So if I'm reading this correctly, the spammers used her creds to send email via
OWA? Or is there another form of external email access you provide?
-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, 17 June 2010 12:03 AM
To: MS-Exchange Ad
Hi sms,
Now that the dust has hopefully settled and you (and we) are looking into
the various suggestions for preventing this in future, I just wondered if
you or someone at your organization has spoken to the user involved and
asked them why they did what they did and if they realized that it was
No one mentioned Max Recipients yet? I limit emails to 50 recipients.
It helps, on top of the other ideas.
From: sms adm [mailto:sms...@gmail.com]
Sent: Thursday, June 17, 2010 4:12 PM
To: MS-Exchange Admin Issues
Subject: Store brought down by a user today
This ever happen to anyon
Damn, that's news to me ... I'll have to check that out
Erik Goldoff
IT Consultant
Systems, Networks, & Security
' Security is an ongoing process, not a one time event ! '
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Thursday, June 17, 2010 6:38 PM
To: MS
If nothing else, a simple sAlive! setup to monitor disk space on data
drives would alert you based on thresholds you set.
Erik Goldoff
IT Consultant
Systems, Networks, & Security
' Security is an ongoing process, not a one time event ! '
From: sms adm [mailto:sms...@gmail.com]
Sent: Th
I have used this product for years in many different companies i have worked for
http://www.ks-soft.net/hostmon.eng/regmon.htm
Jean-Paul Natola
> From: mich...@smithcons.com
> To: exchangelist@lyris.sunbelt-software.com
> S
I'm curious, wouldn't mailbox limits with suitably low prohibit send
thresholds have prevented this problem?
Bill
On Thu, Jun 17, 2010 at 4:17 PM, Eric wrote:
> I've never heard of PolyMon so thanks for the heads up, I'll check it out
> myself since free is good :)
>
>
> On Thu, Jun 17, 2010 at
I've never heard of PolyMon so thanks for the heads up, I'll check it out
myself since free is good :)
On Thu, Jun 17, 2010 at 3:45 PM, Michael B. Smith wrote:
> For my clients that can't afford third party monitoring environments/tools,
> I'm using PolyMon. It works very well, and does 95% of wh
For my clients that can't afford third party monitoring environments/tools, I'm
using PolyMon. It works very well, and does 95% of what ServersAlive did for
me. And it's "free".
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
-Original Message-
Fr
On Thu, Jun 17, 2010 at 15:21, Michael B. Smith wrote:
> (Note: I can no longer recommend ServersAlive, despite having used it for
> OVER a decade, because it doesn’t support Server 2008, much less Server 2008
> R2.)
Well that's not happy.
I was thinking about upgrading, because I'm just not fi
"should" is an interesting question.
I've had this discussion with the Exchange team before (because this isn't the
first time I've seen this happen - probably the third time in 15 years). But in
comparison to lots of other issues - it's rare.
There are some changes and additional controls in t
There are other monitoring applications that would not cost you anything.
On Thu, Jun 17, 2010 at 4:47 PM, sms adm wrote:
> The "powers that be" will need more incidents like this before they are
> convinced to pay for MOM ... unfortunately.
>
> Should the user have been able to grow their Delet
The "powers that be" will need more incidents like this before they are
convinced to pay for MOM ... unfortunately.
Should the user have been able to grow their Deleted Items to that point
without problem?
Thx
On Thu, Jun 17, 2010 at 5:35 PM, Michael B. Smith wrote:
> I vote for the “throwing t
Monitoring for sure before bad things happens, and take a look at
the good side of the story, you have no white space now on that DB (-:
Cheers,
Ocd
On 6/17/10, Robinson, Chuck wrote:
> Mailbox Quotas, active monitoring and proper amount of disk capacity for
> overhead is a good start.
>
>
>
I vote for the "throwing them off the roof".
However, a good monitoring solution would've alerted you to what is going on.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: sms adm [mailto:sms...@gmail.com]
Sent: Thursday, June 17, 2010 5:12 PM
To: MS-E
Quota was 75/125/200
This happened in 2 hours. Documented 19GB white space then.
We will be implementing new storage in the next 6 weeks.
On Thu, Jun 17, 2010 at 5:18 PM, Robinson, Chuck wrote:
> Mailbox Quotas, active monitoring and proper amount of disk capacity for
> overhead is a good start.
Mailbox Quotas, active monitoring and proper amount of disk capacity for
overhead is a good start.
This ever happen to anyone ...
Had a user send a number of individual large emails (5MB+) to hundreds of
people, then after sending each one, deleted his Sent folder, increasing his
Deleted Items to 4GB.
We were a bit lean with 8GB available to the store (file system), but we had
19GB of white spa
With an Exchange 2007 Edge server, is the IP allow list a true whitelist-as in,
all mail from an IP address on that list will always be trusted, no matter what?
We use Postini, and their servers' IP addresses are on our allow list. When we
had Sender Reputation enabled, though, the Edge server w
It's a PITA as are most security related changes, but makes sense.
From: Paul Steele [mailto:paul.ste...@acadiau.ca]
Sent: Thursday, June 17, 2010 8:01 AM
To: MS-Exchange Admin Issues
Subject: RE: ActiveSync and Domain Admins
That did the trick. I don't disagree w
You can. I am old and also in EDU. If I did it anyone can. :)
From: Paul Steele [mailto:paul.ste...@acadiau.ca]
Sent: Thursday, June 17, 2010 11:01 AM
To: MS-Exchange Admin Issues
Subject: RE: ActiveSync and Domain Admins
I think I'll investigate alternatives and see if an old dog can learn ne
That did the trick. I don't disagree with all the comments concerning security
concerns. I think I'll investigate alternatives and see if an old dog can learn
new tricks...
