• The Exchange 2007 Safelist Aggregation Functionality
• Henrik Walther's Exchange Server 2003 Security book -- Order Today!
• MSExchange.org Learning Zone Articles of Interest
• KB Articles of the Month
• Tip of the Month
• MSExchange Links of the Month
• Ask Henrik Walther a question

1. The Exchange 2007 Safelist Aggregation Functionality

Welcome to the October edition of the MSExchange.org newsletter! This month I wanted to shed some light on a cool new, and if you ask me, a little overlooked set of anti-spam functionality in Exchange 2007. It's a functionality which is shared between Outlook 2007 and Exchange Server 2007 (more specifically the Edge Transport server role). It's called Safelist aggregation and is a functionality which collects Safe Recipients Lists or Safe Senders Lists and contact data from your end-users mailboxes (this data is when speaking Exchange 2007 held in a user's mailbox). When the functionality has been enabled and properly configured, the safe lists are pushed to the respective user objects in Active Directory, and from here aggregated with the anti-spam functionality on the Edge Transport server using the EdgeSync service.

Since the safe list of each user in your organization is made available to the Content Filter on the Edge Transport server, it reduces the instances of false positives drastically as the Content Filter agent passes messages sent to E-mail addresses on a given user's safe lists to his or her mailbox without additional processing.

You enable Safelist aggregation using the Update-SafeList CMDlet, which you need to schedule using the Windows scheduler so it will execute every 24 hours or whatever interval you want to use in your organization.

For more information on how the Safelist aggregation functionality works as well as the specific steps required in order to configure it properly can be found in the Exchange Server 2007 Beta 2 Online Documentation.

That was all for this time. Again should you have any ideas for content in future editions of the MSExchange.org newsletter, you're more than welcome to shoot me at email at Henrik@msexchange.org.

2. Henrik Walther's Exchange Server 2003 Security book - Order Today!

By Henrik Walther Are you among the persons who like the articles I write for MSExchange.org? Then this book is definitely for you. It provides you with step by step instructions on how you get your Exchange Server properly secured. The book covers topics such as how to: Secure OWA 2003 (including many real world tips and tricks) Configure and secure SMTP Setup protocol and client encryption Delegate and control permissions Combating spam and virus

Click here to Order your copy today

3. MSExchange.org Learning Zone Articles of Interest

We have a great group of articles in the Learning Zone that will help you get a handle on your most difficult configuration issues. Here are just a few of the newer and more interesting articles:

• Recovering Deleted Items in Exchange Server 2003 (Part 1)
• Publishing Exchange 2007 OWA with ISA Server 2006
• Windows 2003 Server Emergency Management Services
• Microsoft Small Business Server 2003 Spam Filtering
• Installing, Configuring and Testing an Exchange 2007 Cluster Continuous Replication (CCR) Based Mailbox Server (Part 1)
• Outlook Anywhere 2007 with ISA Server 2006
• Exchange Server 2007: Using Journaling Rules
• Hardening an Exchange Server 2003 Environment (Part 1)
• Exchange Server 2003 Mailflow (Part 2) - Troubleshooting

4. KB Articles of the Month

Here are some interesting and useful MSExchange related articles posted by Microsoft in the last month:

• Exchange ActiveSync synchronization fails when there is a corrupted item in the mailbox on a server that is running Exchange 2003 SP2
• A user receives a SYNC_5 error when the user tries to synchronize calendar items on a mobile device with Exchange Server 2003
• Error message in the Operator Console in MOM 2005 when you use MOM 2005 to monitor Exchange Server 2003 or Exchange 2000 Server: "The script aborted its execution due to the following error: 0x800405ED(-2147219987)"
• A hotfix is available to change the way in which Exchange Server 2003 names an .eml attachment when you use S/MIME in Outlook Web Access
• The Exchange Information Store service does not start, and an event ID 5000 message is logged in Exchange Server 2003 SP2
• You cannot send e-mail messages to Exchange 2003 X.400 recipients when the X.400 address does not contain a trailing semicolon
• Another user can create and send meeting requests on behalf of a mailbox owner even though "Send As" and "Send On Behalf Of" permissions were not granted in Exchange Server 2003
• E-mail messages are sent to the Conndata\Badmail folder instead of to Exchange Server 2003 when you use the Novell GroupWise Gateway/Internet Agent program to handle incoming e-mail messages
• Description of the Exchange Server Mail Flow Analyzer tool
• The mail store continues to grow when a VSAPI application cleans a virus-infected message in mailboxes that have circular auto-forward rules in Exchange Server 2003
• Event 13026 and event 13027 do not contain the correct description information when you install the Exchange Server 2003 Migration Wizard for Lotus Notes
• An NDR message occurs when a user tries to send an e-mail message through a connector in Exchange Server 2003: "You do not have permission to send to this recipient"
• A mobile device continues to synchronize even when no items are left to synchronize in Exchange Server 2003
• The SMTP service does not come online on the node that is running Exchange Server 2003 after a failover in a cluster environment
• Stop error message on an Exchange Server 2003 server: "INVALID_PROCESS_ATTACH_ATTEMPT (5)"
• A folder name that includes DBCS characters is corrupted after you use the Exchange Server 2003 Migration Wizard for Lotus Notes to migrate mailboxes from Lotus Notes to Exchange Server 2003 SP2
• How to selectively prevent users from sending or receiving Internet e-mail in Exchange Server 2003 or in Exchange 2000 Server
• The PR_TRANSMITABLE_DISPLAY_NAME_W property of a recipient is corrupted in the recipient table of an e-mail message that is received through Microsoft Exchange Server 2003
• Error message when you use Exchange System Manager to access the Templates tab or the MS-DOS Templates tab in a template's properties: "An Invalid ADSI pathname was passed"
• You experience continuous synchronization retries between the MSFP Direct Push feature on a Windows Mobile 5.0-based device and the Outlook Web Access segmentation on a computer that is running Exchange Server 2003 SP2
• The Store.exe process may crash in Exchange Server 2003 SP2 when you click either Check Names or Send in an e-mail message in Outlook Web Access
• Exchange ActiveSync synchronization fails when there is a corrupted item in the mailbox on a server that is running Exchange 2003 SP2
• Error message when you use the Migration Wizard for Lotus Notes to migrate mailboxes from Lotus Notes to Exchange Server 2003: "Illegal operation"

