Sunday, June 5, 2011

Monitoring Microsoft SMTP gateways queues with PowerShell

Jeffrey Snover; this is the guy behind the most amazing thing that happened to Microsoft in the past five years “my opinion” which is PowerShell;

I know that the word shell scares some people but this is different; Snover have created an interactive, programmatic and production oriented shell and overall it is a lot of fun J

He is a true example of the passionate individual who can shift the technology trend;
Enough about Sonver and let’s talk about his baby "PowerShell";

Once you get familiar with PowerShell you will enjoy it a lot as it will save you ton of time and increase your productivity, and here is one example assuming that you don’t have SCOM Server implemented already “I totally encourage you to use SCOM” and you would like to have some kind of monitoring on your Exchange Edge Servers important parts for instance the queue;

You can create a scheduled task to run a script which will monitor the number of items and if it exceeds a defined threshold you will be notified through email;


The logic will be as follow:

  • Scheduled task will be created on the edge servers that will run every 30 minutes,
  • The task will fire a batch file,
  • The batch file by its turn will launch a PowerShell script.
  • The script will import the exchange 2010 PSSnapin and will do its magic.


Batch File
Powershell -command "& {C:\Data\Scripts\Exch2010QueueMonitor.ps1}"

PowerShell File
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010


$filename = “c:\Data\Scripts\Server Name.txt”
Start-Sleep -s 10
if (Get-ExchangeServer -Identity Server Name | get-queue | Where-Object { $_.MessageCount -gt 10 })

{

Get-ExchangeServer -Identity Server Name | get-queue |sort messagecount -descending | Where-Object { $_.MessageCount -gt 1 } | Format-Table -Wrap -AutoSize | out-file -filepath C:\Data\Scripts\Server Name.txt
Start-Sleep -s 10

$smtpServer = “SMTP Server Name or IP address
$msg = new-object Net.Mail.MailMessage
$att = new-object Net.Mail.Attachment($filename)
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg.From = “Alert@MyDomain.com
$msg.To.Add("My Email Address")
$msg.Cc.Add("Secondary Email Address")
$msg.Subject = “Server Name Server Queue Threshold Reached”
$msg.Body = “Server Name Current Queue Status”
$msg.Attachments.Add($att)
$smtp.Send($msg)


Windows PowerShell Community Resources



By the way today is my daughter first birthday; happy birthday Mariam :)


See you soon, Hany Donia


Sunday, May 29, 2011

Migrating to Microsoft SMTP Gateway guidelines and recommendations

Because of the huge success of the Forefront Protection 2010 for Exchange; a lot of companies are considering migrating from other products to FPE; so I decided to write a guidelines and recommendations to insure a smooth migration with a zero downtime,
Please make sure to read the recommendation carefully before jumping to the migration steps.

Recommendations:

  • Plan the migration steps with the Network and External DNS teams.
  • If you network team are using Cisco PIX Firewall make sure they read the following article ahead and that the header of your SMTP gateway isn’t masked http://technet.microsoft.com/en-us/library/dd277550(EXCHG.80).aspx
  • Export the list of blocked IP’s, senders and domains from your old anti-spam to the Forefront Protection 2010 for Exchange.
  • Enroll your environment at the Junk Mail Reporting Partner Program https://support.msn.com/eform.aspx?productKey=edfsjmrpp&ct=eformts&st=1&wfxredirect=1
  • Make sure the new IP’s that will be assigned to your Edge Server aren’t blacklisted http://www.mxtoolbox.com/blacklists.aspx
  • Monitor the blacklist status of your domain sending IP’s and get email alerting when added or removed from any blacklist database by registering at http://www.mxtoolbox.com
  • Install the Forefront Protection Server Management Console to get a centralized console for configuration deployment, reporting, quarantine management, engine and definition update deployment http://www.microsoft.com/forefront/protection-for-exchange/en/us/management-console.aspx
  • Make sure to manage your customer’s expectation at the early deployment phase and try to educate them about your plan in order to win their cooperation with you.
  • Be sure to use the right disk types to provide you with enough IO’s for your SMTP gateways.
  • Don’t enable recipient filtering until you are sure the synchronization process has been completed on all SMTP Gateways.

Guidelines:

Tasks
Useful Links
Preparing the windows servers.  
Installing the file level anti-virus"FEP 2010" http://www.microsoft.com/forefront/endpoint-protection/en/us/system-requirements.aspx

http://technet.microsoft.com/en-us/library/ff823762.aspx
Defining the anti-virus exclusions http://technet.microsoft.com/en-us/library/bb332342.aspx
Installing Microsoft Exchange Server 2010 SP1 Edge Server role http://technet.microsoft.com/en-us/library/bb124701.aspx
Creating the Accepted Domains http://technet.microsoft.com/en-us/library/bb124423.aspx

