Setup mail relay in Exchange 2003/2007/2010

Setup mail relay in Exchange 2003/2007/2010

At some point in your IT lives you will find yourself in the position to configure mail relay, for a device or a server in your local network. Here’s how it’s done :

Exchange 2003 :

Exchange Console -> Administrative Groups -> first administrative group -> Servers -> Servername -> Protocols -> SMTP -> Right click Properties on the Default SMTP Virtual Server -> Access tab – Relay. Click Add and insert the IP address of the device you that want to relay through your Exchange.

relay 2003

Exchange 2007/2010:

Not easy to guess if you don’t know – It is done through the use of a Receive Connector.

Go to Exchange Management Console – > Hub Transport -> Receive Connectors. Right Click and choose New Receive Connector.

Choose an appropriate name for it. For intended use choose Custom.

For Local Network Settings, leave it as it is. on Specify the FQDN type in your Fully Qualified Domain Name of your server. Example . Exchangeserver.contoso.local

On the Remote Network Settings, delete the entry 0.0.0.0-255.255.255.255 and add on your own. Input the IP address of the device that you want to relay through the Exchange server.

Click New. This will create the Connector but our job is not yet done. Right click the Connector and go to Properties. On the Authentication tab choose Externally Secured. On the permissions tab leave blank.

Open Exchange Shell. Type the following command:

The only change in the command you need to make is to put the real Connector’s name in the brackets.

Get-ReceiveConnector -Identity “Connector’s Name” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

Depending on specifics around the relay you may need to specify Exchange Users as Permissions group.

Can’t remove additional mailboxes in Outlook

Can’t remove additional mailboxes in Outlook

Have you ever wondered why you can’t close down your additional mailboxes in Outlook, returning you this error :

Can't remove additional mailbox from Outlook

Only to find out that your Account Settings tab is empty?

Can't remove additional mailbox from Outlook

Well there is still hope. There are two options. You can just re-create the Outlook profile and hope that this fixes it or you can choose to explore more options. One of these options is called Auto Mapping and is introduced in Exchange 2010 and 2013.

It basically automatically adds any mailboxes you have Full Access to directly into your Outlook client. This is designed to reduce the administrative time to give such access especially for helpdesk teams where a single click can provide you with Full Access but you need still to do a remote session to the customer’s computer and add the mailbox into their Outlook.This is for the customers that don’t know how to do it themselves and believe me 90% of them don’t.

However touching the automapping cannot be done through the GUI and would need Shell. Here is the command :

Add-MailboxPermission -Identity User1 -user “User2” -AccessRights FullAccess -InheritanceType All -AutoMapping:$false

where User 1 is the mailbox owner and User 2 is the user receiving the FullAccess rights to User1’s mailbox. -AutoMapping:$false or true turns off and on the automapping.

Can't remove additional mailbox from Outlook

Don’t worry if you run the command for users that already have Full Access to their mailboxes, it will still run the command properly.

For those of you who want to go even further here are the registry keys responsible for the Outlook profiles. Always backup your registry before editing !

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Default

Exchange 2007/2010 Anti-Spam Tools

Exchange 2007/2010

 

Exchange 2007 – Most of the features the same as the ones in 2003 and some are new and some are just with a different name.

 

Exchange Management Console – > Organization Configuration -> Hub Transport -> Anti-Spam

 

Content FilteringThe same as 2003

 

IP Allow List – Specify IP addresses that are always allowed to connect and transmit email messages to the server. It can be a single IP or a Range. You can only Enable/Disable the feature from here. To actually add/remove addresses is done from Server Configuration – > Hub Transport -> Anti-Spam.

 

IP Block List – Disallow IP addresses or ranges from connecting to the server. Same as IP Allow List.

 

IP Allow List Providers – Here you can specify an external whitelist with approved senders. One such is The Spamhaus Whitelist.

 

IP Block List Providers – This is the same as Connection Filtering in 2003. Here you can provide and external blacklist like Zen Spamhaus which is free. For more info check Connection Filtering.

 

Recipient Filtering – Purpose is the same as in 2003. However you need to execute the following command to turn on the Blocked Recipients list – Set-RecipientFilterConfig -BlockListEnabled $true

To see if the entries are valid – Get-RecipientFilterConfig | Format-List BlockedRecipients.

 

Sender Filtering – Same purpose as in 2003 but more developed. You can block email addresses, domains and domain hierarchies. Block blank senders should be ticked. In 2007 you can also specify how the server will react if the Blocked Senders list is met – Reject or Stamp.

 

Sender ID – The same as 2003 but with fewer options. Just Enable/Disable and Action.

 

Sender Reputation – New feature. Server determines Sendeer Reputation Level and based on a set treshold it adds the sender to the IP Block list for a specific amount of hours. Reputation is deteremined by:

HELO/EHLO analysis, Reverse DNS lookup, Analysis of SCL ratings on messages from a particular sender, Sender open proxy test. Full info on here.

 

There is another option called Aggregation of Outlook Junk E-mail Filter Lists. This feature helps reduce false positives in anti-spam filtering by propagating Outlook 2003 and Outlook 2007 Junk E-mail Filter Lists to Mailbox servers and to Edge Transport servers. For more information, see Safelist Aggregation.

 

Exchange 2010 –  Same funtionality and features but it needs to be turned on as by default it is not. Open Exchange Management Shell. Type Set-TransportServer –identity “SERVERNAME” -AntispamAgentsEnabled $true. Restart the Microsoft Exchange Transport service. Close and re-open the Exchange Management Console and the Anti-Spam tabs will be there in the same place as in 2007.

 

Other possible reasons for SPAM are infected server or workstations which will be sending spam OUT or to other internal recipients. Best way to fight with it is to scan and clean the machines.

Import and Export a pst file from a mailbox in Exchange 2010 Shell

Import and Export a pst file from a mailbox in Exchange 2010 Shell

Sometimes you will have to import or export mailboxes or portions of them without any user interaction. This can be achieved from the Exchange Management Shell. Here are 3 videos that show how it’s done. The first one shows how to prepare  the folder that you want to export to and the second video shows how to export only certain folders within the mailbox. Remember Shell is smart and can do it on a folder level! The third video shows how to import a pst to a mailbox.

Import and Export a pst file from a mailbox in Exchange 2010 Shell