5. Tip of the Month

Back since Exchange Server 2007 Beta was released to the public, I've seen so many questions from Exchange admins who cannot or could not understand why their newly installed Exchange 2007 server couldn't receive E-mail messages, sent to recipients on this server, from Internet. Instead a non delivery report (NDR) notification, as the one shown in the figure below, is generated and returned to the sender.

As you can see, the sending server doesn't have permission to send a message to this recipient, as the client wasn't authenticated. But why is that, as I thought an SMTP server normally would allow messages from anonymous users? I hear some of you grumble.

You're right, anonymous users are allowed to send messages to recipients on, for example an Exchange 2003 server, by default. But with Exchange 2007 the Exchange Product group has configured a Hub Transport server to require an SMTP server to authenticate before it is allowed to deliver an E-mail message to the server. The logic behind this is that the Exchange product team expects you to place a Hub Transport server behind an Edge Transport server deployed in your perimeter network (aka DMZ or screened subnet). And I actually understand why they did this since the Hub Transport server doesn't include an anti-spam filter agent and/or anti-spam functionality (at least not in its default state). But if you want to test a single Exchange 2007 server in your lab environment, you don't necessarily want to deploy an Edge Transport server in order to do so. And I fully understand, so here's the solution to the problem: you will need to allow Anonymous users to send messages to the default receive connector. In order to do so open the Exchange Management Shell (EMS) and type:

Set-ReceiveConnector "Default " -PermissionGroups:"ExchangeUsers, ExchangeServers, ExchangeLegacyServers, AnonymousUsers"

Now hit Enter and you're done.

6. MSExchange Links of the Month

If you don't have the time or resources to deploy the products in the ForeFront Security suite in your lab, then you might want to try out below Virtual Lab on TechNet:

TechNet Virtual Lab: Secure Messaging and Collaboration:

http://www.microsoft.com/technet/traincert/virtuallab/secure.mspx

First Exchange Server 2007 MOC course appears on the Microsoft Learning site:

Updating Your Skills from Microsoft Exchange Server 2000 or Microsoft Exchange Server 2003 to Microsoft Exchange Server 2007:

http://www.microsoft.com/learning/syllabi/en-us/3938afinal.mspx

Finally Microsoft has release a fix for the annoying OWA 2003 issues experienced when using IE 7.0:

Update for Exchange Server 2003 SP2 (KB 924334):

http://www.microsoft.com/downloads/details.aspx?familyid=41275dec-4c01-4c41-aa64-c9dbe5ea3f7e&displaylang=en

The Exchange Product group keeps posting excellent information (lots of E2K7 related stuff which most of us like) almost on a daily basis now, some of the recent tidbits can be found below:

Exchange 2007 console tips and tricks:

http://msexchangeteam.com/archive/2006/10/20/429233.aspx

Meetings are unexpectedly moved one hour ahead in the last week of October 2006 in Exchange Server 2003:

http://msexchangeteam.com/archive/2006/10/20/429228.aspx

On email archiving:

http://msexchangeteam.com/archive/2006/10/18/429216.aspx

Updated for 2006 and 2007: How daylight saving time date changes affect scheduling in Outlook client:

http://msexchangeteam.com/archive/2006/10/17/429210.aspx

Offline Address Book web distribution in Exchange Server 2007:

http://msexchangeteam.com/archive/2006/10/16/429204.aspx

Remove Exchange Attributes vs. Delete Mailbox:

http://msexchangeteam.com/archive/2006/10/13/429192.aspx

7. Ask Henrik Walther a question

QUESTION: Henrik

Thank you for an excellent article "Exchange 2003 Mobile Messaging Part 1 - A look at the Microsoft DirectPush technology"

I understand that the device keeps a permanent connection open to the front-end server.

I understand that at first sync Active Directory stores the device number and other properties. Where in AD can I see these and what troubleshooting tools can I use to trace a mailbox to a device ID?

Many thanks

Nigel

ANSWER: You can use the Exchange Server ActiveSync Web Administration tool to View a list of all devices that are being used by any enterprise user. The tool is an Exchange web-release tool which I show you how to install and configure in this article (which actually is part three in the same article series) on MSExchange.org.

The Exchange Server ActiveSync Web Administration tool lacks a lot of features if you ask me but hey, it's better than nothing.

BTW you can look forward to a much better way of managing EAS users in Exchange Server 2007 (I'll show you how in a future article).