Mon, Feb 23, 2009 at 11:45, Jason Gurtz jasongu...@npumail.com wrote: Very nice! -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 23, 2009 13:52 To: MS-Exchange Admin Issues Subject: Re: HOWTO: do reverse lookups (PTR records) with the nslookup tool A Win32 version of digL http://members.shaw.ca/nicholas.fong/dig/ On Mon, Feb 23, 2009 at 09:23, Jason Gurtz jasongu...@npumail.com wrote: Note: the dig tool is easier and better than nslookup, but unfortunately doesn't come with windows. You can download the Windows port of the BIND name server and find dig there, but that's extra steps to find out just what dlls you also need, etc... If you're going to do this a lot I do recommend that you take the time to learn dig instead of nslookup. In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Open cmd prompt. Type nslookup and press enter. At the new prompt type set type=ptr and press enter wacky thing #1: IP addy that you query is backwards from what it is wacky thing #2: you are querying for the backwards address in this weird domain called in-addr.arpa. You can think of .in-addr.arpa as being to IP addresses the same as .com. or .org. are to domain names. It is the story of the whale; it's just how it is. So, for example let's look up some aol.com PTR records...3 MX records I see are: mailin-01.mx.aol.cominternet address = 205.188.156.248 mailin-02.mx.aol.cominternet address = 205.188.249.91 mailin-03.mx.aol.cominternet address = 205.188.252.17 Hey, let's see if their ducks are in a row! To query the PTR record for the first one just type this: 248.156.188.205.in-addr.arpa After pressing enter you should see something like this : Non-authoritative answer: 248.156.188.205.in-addr.arpaname = dd.mx.aol.com What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is probably not sending any mail out from this box here ;) Likely, that box is a load balancer of some type... OK, trawling through some logs here I do see them sending mail from host imo-d05.mx.aol.com which has an address of 205.188.157.37. Let's check it out! set type=a imo-d05.mx.aol.com Server: dns-01.ns.aol.com Address: 64.12.51.132 Name:imo-d05.mx.aol.com Address: 205.188.157.37 [Yup, still sitting on the same addy] set type=ptr 37.157.188.205.in-addr.arpa Server: dns-01.ns.aol.com Address: 64.12.51.132 37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com [This time we have a match! AOL admins know what they're doing.] 157.188.205.in-addr.arpanameserver = dns-02.ns.aol.com 157.188.205.in-addr.arpanameserver = dns-01.ns.aol.com dns-01.ns.aol.com internet address = 64.12.51.132 dns-02.ns.aol.com internet address = 205.188.157.232 So yeppers, all aol.com ducks in a row for that outbound server. As you can see nslookup also tells you what name servers have authority for the address space containing 205.188.157.37. Using a whois tool you can lookup who has registered ownership of the IP block. Now we're getting off on a spam fighting tangent if you want to script nslookup to do auditing you can use the tool like this to query one address at a time. Now you can loop over a whole block of IPs that you might own in a batch file or powershell or whatever: C:\nslookup -type=ptr 37.157.188.205.in-addr.arpa dns-01.ns.aol.com The last argument (dns server to query) is optional. By default, nslookup should be querying the first dns server listed in your ipconfig /all output. If you're at the nslookup prompt the command server serverName|IP will do the same thing. Check the ? command to see other commands. Note: -type=a would be redundant since it's the default query type assumed and obviously -type=mx could be useful in the email world as well. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: outlook locking up
Does it consistently lock up deleting multiple itmes (ie does it lock up if you just try to delete 2 at once)? Normally, I'd suspect a corrupted email somewhere in the block of items you're trying to delete. Possible solutions are to try it with OWA, or move to mailbox to another mail store, and tell it to skip corrupted items during the move. -Original Message- From: DAVID SMITH [mailto:davidsm...@dritz.com] Sent: Monday, February 23, 2009 2:30 PM To: MS-Exchange Admin Issues Subject: outlook locking up I have a problem with outlook locking up when you try to delete mutiple documents at one time. We use outlook 2003 on a xp workstation. It is not in cache mode. I have uninstalled outlook and installed it again and it still did not fix the problem. It will let me empty the recycle bin at one time but it want not let me delete mutiple documents that I select. I don't know what else to do. Does anyone have any suggestions. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: backscatter issue
Yea, this is something you'd implement in front of your exchange box on a mail gateway. It is actually widely implemented but, as you've found, not on Exchange servers, which is too bad since it's a very effective solution with little side effects. If you're a smallish shop with the right knowledge (Linux, etc...) you can put this together for next to free on spare hardware. It all depends on management, abilities, and how bad the itch is. -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Monday, February 23, 2009 15:12 To: MS-Exchange Admin Issues Subject: RE: backscatter issue Sounds promising, but not widely-implemented (or, apparently, an option with Exchange without 3rd party software). John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us -Original Message- From: Jason Gurtz [mailto:jasongu...@npumail.com] Sent: Friday, February 13, 2009 4:34 PM To: MS-Exchange Admin Issues Subject: RE: backscatter issue What I came up with based on feedback from this list and some research I did was that not a heck of a lot can be done about it. BATV will take care of this in 99% of cases. http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation and http://mipassoc.org/batv/ explain in detail. ~JasonG ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: OAB 0X8004010F Error