http://technet.microsoft.com/en-us/library/bb124911.aspx
Configuring the External DNS Lookups http://technet.microsoft.com/en-us/library/bb123492.aspx
Configure DNS Records for Your Edge Servers http://technet.microsoft.com/en-us/library/bb124896(EXCHG.140).aspx
Installing the Forefront Protection 2010 for Exchange. http://technet.microsoft.com/en-us/library/cc482965.aspx
Configuring the forefront protection 2010 for exchange. http://technet.microsoft.com/en-us/library/cc483003.aspx
Create new MX records to point to the new edge servers with a higher priority than the old ones. http://en.wikipedia.org/wiki/MX_record
Create an Edge Subscription File on an Edge Transport Server. http://technet.microsoft.com/en-us/library/aa997590.aspx
Import an Edge Subscription File to an Active Directory Site. http://technet.microsoft.com/en-us/library/aa995991.aspx
Force EdgeSync Synchronization. http://technet.microsoft.com/en-us/library/aa996383.aspx
Disable the send connector that is sending to the old SMTP gateways.  
Make sure you can send mail outside your organization using the new SMTP gateways.  
Shift the priority of your MX records so the low priority will be your new Microsoft SMTP gateway.  
Make sure you are receiving emails on your new SMTP gateways.  
Shutdown your old SMTP gateways.  
After a period of time make sure to delete your old MX records after making sure that everything is working smoothly  
Congratulations; you have done a good job.  

See you soon, Hany Donia

Sunday, May 1, 2011

~all or –all; does it really make a difference?

Before we move further I suggest you to read the following post in advance Sender ID and Spoofing
Recently I’ve received a lot of concerns about sender ID filtering including configuration that are implemented correctly but aren’t taking effect and the differences between SPF record Pre’s,
So I decided to reveal the mystery between the SPF record Pre’s especially ~all and –all and the sender id filtering options.
Let’s start from sender id configuration prospective, it is very simple from exchange EMC as below

And from the Forefront Protection 2010 for Exchange as below
And now let’s take a simple straight forward SPF record where a company is sending mails from its MX records IP’s so their SPF record should be as below
company.com. IN TXT "v=spf1 mx ~all"
OR
company.com. IN TXT "v=spf1 mx -all"
But what is the difference between both? And what it has to do with the Sender ID filtering action options?
Actually there is two scenarios; one when the result of the filter is positive and the other one when it is negative
When the result is positive; whether you are using the tilde or the minus you should see the below Sender ID result in the message header.
But when the result is negative and you are using the tilde you will see the below Sender ID result in the message header
While when you are using the minus you should see the below Sender ID result in the message header
Ok I got it; the difference is when the test fails; with the tilde it will return SOFTFAIL while with the minus it will return FAIL; but what does it have to do with sender id filtering actions option?
The below figure will answer this question.
So the options available for the sender id to take on the mails are different according to the Sender ID status which means if your SPF is using the tilde while you set the Sender ID option to reject message nothing will happen and you will find yourself a victim to spoofing as with the tilde you can only stamp messages while with the minus you have all options.
This was only a glance on the relation between Sender ID options and SPF record Pre’s
See you soon , Hany Donia

Monday, April 25, 2011

Dude, Where’s My SPAM Emails?

The anti-spam market is full of different solutions and as you can see below from the below list

  • Microsoft FPE               
  • Cisco IronPort
  •  Symantec
  • Google Postini
  • Mcafee
  • Proofpoint
  • Trend Micro
  • Barracuda Networks
  • Websence
  • M86 Security
  • Clearswift
  • Webroot
  • watchGuard
  • SonicWALL
  • Fortinet
  • Messaging Architects
  • PineApp

So which SMTP gateway you will choose for your messaging environment? ; And why?
Recently I was responsible about enhancing the anti-spam solution of a 30,000 mailbox organization, and I had to find out what is the best solution for them;

Although there are a lot of choices when it comes to the SMTP gateways; but actually mine weren’t; as my choices were limited to the three big guys “Microsoft FPE, Cisco IronPort and Symantec”
And the Oscar goes to ………….. Microsoft PFE     hurray!!!!  ; But why?

My decision was based on the below reasons:
  • The CLOUDMARK content filtering agent.
  • Inbound and outbound scanning using 5 different engines (Microsoft AV, Kaspersky, Norman, VirusBuster and Authentium).
  • The ability to process around 40 messages per second per server while all anti-spam and antivirus agents are running =  more than 3 million messages per day per server.
  • The deep integration with Microsoft outlook to grant end users the control to block or allow mails to reach them from their outlook.
  • Easy to deploy easy to manage.

After the move to the new anti-spam solution we have noticed an amazing improvement in terms of the catch-up rate and quarantined legitimate emails.

Microsoft FPE Resources:

See you soon , Hany Donia

Thursday, March 31, 2011

Yes, Virginia, There an Exchange Server 2010 Appliance

Ladies and gentlemen I give you the HP E5000


 Whitepapers:

  

See you soon , Hany Donia

Tuesday, March 15, 2011

Exchange Server 2010 MCM Pre-Reading List

Microsoft Certified Master: Exchange Server 2010 - Recommended Pre-Reading List for Attendees

http://www.dynamicevents.com/MCM/MCM_Exchange2010_Pre-reading_v1.1.pdf



See you soon , Hany Donia