Layers of Spam protection

If you aren't already running the Exchange Intelligent Message Filter you should get on it. It strips about 10-15 messages from my inbox a day! This message filter isn't rule based, so it doesn't require updates as much as some rule based spam filters.

But like security, it's always good to have layers. Why not have 2 spam filters?

I also use a public RBL site (spamcop.net, there are more but this is the one I chose) to reverse look-up spammers and strip even more spam from my system.

When do you this, keep in mind tha the IMF will happen first, then this filter, so your IMF spam folder might contain messages that are on known spam lists, but that's a good thing right?

Here's how to configure it:

1. In Server Management, expand Advanced Management, First Organization (Exchange) and Global Settings


2. Right-click Message Delivery and choose Properties


3. Since we're going to spam filter on connection, change to the Connection Filter tab to add the RBL info


4. Click Add... to add a new filter


5. In Display Name type the name of the filter so you can recognize it (It also appears in a default NDR message shown later in this bullet), like SpamCop. In the DNS Suffix of Provider is where you do your leg work to find the RBL sites DNS suffix, for example, spamcop.net's suffix is bl.spamcop.net, so I added this in there. In the final field Custom Error Message to Return I leave blank since it will return an email in the form of {Sender IP Address} has been blocked by {Display Name}.... I do not use the Return Status Code


6. Now we've created filter, we need to tell Exchange to use it. Drill down into Servers, {Servername}, Protocols, SMTP and right-click on Default SMTP Virtual Server and select Properties


7. On the General tab, choose Advanced


8. Highlight All Unassigned and choose Edit


9. Check the box Apply Connection Filter, and click OK until you're back to Server Management

That's all there is to it, Exchange will now check each message against spamcop.net to not let it into your inbox if spamcop knows the sender as a spammer.

Two layers is better than one!

Note: instructions provided by Chris Ard. Also, don't forget to donate to spam.cop if you like their service!

Read More

Outlook Mobile Access acting up?

Outlook Mobile Access is pretty cool, you have to admit. Checking your email, calendar or contacts on your phone over the air? that's awesome. I'd have to say my favourite part is not having to re-enter all your contacts on the phone, followed closely by being able to know what your calendar is. Of course E-mail is fun, but I'm not sure I'm *that* important. :)

However, Outlook Mobile Access (OMA) doesn't have a lot of the same functionality as Outlook Web Access (OWA) around mailbox creation & mailbox lookup. Here are some tricks that I've picked up along the way.

• If you add additional e-mail addresses to users and additional domains, OMA can get confused as to how to find your mailbox. Force OMA to look up which mailbox to check by making it always check the .local domain email address. Set the value in HKLM\System\CurrentControlSet\Services\MasSync\Parameters\ create a string value called SMTPProxy and make it the value of your internal domain, internaldomain.local . This will help the mailbox lookup process


• Another trick is to ensure that you're checking the correct domain in the virtual directory:
  
  
  • Open Server Management, expand Advanced Management, Internet Information Services, {servername}, Web sites, and Default Website
  
  
  • Right-click on exchange-oma and choose Properties
  
  
  • On the Virtual Directory tab, in the Local Path it should read a string like \\.\BackOfficeStorage\{Internaldomain}.local\MBX. Delete the internal domain and put in the external domain.
  
  
  • Open a command prompt and do an iisreset
  
  
• Changing your server IP Address. Tisk tisk if you just jump into the local network card properties and change the IP address. Use the Change IP Tool!!! Using this tool changes more than just your IP address to keep your internal network functioning. One of the things it does is change the IP restrictions on the \exchange-oma directory

Those are my tricks if you can't get it working. Of course they are work arounds to things you might have changed from the out of the box scenario, but hey, it's all about customization right?

Read More

IMAP(ing) your way to multiple inboxes

I have SBS 2003 running at my house, the curious thing is I have Exchange running at my house too. As you probably know, you cannot have two Exchange servers configured in a single Outlook profile. Sure you can have multiple profiles, but who wants to shut Outlook down to check if you have email at home? I didn't.

