Wednesday, July 18, 2007

Exchange Management Shell

It may first appear as if the Exchange Management Shell is nothing more than a standard command prompt. But if you look at its prompt, you will notice that the letters "MSH" appear in brackets just ahead of the path.

The [MSH] tells you that you are not running in a true command prompt environment, but rather within a Microsoft Scripting Host shell. The Exchange Management Shell is nothing more than a Microsoft Scripting Host environment that has been extended to support Exchange Server commands.

There are many management tasks that are only performed on the Exchange Managament Shell and CANNOT be performed in Exchange Management Console. Some of them are:
  • All Public Folder management.
  • Give permissions to user's mailbox, entire database or the server.
  • Advanced database, mailbox and recipient management.
  • Advanced Transport Settings like setting a maximum message size limit for incoming and outgoing messages on the organization or connector, Set advanced SMTP connection settings etc.
  • Certain Client Access settings also like set connection time-outs for POP3/IMAP4 servers (Set-IMAPSettings / Set-POPSettings), Prevent previous versions of Outlook from connecting to Exchange (Set-CASMailbox –MAPIBlockOutlookVersions), Enable/disable POP3 or IMAP4 for a user (Set-CASMailbox) etc...

Here is some collection of scripts for managing Exchange Server 2007 that are very useful for day to day operation and management.

Tuesday, July 10, 2007

Sender Policy Framework (SPF)

The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. It is an attempt to control forged e-mail. SPF is not directly about stopping spam – junk email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren't.

The current version of SPF — called SPFv1 or SPF Classic — protects the envelope sender address, which is used for the delivery of messages.

Sender authentication protocols are designed to protect against forgery of e-mail sender identities, either in the envelope or in the header. In the envelope, first there is the "HELO" identity, which names the mail server (MTA) that is sending the message. The "MAIL FROM" identity is the e-mail address that is responsible for sending the message and where delivery errors (bounces) will eventually be reported. And the "RCPT TO" identity is the message's recipient address. The header contains another set of identities (besides other meta information about the message, such as the subject and the sending date).

SPF authenticates the envelope HELO and MAIL FROM identities by comparing the sending mail server's IP address to the list of authorized sending IP addresses published by the sender domain's owner in a "v=spf1" DNS record.

SPFv1 allows the owner of a domain to specify their mail sending policy, e.g. which mail servers they use to send mail from their domain. The technology requires two sides to play together:
(1) the domain owner publishes this information in an SPF record in the domain's DNS zone, and when someone else's mail server receives a message claiming to come from that domain, then
(2) the receiving server can check whether the message complies with the domain's stated policy. If, e.g., the message comes from an unknown server, it can be considered a fake.

Example of SPF Record

mydomain.com. TXT "v=spf1 mx a:machine1.mydomain.com include:gmail.com -all"

The parts of this SPF record mean the following:

v=spf1: SPF version 1
mx: the incoming mail servers (MX's) of the domain are authorized to also send mail for mydomain.com
a:machine1.mydomain.com: the machine machine1.mydomain.com is authorized, too
include:gmail.com: everything considered legitimate by gmail.com is legitimate for mydomain.com
-all: all other machines are not authorized

For detailed information on SPF records and their syntax, please refer www.openspf.org
The SPF Setup Wizard: http://old.openspf.org/wizard.html

Wednesday, July 4, 2007

Troubleshooting Fast Growing Transaction Logs

Here is a pretty good technet that details various causes:

http://technet.microsoft.com/en-us/library/aa996191.aspx

Also when we mount/dismount the stores manually, the transaction logs files are replayed on to the database thus they get committed and we are able to mount stores.

We can check this status by using eseutil: eseutil /mk "path to checkpoint file"

It will give you the transaction log file uptill which all the logs have been committed. This is helpful in the case we are running out of disk space and when the full backup is also a long way to finish… so that we can move out the committed logs and keep them on a different location. In case of recovery scenario, we need these log files to make database up-to-date.