JasonSamuel.com

A simple way to test if your MTA (mail transfer agent such as Exchange) is accepting email is to build the message by hand and watch the response codes from the server.  You can run this from the server console from a command prompt or remotely if you have the SMTP port to the server open.  Remember, once you are in the telnet session, don’t use backspace if you misspell something!  You’ll get an unrecognized command error if you do.  Just press enter and retype your command correctly if you do misspell something.

telnet localhost 25

This will open a telnet window to the server on SMTP port 25 and the server in return will send a 220 response code, the FQDN (Fully Qualified Domain Name), mail server version, and typically a time stamp as well.  Next you type:

helo

The mail server will respond with 250 response and it’s FQDN and say “Hello”.  You can also use:

ehlo

There is no difference using the commands except that EHLO returns info about the mail server’s capabilities along with the 250 response code such as the maximum SIZE of a messsage for example.  It’s useful to see exactly what your mail server is going to accept from a client.  EHLO is the more recent command by the way.  Pretty much all MTAs out there are going to accept either command nowadays.

This means the mail server is ready to accept more commands.  Now it’s time to begin composing your email:

mail from: joeblow@gmail.com

You should get a 250 response code and say the Send is OK.  Now type who you are sending it to:

rcpt to: joeblowsfriend@gmail.com

You will get a 250 response for the email address.  You can add more recipients by just typing additional lines like above.  Next it’s time to build the body of the message.  Type:

data

and you will get a 354 response code saying you can begin input.  First type a subject line for your message:

subject: Test email

Remember, type this on the very first line and then press <Enter> twice.  Now you can start typing your message body.  Once you are done with your message body, press <Enter> to start a new line and type nothing on this line except for a period.  Then press <Enter> again and you will exit out of the message body and immediately submit the email to the MTA’s queue for delivery.  You should get the test email within seconds if your mail server is working properly!  Make sure to check your Junk E-mail folder just in case your mail server marks your test email as spam.  To exit your telnet session, just type:

quit

and press <Enter> and you’re done.  Simple, right?

Outlook 2003 has a feature called “RPC over HTTP” which allows a remote user to use their Outlook client with an Exchange 2003 server over the Internet without the need for a VPN. The connection is made using RPC calls through port 80 (http) and 443 (SSL). Outlook 2007 has the same feature for Exchange 2007 but it is called “Outlook Anywhere” now. The version of Outlook you have is interchangeable with the version of Exchange you are running so it will work in any combination.

One of the problems users often complain about is getting a login box asking for their domain credentials every time they open Outlook 2003 or Outlook 2007. In theory, since the credentials should be cached on the client end, this should not happen but unfortunately, this is not often the case in real world scenarios.

To force your Outlook client to save the credentials and not prompt you with a login box, do the following:

1. Verify that the RPC over HTTP settings on the Outlook 2003 or Outlook 2007 client are set to NTLM authentication. By default, it uses Basic authentication which will prompt you for a login box every time. This option is found in:

Click Tools > E-mail Accounts > Account Settings > Double click on your Exchange account > More Settings > Click the Connection tab > Exchange Proxy Settings > Set the Proxy authentications settings to NTLM authentication

Press OK twice and you will be prompted to restart Outlook. Hit Next and then Finish to exit out of the setup, then close and reopen Outlook. Now try and check you email and see if it still prompts you for a login box. If it does, move on to step 2.

2. Open regedit (Start > Run > regedit) and find the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

In the right window to the right, open the lmcompatibilitylevel key and change the value to 2. Press Ok, close the registry editor, then restart your computer. Now try and check your email. If it still prompts you, move on to step 3.

3. Click Start > Control Panel > User Accounts > Click the Advances tab > Manage Passwords. Verify your domain login is there in the following format:

domainname\username

If it is not, click Add and enter your user name in the above format and type in your password. Now check open Outlook and see if it still prompts you (make you click on “Remember password” in the login box if you get that option).

A useful Exchange 2003 guide I wrote for a friend’s blog originally but I am posting it here on mine now for your viewing pleasure .  I can’t tell you how many times I have walked into a new environment only to find that the previous server admin had not been taking advantage of Exchange 2003′s built in spam filtering or had completely misconfigured the server to where it was barely blocking anything at all. If you do not have any 3rd party spam filtering in place, there is no reason not to use Exchange’s built-in filtering. It works very well if configured properly.

Here is a basic mail filtering setup guide for a small business environment running Exchange 2003 that I like to use (and yes, I will do a separate write up for Exchange 2007 content filtering in another post). Remember, this is just a basic setup and different environments will have different needs.

Let’s start assuming you have a brand new Exchange 2003 server setup. Make sure your Exchange server has been updated to SP2 before you do anything.

Then, in Exchange System Manager (ESM), drill down to Global Settings and right click on Message Delivery.