Oddly enough, I noticed these errors just stopped as of yesterday. I have not changed anything since Jan 28th. I finally have a current OAB. Weird a$$ Exchange. From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 2:00 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Nope From: KevinM [mailto:kev...@wlkmmas.org] Sent: Wednesday, January 28, 2009 1:45 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Do you have Exchange clustered? From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 9:11 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Total oops! Everything is 2003 (Client, server, network, outlook), SP2 on exch, single/no replicas. Public folder structure: 'New' is a test OAB I created last night to make sure changes were being updated to the system folders. Not sure what the EX:/ folder is all about. Dates on the contents are very very old. From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Wednesday, January 28, 2009 11:05 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Exchange version and backend topology? (And yes, it may be relevant) Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 11:37 AM To: MS-Exchange Admin Issues Subject: OAB 0X8004010F Error Yes, the famous 0X8004010F error. Tons of info on the web, I know, but here is a twist that I can't find any information about online: I only get the download OAB error if I can connected via TCP/IP. If I am connected via HTTPS, the OAB download works great... I have done all the basis OAB error checking, rebuilt it, checked the public/system folders, made sure an oab is selected for the storage group.. Anyone know of a good place to start looking? Tia! Sam ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
RE: OAB 0X8004010F Error
I was plagued with this issue recently. End up deleting the OAB(s), recreating it, rebuilding it, then reassigning it on each Exchange DB. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Monday, February 23, 2009 4:54 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Oddly enough, I noticed these errors just stopped as of yesterday. I have not changed anything since Jan 28th. I finally have a current OAB. Weird a$$ Exchange. From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 2:00 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Nope From: KevinM [mailto:kev...@wlkmmas.org] Sent: Wednesday, January 28, 2009 1:45 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Do you have Exchange clustered? From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 9:11 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Total oops! Everything is 2003 (Client, server, network, outlook), SP2 on exch, single/no replicas. Public folder structure: 'New' is a test OAB I created last night to make sure changes were being updated to the system folders. Not sure what the EX:/ folder is all about. Dates on the contents are very very old. From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Wednesday, January 28, 2009 11:05 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Exchange version and backend topology? (And yes, it may be relevant) Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 11:37 AM To: MS-Exchange Admin Issues Subject: OAB 0X8004010F Error Yes, the famous 0X8004010F error. Tons of info on the web, I know, but here is a twist that I can't find any information about online: I only get the download OAB error if I can connected via TCP/IP. If I am connected via HTTPS, the OAB download works great... I have done all the basis OAB error checking, rebuilt it, checked the public/system folders, made sure an oab is selected for the storage group.. Anyone know of a good place to start looking? Tia! Sam ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
RE: OAB 0X8004010F Error
Those are just some of the things I tried on Jan 28th :) From: Roger Wright [mailto:rwri...@evatone.com] Sent: Monday, February 23, 2009 4:11 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error I was plagued with this issue recently. End up deleting the OAB(s), recreating it, rebuilding it, then reassigning it on each Exchange DB. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Monday, February 23, 2009 4:54 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Oddly enough, I noticed these errors just stopped as of yesterday. I have not changed anything since Jan 28th. I finally have a current OAB. Weird a$$ Exchange. From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 2:00 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Nope From: KevinM [mailto:kev...@wlkmmas.org] Sent: Wednesday, January 28, 2009 1:45 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Do you have Exchange clustered? From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 9:11 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Total oops! Everything is 2003 (Client, server, network, outlook), SP2 on exch, single/no replicas. Public folder structure: 'New' is a test OAB I created last night to make sure changes were being updated to the system folders. Not sure what the EX:/ folder is all about. Dates on the contents are very very old. From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Wednesday, January 28, 2009 11:05 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Exchange version and backend topology? (And yes, it may be relevant) Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 11:37 AM To: MS-Exchange Admin Issues Subject: OAB 0X8004010F Error Yes, the famous 0X8004010F error. Tons of info on the web, I know, but here is a twist that I can't find any information about online: I only get the download OAB error if I can connected via TCP/IP. If I am connected via HTTPS, the OAB download works great... I have done all the basis OAB error checking, rebuilt it, checked the public/system folders, made sure an oab is selected for the storage group.. Anyone know of a good place to start looking? Tia! Sam ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
RE: OAB 0X8004010F Error