I just turned on the IMAP folders on SBS and added an IMAP server to my Exchange profile, now I can check both email accounts without having to close and re-open Outlook.

Here's how I configured the IMAP server:

1. in the services.msc snap-in, I just started the Microsoft Exchange IMAP4 service by setting it to automatic and then started


2. Open port 143 (TCP only) and ensure it's pointed at the server (if you're using a router box)

That's all there is to it.

Now from your Outlook client or Mobile device client, you can set-up a new email server and check the email from both the Exchange server, and the IMAP server (other Exchange server).

One more point, in Outlook if you're trying to delete messages and they are only getting stroked out, be sure to check out Edit, Perge Deleted Messages to actually remove these from the server. They will be permanently deleted though.

Also, all sent email via the IMAP server (change this by chosing the Accounts button on the new mail message window) will end up in the Exchange Server's sent items, instead of the remote IMAP servers sent items.

Read More

Hosting Multiple Domains on SBS 2003 (Part 4)

This tip doesn't exactly pertain to hosting multiple domains, but it could if you want to get creative.

Customizing the text on Remote Web Workplace
If you're like me, and you don't want the Remote Web Workplace to say one domain and not the other, you want to change things up a bit. Also, if you followed the steps in Part 3 around UPN enabling, Remote Web Workplace still asks you for your user name instead of an email address.

You can change this text, pretty easily infact! In c:\inetpub\remote, is all the files the remote web workplace uses for website. This includes the text file web.config. This is probably one of the most important files for the functionality of Remote Web Workplace, so make sure you back this up before you start editing it.

However, if you open it up in a text editor, like Notepad, you'll be able to see in the {appSettings} section there is a list of all the strings. If you know a little bit about coding, you can go in and change strings in the 'value=' section. Just becareful with special characters, especially quotes as they might muck up the whole file (which is where the backup comes in handy). If you want to use quotes, be sure to use the html version of these like "&__" for the special charactor your looking for.

If you want to change the string "Username" to "E-mail address" scroll down the list until you find the L_LOGON_USER_NAME and change the string between the quotes for value= to "E-mail address".

You will have to do an iisreset.exe at the command prompt to make the changes take effect, and all of your users will be logged out of Remote Web Workplace each time you make an edit to this file.

But hey, it's fun to play with. If you're feeling risky, you can even go in and edit the ASPX code to say ..... add your own logo?

Read More

Connecting to the Internet, chat with the Pros!

Sure, I run SBS, I worked on SBS 2003, but do I know everything? Heck no! There are plenty of problems that you could run into that I haven't yet. How do you solve these? Tune into a live chat tomorrow (October 26) to as questions to the SBS Product team (yes, I'll be there).

Here's how:
Small Business Server 2003 Configure E-mail and Internet Connection Wizard [October 26, 2004, 2:00-3:00 PM PDT]
Join Microsoft experts to discuss how the SBS 2003 Configure E-mail and Internet Connection Wizard (CEICW) can help you configure your network.

Click Here to see about upcoming Chats. What to skip straight to the chat because you trust me? Then Join the Chat

P.S. Part 4 of hosting multiple domains will be available tomorrow.

Read More

Hosting Multiple Domains on SBS 2003 (Part 3)

Now you are hosting multiple domains (by following Part 1 & Part 2), your users are all confused on how to log in, what their email address is and where to go. How do you seperate these things?

Well, you use UPN Suffixes.

UPN stands for User Principal Name, which is essentially a fancy computer-lingo'd way of saying: use your e-mail address to log in.

When you enable this, users will be able to go to the Remote Web Workplace and log in using their email address, instead of just their username. Might make it easier to give some users their email address instead of explaining the username versus email address idea.

How to set it up:

1. Click on Start, Administrative Tools, Active Directory Domains and Trusts


2. In the console that loads, right click on the root node called Active Directory Domains and Trusts and choose Properties


3. Add your domain suffixes in in the format domain.com

Now your AD knows that it is the root domain controller responsible for these domains.