CONNECTION FILTERING
Now click on the Connection Filtering tab. Here, you can tell Exchange to go out and check RBLs (realtime block lists) to verify if mail coming into your Exchange server should be marked as spam or not. Here are the 2 that I like to use. Anymore than this and you’re making your block list strategy too redundant plus it holds up delivery of your email and increases overhead as your Exchange server queries each list. Make sure they are in this order by using the arrow tabs on the right to adjust:

zen.spamhaus.org
cbl.abuseat.org

(I also used to like using sbl.spamhaus.org and xbl.spamhaus.org but zen.spamhaus.org combines these all to one list as well as their pbl.spamhaus.org list. Just use zen.spamhaus.org so there is less overhead on your Exchange server.)

RECEPIENT FILTERING
Next, click on the Recipient Filtering tab. By default, there is nothing in there but way at the bottom, you will notice that the box for “Filter recipients who are not in the Directory” is left unchecked. Check this box. This will prevent email not addressed to someone in your organization to be dropped. Spammers often like to use a dictionary attack when sending out spam to your organization like “joebloe@yourdomain.com” which your Exchange server will process unless you check this box.

INTELLIGENT MAIL FILTERING (IMF)
Next, click on the Intelligent Mail Filtering tab. This is the heart of your spam filtering so you must make sure to configure it properly. SCL ratings (spam confidence levels) are rated on a scale of 1-10. Exchange automatically assigns this rating to every message that it gets. A message with a rating of 1 means the message is not considered spam. A message with a value of 10 is definitely spam (think Viagra ads).

I like to set the Block level to 7, Archive as the block action, and Move messages with an SCL rating of greater than or equal to 4. This is usually pretty good for most environments but you should tweak the settings depending on your environment and feedback from your users overtime.

SENDER ID FILTERING
Next click on the Send ID Filtering tab and leave the default to Accept. The reason is a lot of mail servers don’t have an SPF record since this is a mostly Microsoft iniative so the default setting is fine. You don’t want to accidentally block email from a valid email.

APPLYING YOUR NEW SETTINGS TO YOUR EXCHANGE SERVER
Now on to the part a lot of people miss. You have setup everything but now you need to actually apply it to your SMTP virtual server or nothing is going to happen.

Click on Administrative Groups > First Administrative Group > Servers > the name of your Server > Protocols > SMTP > then right click Default SMTP Virtual Server

Next to the IP Address, you will see the Advanced button. Click on it and you will see something like the below.

This shows the SMTP virtual server. Click Edit and then check everything you see. Click OK through all the windows and when you’re back in the ESM, right click on the Default SMTP Virtual Server and hit Stop. Once it stops, right click on it again and hit Start. You can also just go into Services and restart the SMTP service from there as well.

CONFIGURING WINDOWS UPDATE FOR IMF UPDATES
Now it’s time to configure Windows Update on your server to download IMF updates (these are released by Microsoft twice a month). You have to make a registry change for this to happen. Click Start > Run > type regedit > press Enter. Now drill down to HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange. Right click in the right pane and Add a new DWORD called “ContentFilterState”. Right click on ContentFilterState and change the value from 0 to 1.

Now run Windows Update manually (using the Custom option instead of Express) and you will see the latest IMF definitions as part of your patches you need to install (if you don’t, restart the SMTP service and scan for updates again). Go ahead and install the latest update once you see it.

MANAGING IMF AND YOUR EMAIL MARKED AS SPAM
Okay, so now you have some pretty good filtering setup but is it working? How do you manage mail that is marked as spam?

The answer begins with installing IMF Companion (a free IMF management utility) that you can get at:

http://stoekenbroek.com/imfcompanion/default.htm

Install it and setup the Pickup and Archive directories correctly. On a default Exchange install (we’re going to use the C: drive for this example), the locations should be:

C:\Program Files\Exchsrvr\Mailroot\vsi 1\Pickup

and

C:\Program Files\Exchsrvr\Mailroot\vsi 1\UceArchive

Just to explain what these directories are, Pickup is the directory that Exchange stores messages that it is waiting to deliver and UCE Archive (Unsolicited Commercial Email Archive) is where Exchange dumps email it thinks is spam. This directory can get really big really fast so you want to setup a script to clear it once in a while.

When you open IMF Companion, you can see all the blocked messages in the UCE Archive in the top pane. Notice how the SCL rating column is missing? This is because you have to tell the Exchange server to store archive messages with their SCL rating. To do this, create this registry key if you don’t see it already:

HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter

Then create a new DWORD key value under it called “ArchiveSCL” and set the value data to 1. Now restart the SMTP service and when you open IMF Companion again, any new messages that come in will have their SCL rating displayed.

In addition to IMF Companion, you can also use the built in Windows Performance Monitor (perfmon) to keep an eye on Exchange.  If you don’t see the IMF performance objects, just reboot the server and they will show up in the drop down list.