Category: Technology

Exchange 2010: Allow Anonymus Receive Connector for in-house application

If you are working or doing some migration work for a 40 years old company, chances are you bump into one or few legacy applications that don’t support SMTP authentication but it is still being used and will not be retired any soon. These application sends out email for notifcation.

To resolves this, we need to allow Exchange Receive Connector to allow relay without any form of authentication. Here’s how to do it form Exchange Management Shell(EMS).

Get-ReceiveConnector -Identity “Anonymous Relay Connector” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

As a best practice, make sure that you only allow connection from specific IP address. This can be done from Exchange Management Console (EMC) > Microsoft Exchange On-premises (your server name) > Server Configuration > Hub Transport > Receive Connectors

restricted

source: http://www.cgoosen.com/2012/01/exchange-2010-anonymous-relay-receive-connector/

3 Exchange Script that can save your time

Get Total Mailbox in each Mailbox Database

$Count = @{}
$Total = 0
Get-MailboxDatabase -Identity *<DB Prefix/Suffix>* |sort Name |ForEach-Object{
$MBs = Get-Mailbox -Database $_.Name
$Total = $Total + $MBs.count
$Count.Add($_,$MBs.count)
}

$Count | sort Name | Format-Table Name, Value
Write-Host "Total = " $Total

MailboxCount

Create an Exchange mailbox database + set all the standard settings + add copy of the DB to a DAG server

$DBName = "MYDB1"
$OriCopy = "ExchangeServer1"
$DAGcopy = "ExchangeServer2"

New-MailboxDatabase -Name $DBName -Server $OriCopy -Confirm -EdbFilePath "E:\Exchange_DB\$DBName\$DBName.edb" -LogFolderPath "E:\Exchange_DB\$DBName\TL" -OfflineAddressBook "\My-OAB" -PublicFolderDatabase "My Public Folder" -Verbose
Start-Sleep -Seconds 300
Set-MailboxDatabase -Identity $DBName -RecoverableItemsQuota 512MB -RecoverableItemsWarningQuota 400MB -IssueWarningQuota 230MB -ProhibitSendQuota 245MB -ProhibitSendReceiveQuota 256MB
Start-Sleep -Seconds 10
Mount-Database -Identity $DBName
Start-Sleep -Seconds 15
Add-MailboxDatabaseCopy -Identity $DBName -MailboxServer $DAGcopy
Start-Sleep -Seconds 10
Set-MailboxDatabase $DBName -CircularLoggingEnabled $true
Dismount-Database -Identity $DBName
Start-Sleep 20
Mount-Database -Identity $DBName

Move mailbox from a DB to another if Mailbox size and Mailbox Dumpster size is match the criteria

$SourceDB = "EDB01"
$TargetDB = "EDBT01"

$mbxs = Get-Mailbox -Database $SourceDB| Get-MailboxStatistics | where {($_.TotalItemSize -lt 256MB) -and ($_.TotalDeletedItemSize -lt 512MB)}


$mbxs | ForEach-Object{

	Get-Mailbox $_.DisplayName | New-MoveRequest -TargetDatabase $TargetDB

}


Change Scope in Exchange Management Shell (EMS)

If you are an Exchange admin in a large organization where you have multiple domain in a forest and you just want to see all the Exchange object in the forest, you can use the following cmdlet

Capture

Set-AdServerSettings -ViewEntireForest $True

to change back, just change from $true to $false
Set-AdServerSettings -ViewEntireForest $false

Note:

In this mode, be careful when you ran any cmdlet as it will display all the related object in the environment if you are not careful with it. Eg. Get-Mailbox will list out all the mailbox in the forest. Imaging 20,000 mailboxes.
And to top it, Get-Mailbox -Database DBNAME | New-MoveRequest -TargetDatabase TARGETDBNAME. If you are not careful, you might move some other domain mailbox to yours. ahaha!