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: June-17-10 11:11 AM
To: MS-Exchange Admin Issues
Subj
I removed the IP of the HT of the resource forest within Exchange 2003
SMTP VS. Now I created the send connector on Exchange 2010 and chose
custom. Here are the other options that I selected as well. For some
reason it is still getting hung up in the queue on the 2010 server and
never delivers the
I'm in the domain admins group, and I got my Windows Mobile to work after
migrating to 2010 by going in and enabling inheritance on my user account in
AD. The adminSDholder process will disable inheritance again but it appears
that once you enable it and get AS working, it continues to work af
I hope their phones work better than their software.
My experience with their software is that it is pitiful and unpredictable.
On Thu, Jun 17, 2010 at 9:58 AM, Jeff Brown <2jbr...@gmail.com> wrote:
> We have to logon using the BAS account. Even after service pak we are not
> able to use AD logo
And in Exchange 2010 sp1 it's much more accessible and usable.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Matt Moore [mailto:mattmoore...@hotmail.com]
Sent: Thursday, June 17, 2010 9:54 AM
To: MS-Exchange Admin Issues
Subject: RE: ActiveSync and D
You need "custom" on the exchange 2010 side.
Don't put an IP address on default SMTP VS on the 2003 side. Create an SMTP
connector their too. If you put the IP address on the VS, you'll eventually get
authentication errors that won't make sense. :-P
Regards,
Michael B. Smith
Consultant and Exc
We have to logon using the BAS account. Even after service pak we are not
able to use AD logon. Have a script to reset pw for that account.
On Thu, Jun 17, 2010 at 8:48 AM, Tammy George wrote:
> We installed BES 5.0 MR3 yesterday and have migrated a few users. All
> seems fine except that we
RBAC is very, very cool and at the same time kinda like watching paint dry.
Possibly the biggest leap forward for Exchange to date. All MS server side
Apps will follow this model. Learn it, love it. Of course all my opinion.
M
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Th
We installed BES 5.0 MR3 yesterday and have migrated a few users. All seems
fine except that we cannot login to Blackberry Administrative Service. We get
the error "The username, password or domain is not correct. Please correct
the entry"
It's an outstanding issue which RIM developers have
Basic Best Practice says you should have at least two accounts. One
privileged and one "Joe User". Privileged accounts should never be mail
enabled.
M
From: Paul Steele [mailto:paul.ste...@acadiau.ca]
Sent: Thursday, June 17, 2010 6:17 AM
To: MS-Exchange Admin Issues
Subject: ActiveSync and
During our move of mailboxes down to the Exchange 2010 resource forest,
we want to keep e-mail addresses the same as well as no interruption of
mail flow between the two forests. I know on the Exchange 2010 side, I
need to create a Send Connector that routes mail back through the legacy
Exchange 20
+1
Shift+right-click "run as different user" is really not that painful
when you get used to it. Think of it as sudo for Windows. :)
Jim Holmgren
Manager of Server Engineering
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 212
Correct on both counts.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Chris [mailto:cmu...@gmail.com]
Sent: Thursday, June 17, 2010 9:28 AM
To: MS-Exchange Admin Issues
Subject: Re: ActiveSync and Domain Admins
Then you also have the issue of why yo
> across an article that said that ActiveSync does not work if the user is
> in the Domain Admins group.
The Blackberry BES server has a similar caveat; it's a by-design security
related thing.
The Long and short of it is the best practice of not using your domain
admin account for day-to-day tas
Which just means you aren't running Exchange 2010. :)
Ever since the security change that Exchange introduced in Exchange 2003 sp2 it
has not been recommended or a best practice for high privilege accounts to have
mailboxes.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssen
Then you also have the issue of why you are using domain admin account all
of the time and not use a separate account when elevated privileges are
needed.
As a side note: you will get a very similar problem with a blackberry
enterprise server if you try to set up a user account who has elevated
do
Lots and lots of built in denies for Domain Admin's in Exchange so I am not
surprised and I doubt you will be able to safely fix this. No offense, but I
think you should rethink putting a Domain Admin account on a mobile device. Go
for a non-privileged not even local admin account on your own co
So the account you use every day is a member of the domain admins group? See
if under the advanced securities tab of the user using ADUC if the "Allow
inheritance" checkbox is checked.
Chris
On Thu, Jun 17, 2010 at 8:16 AM, Paul Steele wrote:
> I noticed that my personal account did not work o
I've seen that with the BES server and Blackberrys, but not with iPods or
iPhones.
I'm a Domain Admin and I connect to our ISA server which points to one of
our FE servers and i have no problem accessing my mail on my iPod.
On Thu, Jun 17, 2010 at 9:16 AM, Paul Steele wrote:
> I noticed that my
It's not a problem, per se. It's by design. ActiveSync won't work with accounts
in any of the protected groups.
In order to support RBAC, Exchange has to have permissions over much of the AD.
Protected accounts/groups are explicitly restricted from Exchange having
control over them. Otherwise,
I noticed that my personal account did not work on my iPod with ActiveSync, but
my test account worked ok. I did some checking and came across an article that
said that ActiveSync does not work if the user is in the Domain Admins group.
ExRCA fails as well with the error:
ExRCA is attempting th
42 matches
Mail list logo