Close out this console and go back into Server Management. In the Users snap-in, we need to tell the AD what the primary suffix is for each user:

1. Right-click a user and choose Properties


2. On the Account tab, change the drop down box for the User logon name to be the suffix you want this user to have. Note it will add the '@' sign for you, if you see 2 '@' signs, you've done the first step wrong


3. Choose OK for that user

You'll have to repeat this for all the users in your AD, but when you are finished, you can give your users an email address and a password, they won't need that funky "username".

It made life less confusing for my grandfather, that's for sure. :o)

One last thing. Since SBS shares the AD with all domains, you cannot have two aliases the same, so you should use combination usernames of first and last name, instead of just "dave" or "sean", otherwise user on domain1 might have the "cool" user name, while user on domain2 does not.

Read on to Part 4.

Read More

Hosting Multiple Domains on SBS 2003 (Part 2)

In Part 1 of this discussion I talked about how to add additional e-mail domains to your SBS 2003 Server. In this post I want to focus on adding websites. I am not planning on covering any security concerns in this post, as the security of your SBS box depends on how the webpage is developed.

Adding more websites to your SBS Box
IIS is really quite a cool application that makes it very easy to add additional websites to your SBS box without much effort. Here's how:

1. Open Server Management, expand Advanced Management, Internet Information Services, {ServerName}, and Web Sites


2. Right click on Web Sites, and choose New, Web Site


3. Click Next on the Welcome to the Web Site Creation Wizard


4. Type in a description to help you easily identify the website and click Next


5. Leave the IP address as All Unassigned and the port as 80. But put in a host header, this is what will tell IIS to answer web requests using this virtual server. You should put in the domain name you would browse to such as: www.mydomain.com, if you spell this wrong, IIS will not serve up the webpage to the requesting browser


6. Choose the location for the actual files (it's best if you can keep this away from the system drive, for security reasons), and choose if you want anonymous access or not, depending on what type of website you are trying to create


7. Finally, choose the permissions for the website. Since you're running on your Domain Controller, and Exchange, I suggest leaving the default, read and run scripts


8. Finish the wizard

You will see you're newly created website appear in the list with the description you gave it. Now just start plugging webfiles into the directory that you chose and you're hosting multiple websites on your sbs box.

Too easy? Why did you read the entire post then? ;o)

Troubleshooting Tips
I thought I'd toss a few troubleshooting tips in here, since I ran into these:

• If the webpage shows up as your default web site, your host header doesn't match what the browser is asking for, and the default web site will answer all un-answered calls


• Get a page not found? your default start document is probably not one of the ones IIS will choose, try using default.htm or default.asp. You can change the default document in the properties of the website too


• If you want SSL encryption, you're going to have issues with the SBS self-signed cert. Change your website to a new port that's not in use and ensure the port is open on your firewall (SSL bypasses host headers since the data is encrypted as it passes into IIS). But your users will always get a pop-up since the certificate on your SBS box is programmed to be linked to the primary domain via CEICW, and will always pop-up when the domain is different

Read on to Part 3.

Read More

Hosting Multiple Domains on SBS 2003 (Part 1)

If you're like me, you own a couple of domains and you want to have SBS answer for each domain. How do you do this?

In the next few posts, I'll outline exactly what you need to do to have SBS answer for multiple domains on the Internet.

Let's start with E-mail
For E-mail, the first thing you need to do is make sure your Internet domain's MX records are pointing to your SBS server's IP address, feel free to use backup a MX record, or even dynamic dns (I do!), depending on your own situation.

For the first email domain, follow the normal SBS wizards (Primarily CEICW) to configure your first and primary domain that you will want to use. Congratulations, your first domain is configured! :)

Adding additional domains to Exchange
To do this, we're going to edit the default recipient policy:

1. From Server Management, expand Advanced Management, First Organization, Recipients and select Recipient Policies


2. Right-click on the Default Policy and choose Properties


3. On the E-Mail Address (Policy) tab, click the New button


4. Select SMTP Address from the list and click OK


5. Type in the name of the domain in the format @domain.com and choose OK. Leave the check box checked


6. Check the box next to your new domain in the Default Domain Properties window, and click OK

Now that you've added this into the policy, Exchange will become aware of this domain and start responding to mail from it. This change will take effect the next time Exchange updates its policies, let's not wait that long.

