Archive for the ‘HT’ Category

JAMIE MCKILLOP

UPDATE: Version 2.1 is available. For details, click here.

The Exchange tracking logs provide a wealth of information about mail flow through your organization. Unfortunately, the tools that ship with Exchange aren’t very good at leveraging this information in a useful way. You can use the message tracking tool that ships with EMC to search for specific logs but beyond viewing the raw log data, there isn’t much information available. Fortunately, Microsoft has provided us with powershell and powershell can be used in all sorts of interesting ways to gather, aggregate and present data in useful summaries and reports.

One of the great things about powershell and the IT community is that there are plenty of people who have built powershell scripts to solve problems, automate or streamline tasks, and gather and present data. Most people are more than happy to share their scripts with anyone who would like…

View original post 1,095 more words

Advertisements

Hey Folks,

after updateing a customers’ Exchange 2010 SP3 Server to SP3 Rollup 1 we got massive Problems with the ExchangeTransport Service.

The serivce crashed repeatedly and generated several Event log entries with the following IDs:

4999,10001,10002,10003,12028

The Exchange poison quee was filled up with normal mail traffic.

After uninstalling SP3 Rollup 1 from the HT servers the problem disappeared.

Cheers,

Chris

UPDATE:

My colleague Michael Miklis pointed out to me, that this behaviour is referred in the SP§ RU1 release article:

Known Issue

After this update is applied, there is an issue in which messages stick in a poison queue and the transport service crashes.

This issue is caused by a transport rule (disclaimer) that tries to append the disclaimer to the end of HTML-Formatted messages. When this occurs, messages are put in the poison queue and the transport service crashes with an exception. We are investing resources to develop a code fix. To work around this issue, you can disable or reconfigure the disclaimer transport rule.

(Source: http://support.microsoft.com/kb/2803727/en-us)

Often you are forced to analyze mail headers. If this is not part of your daily tasks, it’s difficult to “read” the header information.

MXToolBox.com offers a free header analyzer which performs a graphical preparation of the mail header which can be used for documentation and further analyzing. You can follow the different steps of the sent mail as well as e.g. spamfilter or mailserver header additions:

Here you can find the header analyzer:

http://www.mxtoolbox.com/EmailHeaders.aspx

An alternative Tool to analyze the E-Mail header comes from google:
https://toolbox.googleapps.com/apps/messageheader/

Cheers,

Chris

You can remove the internal address and hostname using the “header firewall” which removes certain rights for the builtin user “Anonymous Logon”. So we remove the ExtendedRight for “ms-Exch-Send-Headers-Routing” for external SMTP-Connector.

First check the access rights of your external connector:

Get-SendConnector “EXTERNAL-CONNECTOR-NAME” | Get-ADPermission | Where-Object { $_.extendedrights –like “*routing*” | fl user, *rights

Be aware to use the right spelling for your Exchange servers’ language:

English OS:

Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”

German OS:

Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT-AUTORITÄT\Anonymous-Anmeldung”

Change FQDN:

Set-SendConnector -id “EXTERNAL-CONNECOR-NAME” -FQDN:mail.company.com

Regards,

Chris

To monitor NDRs you have to configure your postmaster address in transport settings and organization config:

Set-TransportConfig –ExternalPostmasterAddress postmaster@domain.com
Set-OrganizationConfig –MicrosoftExchangeRecipientReplyRecipient postmaster@domain.com

Now you can set a transport rule for monitoring

Set-TransportConfig -GenerateCopyOfDSNFor “DSN-Number”

Example:

Set-TransportConfig -GenerateCopyOfDSNFor 5.1.0, 5.1.1

generates DSN Copys for the above DSNs.

DSN-Codes

Cheers, Chris

Here comes the quick and short PS commands to set up an anonymous relay.

New-ReceiveConnector -Name RELAY -usage Custom -Bindings ’10.0.0.1:25′ -fqdn smtprelay.domain.com -RemoteIPRanges 10.0.0.2 -server EXCHANGESERVER -permissiongroups AnonymousUsers

English OS:
Get-ReceiveConnector RELAY | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

German OS:
Get-ReceiveConnector RELAY | Add-ADPermission -User “NT-AUTORITÄT\Anonymous-Anmeldung” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

Be sure to edit the bold values to your own environment.
The Bindings’ value you set to the network or server you want to relay.

I recommend to create a DNS entry for this IP, too.

After configuring you have to set your relaying servers’ configuration to this connector.

Cheers,

Chris

Messagetracking

Posted: January 17, 2012 in Exchange 2010, HT, Powershell
Tags: , ,

It’s often required to track the message flow in your Exchange environment. Of ourse, Exchange has it’s web-based GUI to track messages but it’s limited in function.

You should use PowerShell to analyze mailflow in a detailed level.

Output table formated. First, transport servers are selected. The result is piped into the main query phrase and filtered mathching the E-Mail subject.

Get-TransportServer | Get-messagetrackinglog -Sender “USER@DOMAIN.COM” -Start “01/15/2012 11:15:00” -End “01/15/2012 14:25:00” | Where {$_.MessageSubject -like “*Exchange*”} | ft EventId,Source,Sender,MessageSubject,Recipients -autosize

You could this output more detailed list-formated.

Get-TransportServer | Get-messagetrackinglog -Sender “USER@DOMAIN.COM” -Start “01/15/2012 11:15:00” -End “01/15/2012 14:25:00” | Where {$_.MessageSubject -like “*Exchange*”} | fl

Filter for empty subject.

Get-TransportServer | Get-messagetrackinglog -Sender “USER@DOMAIN.COM” -Start “01/15/2012 11:15:00” -End “01/15/2012 14:25:00” | Where {$_.MessageSubject -like “”} | fl

Filtering messagelog to track mails sent to a special domain.

Get-TransportServer | Get-MessageTrackingLog -Start “01/15/2012 12:00am” -ResultSize Unlimited | Where {$_.Recipients -match “googlemail.com”}

Cheers,

Chris