You may need to allow several hours to see the results... Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Monday, February 23, 2009 5:15 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Those are just some of the things I tried on Jan 28th :) From: Roger Wright [mailto:rwri...@evatone.com] Sent: Monday, February 23, 2009 4:11 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error I was plagued with this issue recently. End up deleting the OAB(s), recreating it, rebuilding it, then reassigning it on each Exchange DB. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Monday, February 23, 2009 4:54 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Oddly enough, I noticed these errors just stopped as of yesterday. I have not changed anything since Jan 28th. I finally have a current OAB. Weird a$$ Exchange. From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 2:00 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Nope From: KevinM [mailto:kev...@wlkmmas.org] Sent: Wednesday, January 28, 2009 1:45 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Do you have Exchange clustered? From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 9:11 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Total oops! Everything is 2003 (Client, server, network, outlook), SP2 on exch, single/no replicas. Public folder structure: 'New' is a test OAB I created last night to make sure changes were being updated to the system folders. Not sure what the EX:/ folder is all about. Dates on the contents are very very old. From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Wednesday, January 28, 2009 11:05 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Exchange version and backend topology? (And yes, it may be relevant) Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 11:37 AM To: MS-Exchange Admin Issues Subject: OAB 0X8004010F Error Yes, the famous 0X8004010F error. Tons of info on the web, I know, but here is a twist that I can't find any information about online: I only get the download OAB error if I can connected via TCP/IP. If I am connected via HTTPS, the OAB download works great... I have done all the basis OAB error checking, rebuilt it, checked the public/system folders, made sure an oab is selected for the storage group.. Anyone know of a good place to start looking? Tia! Sam ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
question about modifying allowed senders to a distribution list
Good afternoon all, We recently had an issue where a user was removed from being able to send TO a distribution list that has been configured to only accept messages from certain indivduals on the Exchange General tab. Environment is Exchange 2003 SP2. In ADUC, the object tab in the properties of the distribution list shows that it was last modified on 2/2. Yet the individual in question indicated he was able to send to the distribution list as recently as last Thursday (2/19). There do not appear to be any security logs pertaining to this change generated by any of our DC's (which I didn't really expect, since this was an exchange property that was modified). My question is this - is this something that would be logged somewhere within Exchange? If so, would I need to have logging levels turned way up to find it (if so, too late)? Sorry, I always have the weird questions - please let me know if more details are needed. I have checked google, my googlefu is weak today . . . Thanks, James Winzenz Infrastructure Systems Engineer II - Security Pulte Homes Information Services Telefax: (602) 797-5823 CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
RE: OAB 0X8004010F Error
Um... yes, Jan 28th. A few hours ago ;) From: Roger Wright [mailto:rwri...@evatone.com] Sent: Monday, February 23, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error You may need to allow several hours to see the results... Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Monday, February 23, 2009 5:15 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Those are just some of the things I tried on Jan 28th :) From: Roger Wright [mailto:rwri...@evatone.com] Sent: Monday, February 23, 2009 4:11 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error I was plagued with this issue recently. End up deleting the OAB(s), recreating it, rebuilding it, then reassigning it on each Exchange DB. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Monday, February 23, 2009 4:54 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Oddly enough, I noticed these errors just stopped as of yesterday. I have not changed anything since Jan 28th. I finally have a current OAB. Weird a$$ Exchange. From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 2:00 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Nope From: KevinM [mailto:kev...@wlkmmas.org] Sent: Wednesday, January 28, 2009 1:45 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Do you have Exchange clustered? From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 9:11 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Total oops! Everything is 2003 (Client, server, network, outlook), SP2 on exch, single/no replicas. Public folder structure: 'New' is a test OAB I created last night to make sure changes were being updated to the system folders. Not sure what the EX:/ folder is all about. Dates on the contents are very very old. From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Wednesday, January 28, 2009 11:05 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Exchange version and backend topology? (And yes, it may be relevant) Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 11:37 AM To: MS-Exchange Admin Issues Subject: OAB 0X8004010F Error Yes, the famous 0X8004010F error. Tons of info on the web, I know, but here is a twist that I can't find any information about online: I only get the download OAB error if I can connected via TCP/IP. If I am connected via HTTPS, the OAB download works great... I have done all the basis OAB error checking, rebuilt it, checked the public/system folders, made sure an oab is selected for the storage group.. Anyone know of a good place to start looking? Tia! Sam ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