1. Select the Recipient Update Service from the console


2. Right-click on both policies on the right and choose Update Now

This forces Exchange to update the policies now, so you don't have to wait.

You will now be able to notice all of your users have an 3 email addresses:

• user@domain.local - added by SBS for your internal domain. It's suggested you keep this email address for this user as it is used by some SBS tools


• user@domain1.com - this is the first domain you added using CEICW


• user@domain2.com - this is the second domain you just added

That's as far as I went, since I wanted all my users to receive email from both domains, but what if you don't want this?

Micro-manage!

To micromanage which users have which email addresses simply:

1. Change to the Users' snap-in and right-click on a user


2. On the E-mail Addresses snap-in, uncheck the box at the bottom that says Automatically update e-mail addresses based on receipient policy


3. Remove any email address you don't want the user to receive email at and add any additional email addresses in your configured domains. Don't forget to keep the domain.local e-mail address!


4. Set the primary one to be the email address the user will send email as

There you have it, if your domain MX records are configured correctly, the SBS box will receive e-mail for both domains!

You can add any number of domains using this process. Moreover, you can add any number of email addresses to a specific user within a given domain using micromanage tactics.

Read on to Part 2.

Read More

More Registry Fun with SBS Backup

An MVP asked me the other day; "how do I make backup appear like it's not been run?". It occurred to me to post a little note on the registry key:

HKLM\Software\Microsoft\SmallBusinessServer\Backup

I'm not going to tell you what all the settings do, as I think the names are pretty intuitive, but this is the location in the hive that the Backup Configuration Wizard uses to store all it's settings. If you remember my SBS Backup Hack on how to swap between tape and disk for the backup target, all I did was manipulate the registry.

How do you make Backup look like it was never run, just delete the entire /Backup registry, the wizard will run like it's brand new.

Of course you'll also have to navigate to %sbsprogramdir%\Backup in the shell and delete the Backup Results.xml and Small Business Backup Script.bks to give it a completely fresh start.

Read More

Super secret hidden disabled items

So I'm running Lookout on my laptop, I can't get it to appear in the tool bar. Works like a champ on all my other machines. In resolving this one, you know what I find? A new place in Outlook (very uncomon for me to find a new place in Outlook) that disables "items".

Once an item gets into this list, Outlook owns you, the item will never appear, no matter how many re-installs of the app you do.

Check your list:

• In Outlook go to Help, About Microsoft Office Outlook


• Click on the button Disabled items at the very bottom of the page


• Is that plug-in you can't get loaded in the list?, Remove it from the Remove list

Now we're back in business, and in my case, full text search.

Read More

Make it So ... (much faster!)

Outlook usually connects faster if you're on the local LAN, but sometimes that's not possible. Ever. You are stuck out in Outlook via the Internet land (RPC over HTTP). How do you make this connect faster? Tell Outlook to connect via RPC over HTTP even on fast networks!

• In Outlook, go to Tools, Email Accounts...


• Select View or Change Existing Email Accounts and choose Next


• Select the Exchange Profile and choose Change


• Choose More Settings


• On the Connection tab, choose the Exchange Proxy Settings button at the bottom


• Finally, check the box that says On fast networks, connect using HTTP first, then connect using TCP/IP

There you have it! Outlook will try RPC over HTTP first, so if you're outside of the network more often than inside, you can have a faster experience.

Read More

Looking for Something?

Search; I've never really paid that much attention to it in the past, but I'm starting to realize how important it is. When you think of search you probably think Google but I'm not talking about searching the Web. I want to search my local LAN!

I've calculated that I have roughly 30gb of data stored on my LAN that I want to search through; that's a lot of time waiting on that Windows XP little dog to dig and wag it's darn tail and Outlook isn't much better!

I needed something faster, something Google fast.