Citrix Xenapp Published Desktop screen flickering

This issue might be caused by a setting in Internet Explorer for Remote Desktop/Terminal Service. Try this to solve the issue.
1. Open Internet Explorer and go to Tools > Internet Options
2. Go to Advanced tab and look under Browsing > Force offscreen compositing even under Terminal Services. untick this option.
3. Restart your Internet Explorer

image001

 

References:

http://support.citrix.com/article/CTX133935

http://forums.citrix.com/message.jspa?messageID=1540859

http://support.microsoft.com/kb/271246

Remote Desktop IP Virtualization doesn’t work

Remote Desktop IP Virtualization

Remote Desktop IP Virtualization is a new feature introduce in Windows Server 2008 R2  which provides administrator the ability to assign unique IP to a session or a program which requires it.

By default, IP Virtualization requires a functional DHCP to be use as an address pool source but we can also define a static IP address range as the IP Pool (http://technet.microsoft.com/en-us/library/ee382306(WS.10).aspx)

Issue

During my Desktop Virtualization project, we had an application which can’t run on a multi-session environment and we would like to test whether by enabling IP virtualization can help to solves the issue. We have enabled and configured IP Virtulization based on the article in technet (http://technet.microsoft.com/en-us/library/dd759263.aspx) and after perform a testing, we can’t see the leased IP.

The expected result should show a multiple IP on a single interface as the screenshot below.

Root Cause

A case has been open to Microsoft, and it seems like it was caused by the 32bit version of Sophos Antivirus Client. Uninstall it and the problem goes away. 🙂

Applicable to:

  • Windows Server 2008
  • Windows Server 2008 R2
  • XenApp 6.5

Additional Reference


  1. http://www.windowsitpro.com/article/virtualization2/q-what-s-remote-desktop-services-ip-virtualization-and-why-would-i-want-it-

Anti-Spam-SMTP-Proxy (ASSP) – a great alternative to Commercial AntiSpam solution

Earlier this year, I was asked by a friend on an anti-spam solution for his college. Being an Education type of organization, they have a limited budget and can’t afford to subscribe to the commercial service nor can they buy a dedicated appliance.

I’ve read about ASSP sometime back in 2005 and revisited it in 2007 but never managed to try it and now I finally got a chance to test it out. It took me a series of failures on the installation and configuration, I managed to get ASSP up and running.

To start, I subscribe a VPS server  from a company called TOCICI (http://www.buildyourvps.com/). Great support and its darn cheap compared to other provider.

Setup

Below are my setup of the ASSP server

  • Hardware – 1 VCPU, 1GB RAM & 20GB Disk (10GB should be enough but I put in extra just in case) Even if put 4GB RAM & 40GB Disk, it’s still much much cheaper than what I’m offered by some of the provider.
  • Software – Sendmail as MTA, ASSP as AntiSpam, ClamAV as Antivirus
  • OS – Centos 5.6

I’m using Google as my guide and my kudos to  with his entry. it helps me a lot during my installation. You can visit the entry using the link below

http://www.how2centos.com/fight-spam-with-assp-anti-spam-smtp-proxy-on-centos-5-4/

http://www.how2centos.com/assp-anti-spam-smtp-proxy-on-centos-5-4-part-2/

Post-Installation

ASSP out of the box is pretty good but I notice that some of the email came out delayed for few minutes, usually around 4 to 10 minutes, sometimes it can be up to 2 hours! So, I took my time to play around the settings to reduce the mail delays. I have also done some hardening on the ASSP server as well as the email server (btw, my fren is using Exchange 2010 as the email server) to improve security on both end.

Verdict

After using ASSP for 6 months now, I’m quite surprise with the effectiveness of ASSP, with around 30 users and about 2000 email received a day, the success rate I would say around 95% to 98%  accuracy. In term of server performance, with that kind of load, my ASSP server is using 3% at peak and 140MB of memory usage and 3GB disk storage (including OS and softwares).

Being it an open source, I only spend about below USD 100 a year for the VPS and spend sometime to play with it. It is definitely a great alternatives for small and medium businesses/organizations which hosted their own email. I haven’t had the opportunity to test it in an enterprise environment, so I can’t be sure whats the performance like and the success rate.

If anyone is interested in setting up one and need help with it, you can contact me at lokman (at) infinitelogix (dot) com (dot) my