RE: outlook locking up
I've seen this with a large/mismanaged mailbox: 5,000 items in a single folder or over 2GB in total mailbox size. Then again this was on our underpowered Exchange 2003 servers. John Barsodi | Messaging 775.448.2230 | IGT Reno - IS -Original Message- From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, February 23, 2009 12:39 PM To: MS-Exchange Admin Issues Subject: RE: outlook locking up Does it consistently lock up deleting multiple itmes (ie does it lock up if you just try to delete 2 at once)? Normally, I'd suspect a corrupted email somewhere in the block of items you're trying to delete. Possible solutions are to try it with OWA, or move to mailbox to another mail store, and tell it to skip corrupted items during the move. -Original Message- From: DAVID SMITH [mailto:davidsm...@dritz.com] Sent: Monday, February 23, 2009 2:30 PM To: MS-Exchange Admin Issues Subject: outlook locking up I have a problem with outlook locking up when you try to delete mutiple documents at one time. We use outlook 2003 on a xp workstation. It is not in cache mode. I have uninstalled outlook and installed it again and it still did not fix the problem. It will let me empty the recycle bin at one time but it want not let me delete mutiple documents that I select. I don't know what else to do. Does anyone have any suggestions. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: OAB 0X8004010F Error
Try it again, in the order I listed. Wait until morning to see if it's resolved. Worked for my, YMMV. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Monday, February 23, 2009 5:37 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Um... yes, Jan 28th. A few hours ago ;) From: Roger Wright [mailto:rwri...@evatone.com] Sent: Monday, February 23, 2009 4:19 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error You may need to allow several hours to see the results... Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Monday, February 23, 2009 5:15 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Those are just some of the things I tried on Jan 28th :) From: Roger Wright [mailto:rwri...@evatone.com] Sent: Monday, February 23, 2009 4:11 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error I was plagued with this issue recently. End up deleting the OAB(s), recreating it, rebuilding it, then reassigning it on each Exchange DB. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Monday, February 23, 2009 4:54 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Oddly enough, I noticed these errors just stopped as of yesterday. I have not changed anything since Jan 28th. I finally have a current OAB. Weird a$$ Exchange. From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 2:00 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Nope From: KevinM [mailto:kev...@wlkmmas.org] Sent: Wednesday, January 28, 2009 1:45 PM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Do you have Exchange clustered? From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 9:11 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Total oops! Everything is 2003 (Client, server, network, outlook), SP2 on exch, single/no replicas. Public folder structure: 'New' is a test OAB I created last night to make sure changes were being updated to the system folders. Not sure what the EX:/ folder is all about. Dates on the contents are very very old. From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Wednesday, January 28, 2009 11:05 AM To: MS-Exchange Admin Issues Subject: RE: OAB 0X8004010F Error Exchange version and backend topology? (And yes, it may be relevant) Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, January 28, 2009 11:37 AM To: MS-Exchange Admin Issues Subject: OAB 0X8004010F Error Yes, the famous 0X8004010F error. Tons of info on the web, I know, but here is a twist that I can't find any information about online: I only get the download OAB error if I can connected via TCP/IP. If I am connected via HTTPS, the OAB download works great... I have done all the basis OAB error checking, rebuilt it, checked the public/system folders, made sure an oab is selected for the storage group.. Anyone know of a good place to start looking? Tia! Sam ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
RE: question about modifying allowed senders to a distribution list
It's far too late. You would have to have object auditing enabled in your AD. Even though the attribute is an exchange-related attribute, it is stored in AD and obeys AD auditing principles. That being said, do your message tracking logs agree with the user that she was able to send to the list as of last Thursday? That would be where I would start my investigation. From: James Winzenz [mailto:james.winz...@pulte.com] Sent: Monday, February 23, 2009 5:28 PM To: MS-Exchange Admin Issues Subject: question about modifying allowed senders to a distribution list Good afternoon all, We recently had an issue where a user was removed from being able to send TO a distribution list that has been configured to only accept messages from certain indivduals on the Exchange General tab. Environment is Exchange 2003 SP2. In ADUC, the object tab in the properties of the distribution list shows that it was last modified on 2/2. Yet the individual in question indicated he was able to send to the distribution list as recently as last Thursday (2/19). There do not appear to be any security logs pertaining to this change generated by any of our DC's (which I didn't really expect, since this was an exchange property that was modified). My question is this - is this something that would be logged somewhere within Exchange? If so, would I need to have logging levels turned way up to find it (if so, too late)? Sorry, I always have the weird questions - please let me know if more details are needed. I have checked google, my googlefu is weak today . . . Thanks, James Winzenz Infrastructure Systems Engineer II - Security Pulte Homes Information Services Telefax: (602) 797-5823 CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.jpg
