Exchange Server 2008

Donald E. HesterCISSP, CISA, CAP, MCT, MCTS, MCSE Security, MCSA Security, MCDST,

Security+ and CTT+

Maze & Associates / San Diego City College

Configure Resource Mailbox

Exchange Server 2007 provides for Resource Mailboxes which were not specifically identified in Exchange 2003

Resource mailboxes are used when scheduling meetings to reserve rooms or equipment.

Types of Resource Mailboxes

Room mailbox: This is a mailbox to be assigned specifically to Meeting Rooms.

Equipment mailbox: This is a mailbox specific to equipment, (i.e. TV, Projector, GPS and etc). Both types of resource mailboxes will

create a disabled user in Active Directory.

New mailbox wizard 1

New mailbox wizard 2

New mailbox wizard 3

New mailbox wizard 4

New mailbox wizard 5

Exchange Management Shell

New-Mailbox -database "Storage Group 1\Mailbox Database 1" -Name ConfRoom1 -OrganizationalUnit "Conference Rooms" -DisplayName "ConfRoom1" -UserPrincipalName ConfRoom1@contoso.com –Room

New-Mailbox -database "First Storage Group\Mailbox Database" -Name VCR1 -OrganizationalUnit Equipment -DisplayName "VCR1" - UserPrincipalName VCR1@contoso.com -Equipment

Antivirus & Anti-spam

Exchange Server 2007 supports the Virus Scanning API (VSAPI) and also supports virus scanning at transport level.

Transport level AV can be installed on Hub Transport and Edge Transport server roles

Transport Level AV

To see what agents are running on transport level use the Get-TransportAgent cmdlet

How Exchange applies spam filters

Connection filtering• IP allow

list• IP block

list• RBL

Sender filtering

Recipient filtering

Sender ID

filtering

Content filtering• Outlook

safe sender

• SCL threshold

RBL = Recipient Block ListSCL = Spam Confidence Level

Spam Filters

Configure IP Block List

To enable or disable the IP Allow list Set-IPAllowListConfig -Enabled <$true |

$false> To enable or disable IP Allow list

providers Set-IPAllowListProvider -Enabled <$true |

$false> To enable or disable the IP Block list

Set-IPBlockListConfig -Enabled <$true | $false>

To enable or disable the IP Block list providers Set-IPBlockListProvider -Enabled <$true |

$false>

Add IP address to block list

To add an IP address to the IP Block list and include an expiration date and time Add-IPBlockListEntry -IPAddress 192.168.0.1 -

ExpirationTime "1/3/2007 23:59“ To add an IP address range

Add-IPBlockListEntry -IPRange 192.168.0.1-192.168.0.254

To add a subnet using CIDR notation Add-IPBlockListEntry -IPAddress

192.168.0.1/24

Configure Policies

In order to configure an Email Address Policy you must fist configure a New Accepted Domain

New-AcceptedDomain –Name “Exchange” –DomainName “exchange.com” –DomainType “Authoritative”

Email Address Policy

Exchange management shell

New-EmailAddressPolicy -Name “Exchange.com” -IncludedRecipients “MailboxUsers” -ConditionalCompany “Exchange Corporation” -Priority “Lowest” -EnabledEmailAddressTemplates “SMTP:%g.%s@exchange.com”

Variables

Variable Description%g Used for given name (first name)%i Used for middle initial%s Used for surname (last name)%d Used for display name%m Used for Exchange alias%xs Uses the x number of letters of the surname. For

example if x=2, then the first two letters of the surname are used.

%xg Uses the x number of letters of the given name. For example, if x=2, then the first two letters of the given name are used.

Monitor Mail Queues

Microsoft Exchange uses queues to hold messages as they are being processed for routing and delivery.

The Queue Viewer is a tool that helps you maintain and administer your organization's messaging queues and identify mail flow issues.

The Queue Viewer is available on all Exchange 2007 servers with the Hub Transport or Edge server role installed.

MMC Queue Viewer

Exchange Management Shell

To view the queue use the following Get-queue

To display detailed queue information Get-queue | format-list

To view detail message Get-message | format-list

Remove Message

The following example uses this syntax to remove messages in the queues that have a subject of "Win Big“ without sending a NDR

Remove-message -filter {Subject -eq "Win Big"} -WithNDR false

Remove all messages from queue

Get-Message -Queue "<QueueIdentity>" | Export-Message -Path "<LocalPath>“

Get-Message -Queue "Exchange01\contoso.com" | Export-Message -Path "C:\Contoso Export“

Add -Identity <MessageIdentity> to take out just a specific message. You will need to know the message ID.

Create Server Reports

To get a report showing the status of OWA, EAS, POP, IMAP, MAPI, use: Get-CASmailbox

Performance monitor Microsoft Operations Manager

Recover Messaging Data

To merge a recovered mailbox using the Recovery Storage Group

To recover one mailbox from the RSG database to the currently used mailbox 'John Smith‘

Restore-Mailbox -identity 'John Smith' -RSGDatabase 'RSG\mailbox database'

More examples

To recover all mailboxes in the RSG to their respective active mailboxes Get-MailboxStatistics -database 'RSG\

Mailbox Database' | restore-mailbox If you want to restore a mailbox in

an RSG into a different active mailbox Restore-Mailbox -RSGMailbox 'John

Smith' -RSGDatabase 'RSG\Mailbox Database' -id 'Allison Brown' -TargetFolder 'JSmith Email'

More examples

To recover end-user data between two dates

Restore-Mailbox -RSGMailbox 'John Smith' -RSGDatabase 'RSG\Mailbox Database' -id 'Allison Brown' -TargetFolder 'JSmith Email' -StartDate '02/02/08' -EndDate '02/05/08'

References Configure Resource mailbox Reference Linkshttp://technet.microsoft.com/en-us/library/bb124374.aspxhttp://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-resource-mailboxes-exchange-server-2007-part1.html Antivirus & Anti-spam Reference Linkshttp://technet.microsoft.com/en-us/library/aa996604.aspxhttp://www.msexchange.org/articles_tutorials/exchange-server-2007/security-message-hygiene/anti-spam-migration-tool.htmlConfigure Policieshttp://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-email-address-policies.htmlMonitor Mail Queueshttp://technet.microsoft.com/en-us/library/bb232066.aspxhttp://technet.microsoft.com/en-us/library/aa998047.aspxhttp://msexchangeteam.com/archive/2007/01/09/432124.aspxServer Reportshttp://technet.microsoft.com/en-us/library/bb201735.aspxhttp://technet.microsoft.com/en-us/library/bb201720.aspx Recover Messaging Datahttp://technet.microsoft.com/en-us/library/aa998890.aspx

My contact info

Donald E. HesterCISSP, CISA, CAP, MCT, MCTS, MCSE Security, MCSA Security, MCDST, Security+ and CTT+

Blog www.LearnSecurity.orgLinkedIn Profile http://www.linkedin.com/in/donaldehesterFacebook http://www.facebook.com/people/Donald-Hester/1486453327

Q&A