Exchange Server 2008 Donald E. Hester CISSP, CISA, CAP, MCT, MCTS, MCSE Security, MCSA Security, MCDST, Security+ and CTT+ Maze & Associates / San Diego City College
May 14, 2015
Exchange Server 2008
Donald E. HesterCISSP, CISA, CAP, MCT, MCTS, MCSE Security, MCSA Security, MCDST,
Security+ and CTT+
Maze & Associates / San Diego City College
Configure Resource Mailbox
Exchange Server 2007 provides for Resource Mailboxes which were not specifically identified in Exchange 2003
Resource mailboxes are used when scheduling meetings to reserve rooms or equipment.
Types of Resource Mailboxes
Room mailbox: This is a mailbox to be assigned specifically to Meeting Rooms.
Equipment mailbox: This is a mailbox specific to equipment, (i.e. TV, Projector, GPS and etc). Both types of resource mailboxes will
create a disabled user in Active Directory.
New mailbox wizard 1
New mailbox wizard 2
New mailbox wizard 3
New mailbox wizard 4
New mailbox wizard 5
Exchange Management Shell
New-Mailbox -database "Storage Group 1\Mailbox Database 1" -Name ConfRoom1 -OrganizationalUnit "Conference Rooms" -DisplayName "ConfRoom1" -UserPrincipalName [email protected] –Room
New-Mailbox -database "First Storage Group\Mailbox Database" -Name VCR1 -OrganizationalUnit Equipment -DisplayName "VCR1" - UserPrincipalName [email protected] -Equipment
Antivirus & Anti-spam
Exchange Server 2007 supports the Virus Scanning API (VSAPI) and also supports virus scanning at transport level.
Transport level AV can be installed on Hub Transport and Edge Transport server roles
Transport Level AV
To see what agents are running on transport level use the Get-TransportAgent cmdlet
How Exchange applies spam filters
Connection filtering• IP allow
list• IP block
list• RBL
Sender filtering
Recipient filtering
Sender ID
filtering
Content filtering• Outlook
safe sender
• SCL threshold
RBL = Recipient Block ListSCL = Spam Confidence Level
Spam Filters
Configure IP Block List
To enable or disable the IP Allow list Set-IPAllowListConfig -Enabled <$true |
$false> To enable or disable IP Allow list
providers Set-IPAllowListProvider -Enabled <$true |
$false> To enable or disable the IP Block list
Set-IPBlockListConfig -Enabled <$true | $false>
To enable or disable the IP Block list providers Set-IPBlockListProvider -Enabled <$true |
$false>
Add IP address to block list
To add an IP address to the IP Block list and include an expiration date and time Add-IPBlockListEntry -IPAddress 192.168.0.1 -
ExpirationTime "1/3/2007 23:59“ To add an IP address range
Add-IPBlockListEntry -IPRange 192.168.0.1-192.168.0.254
To add a subnet using CIDR notation Add-IPBlockListEntry -IPAddress
192.168.0.1/24
Configure Policies
In order to configure an Email Address Policy you must fist configure a New Accepted Domain
New-AcceptedDomain –Name “Exchange” –DomainName “exchange.com” –DomainType “Authoritative”
Email Address Policy
Exchange management shell
New-EmailAddressPolicy -Name “Exchange.com” -IncludedRecipients “MailboxUsers” -ConditionalCompany “Exchange Corporation” -Priority “Lowest” -EnabledEmailAddressTemplates “SMTP:%g.%[email protected]”
Variables
Variable Description%g Used for given name (first name)%i Used for middle initial%s Used for surname (last name)%d Used for display name%m Used for Exchange alias%xs Uses the x number of letters of the surname. For
example if x=2, then the first two letters of the surname are used.
%xg Uses the x number of letters of the given name. For example, if x=2, then the first two letters of the given name are used.
Monitor Mail Queues
Microsoft Exchange uses queues to hold messages as they are being processed for routing and delivery.
The Queue Viewer is a tool that helps you maintain and administer your organization's messaging queues and identify mail flow issues.
The Queue Viewer is available on all Exchange 2007 servers with the Hub Transport or Edge server role installed.
MMC Queue Viewer
Exchange Management Shell
To view the queue use the following Get-queue
To display detailed queue information Get-queue | format-list
To view detail message Get-message | format-list
Remove Message
The following example uses this syntax to remove messages in the queues that have a subject of "Win Big“ without sending a NDR
Remove-message -filter {Subject -eq "Win Big"} -WithNDR false
Remove all messages from queue
Get-Message -Queue "<QueueIdentity>" | Export-Message -Path "<LocalPath>“
Get-Message -Queue "Exchange01\contoso.com" | Export-Message -Path "C:\Contoso Export“
Add -Identity <MessageIdentity> to take out just a specific message. You will need to know the message ID.
Create Server Reports
To get a report showing the status of OWA, EAS, POP, IMAP, MAPI, use: Get-CASmailbox
Performance monitor Microsoft Operations Manager
Recover Messaging Data
To merge a recovered mailbox using the Recovery Storage Group
To recover one mailbox from the RSG database to the currently used mailbox 'John Smith‘
Restore-Mailbox -identity 'John Smith' -RSGDatabase 'RSG\mailbox database'
More examples
To recover all mailboxes in the RSG to their respective active mailboxes Get-MailboxStatistics -database 'RSG\
Mailbox Database' | restore-mailbox If you want to restore a mailbox in
an RSG into a different active mailbox Restore-Mailbox -RSGMailbox 'John
Smith' -RSGDatabase 'RSG\Mailbox Database' -id 'Allison Brown' -TargetFolder 'JSmith Email'
More examples
To recover end-user data between two dates
Restore-Mailbox -RSGMailbox 'John Smith' -RSGDatabase 'RSG\Mailbox Database' -id 'Allison Brown' -TargetFolder 'JSmith Email' -StartDate '02/02/08' -EndDate '02/05/08'
References Configure Resource mailbox Reference Linkshttp://technet.microsoft.com/en-us/library/bb124374.aspxhttp://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-resource-mailboxes-exchange-server-2007-part1.html Antivirus & Anti-spam Reference Linkshttp://technet.microsoft.com/en-us/library/aa996604.aspxhttp://www.msexchange.org/articles_tutorials/exchange-server-2007/security-message-hygiene/anti-spam-migration-tool.htmlConfigure Policieshttp://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-email-address-policies.htmlMonitor Mail Queueshttp://technet.microsoft.com/en-us/library/bb232066.aspxhttp://technet.microsoft.com/en-us/library/aa998047.aspxhttp://msexchangeteam.com/archive/2007/01/09/432124.aspxServer Reportshttp://technet.microsoft.com/en-us/library/bb201735.aspxhttp://technet.microsoft.com/en-us/library/bb201720.aspx Recover Messaging Datahttp://technet.microsoft.com/en-us/library/aa998890.aspx
My contact info
Donald E. HesterCISSP, CISA, CAP, MCT, MCTS, MCSE Security, MCSA Security, MCDST, Security+ and CTT+
Blog www.LearnSecurity.orgLinkedIn Profile http://www.linkedin.com/in/donaldehesterFacebook http://www.facebook.com/people/Donald-Hester/1486453327
Q&A