Naturally, I checked out the beta of Google's Desktop Search. As expected, Google fast, but here's what I don't like about it (although it is in beta):

• You have to open IE to search your hard drive (why can't you just search from the task bar?)


• It only searches your local machine, not the entire LAN, this is big for me, since I have a server to search!


• Finally, the privacy statement about what they search on your hard drive is a little skimpy, what do they actually consider private?

I still haven't found the exact tool I'm looking for (I feel like a Jedi: "This isn't the tool you're looking for"), but there is something close! A plug-in for Outlook called Lookout.

This plug in requires Outlook 2000 or later, which is the bad part (wish it just sat in the task bar). The other bad part is it doesn't search the web. The good news is, you get lightning fast searches of email, local documents, shared documents (UNC), SharePoint and public folders! Moreover, it keeps all the documents, emails, contacts, etc intact so you can still use them in their respective form. Double click on the item and it'll open in Word, or Excel, or Outlook, just like you're used to.

Other than having to open Outlook & the lack of searching the web; Lookout Rocks.

Please be sure to read the comments of this post. Apparently I didn't learn all the features of the Google Desktop before expressing my opinion. Moreover, I have modified this post to reflect any miss-conceptions. Thank you to my readers for clearing up the confusion.

Read More

Recovering that we shall not speak of

So you just hosed your SharePoint site, your boss is breathing down your neck because his kids pictures he shared with everyone are now gone.

Don't panic, SBS' got your back.

That's right, by simply completing setup (As Mir puts it) and following the To-Do list, you've got a great backup of your SharePoint site in your SBS backup and you don't even know it. No, I'm not talking about having to run that funky stsadm.exe command every night (because even though I gave you the steps, I forgot to do it .. whoops!).

So how can you recover SharePoint from just a bunch of WMSDE database files? Give these steps a try:

1. Un-install the SharePoint WMSDE instance


2. Un-install SharePoint


3. Install the Intranet component again using Add/Remove for SBS (Also known as maintenance mode)


4. Un-extend the virtual server using the stsadm.exe command:
   stsadm -o unextendvs -url http://companyweb


5. Detach the databases from the clean install:
   osql -E -S {server}\SharePoint
   this will connect you to the osql console, then run these commands:
   
   
   • sp_detach_db 'STS_Config'
   
   
   • sp_detach_db 'STS_ServerName_1'
   
   
6. Attach the old database files (which will require you to restore them first)


• sp_attach_db 'STS_Config', '{path to original dbs}\STS_Config.mdf', '{path to original dbs}\STS_Config_log.ldf'


• sp_attach_db 'STS_ServerName_1', '{path to original dbs}\STS_ServerName_1.mdf', '{path to original dbs>\STS_ServerName_1_log.ldf'


7. Almost there, now just Extend the virtual server using the command: stsadm -o extendvsinwebfarm -url http://companyweb -vsname companyweb

That's all there is to it, you should be able to browse to http://companyweb and impress your boss with your mad DOS typing skills.

I've had trouble gotten this to work when using a funky downloaded web-part. If this is your case, you can still browse into the Companyweb via WebDAV and extract all the files, that's at least something!

Of course the easiest way to backup and restore your SharePoint site are scheduling a task to run this command:
"%SystemDrive%\Program files\Common files\Microsoft shared\Web server extensions\60\Bin\Stsadm.exe" -o backup -url http://Companyweb -filename {target_path} -overwrite
Then you can simply follow the steps in the Backing Up and Restoring Small Business Server white paper, starting on page 16.

Read More

All Work and No Play, Doesn't Get your Door Swapped for a Prison Door

You heard me correctly. I spent much of my time at work building a product known as Small Business Server 2003. But sometimes, an opportunity just presents itself to deviate from the norm ... Like when your manager leaves for his honeymoon, that's an opportunity!

Seizing opportunities is probably the single most important thing you can do in life. So, consider opportunity seized.

Welcome to married life ... Boss


PS. I can neither confirm, nor deny I had anything to do with this
PPS. MVPs, what number is that? I think you printed it on a shirt?

Read More