Block unknown internal domains with Trend Micro IMSS

Maybe you have seen it mails from unknown domains will be relayed via the internal mailserver or mailserver that is placed in the DMZ. Normally when configuring the mailservers correctly it’s not possibly to send mail from a domain which is not hosted on the internal mailserver. But it can also be that a virus is active on a mailserver which is allowed to relay.</p>

In this tutorial I will explain how you can create a policy in Trend Micro IMSS to prevent this. The way of configuring is not really the way you think you have to do it, but the endresult will work.

First we will create a rule which matches incoming messages.

Select the button add and choose the option other.

Ensure that the this rule will apply to option is set to incoming , we wil change this later to both incoming and outgoing messages. We could not do this right now because the policy will not be created correctly then.

Next select on the link recipients a new window will be opened.

Select the option anyone and select save, the window will close. Next click on senders a new windows will be opened again.

</p>

Select the option anyone and select save, the last parameter we need to define in this step is the exceptions.

Add the following exception:

Repeat this for each domain.

When ready click on save to save the changes, you will get the following overview after this.

Click on the next button to continue. In this step we will define the conditions when a mail must be scanned by this policy.

In this case we want to scan all messages so we don't select anything en click on the next button.

You will get a warning that all messages will be scanned if not choosing any condition. Confirm this by clicking on the OK button.

The next step is the action that needs to be executed when a mail meets the conditions. In this case we will delete all messages which meet the conditions. You could choose to quarantine the messages, if you would like to do this change the action.

Next we will define the name and number of the policy. Keep in mind that the policy always needs to be created below the Global Antivirus Rule and Default Spam Rule. You may choose to not activate the policy right now but activate it after the steps below.

When you return to the policy overview you can see that the policy is added.

Now we have added the policy we need to change it. This because it's not possible to add *@* as sender/recipient in this policy when choosing the option to apply this policy on both incoming and outgoing messages.

Click on the policy to view the details

Click on if recipient and senders are

Change the option this rule will apply to to both incoming and outgoing messages. Next we will change the exceptions. This can be done by clicking the link Senders and Recipients after the option exceptions.

Add the following exception:

Add the exception for each domain, when ready click save 4 times to return to the policy overview. If you have not activated the policy activate it.

Use regular expressions in Exchange 2007

In the transport rules from Exchange 2007 you can use regular expressions. This can let you block specific words. But what happens in some cases is that correct words are also blocked because they contain the blocked specified character pattern. You can prevent this by using one or more of the parameters below:

To virtualize Exchange 2007 or not

The guys from the Exchange team have posted a nice article. It’s about virtualizing you Exchange 2007 environment. In this article several scenario’s will be explained in which it can be quite interesting to virtualize Exchange.

Export-Mailbox did not delete content

With export-mailbox it’s possible to export a mailbox to, for example, a pst file. When using the parameter -DeleteContent normally the contact will be deleted after exporting the mail. In some cases this does not happen. It looks like to happen if a mailbox contains more then 4000 items

MFCMapi

MFCMapi makes it possible to edit the mailbox directly via the Messaging API (MAPI). This can be very usefull to remove a setting which is still on an object but is not visible anymore in the GUI. For example an user which is a delegate but does not exist in AD but you still receive error when trying to arrange a meeting with the mailbox. This can cause a lot of e-mails about non existing users. With MFCMapi you can remove the entry and solve the issue you have.

Standby Continuous Replication and log truncation

Standby Continuous Replication is a part of Exchange since service pack 1. With this option a copy from the storage group is made to another server for example a server in a DR site. This is done by copying the log files from the production server to the server in the DR site.

Winmail.dat

Maybe you have seen it an e-mail with a winmail.dat file as attachment. This is caused by a sender which sends an e-mail in RTF format to a user that has an e-mail client which does not support RTF.

Modify Out Of Office settings on the Exchange Server

As you may know some things have changed in Exchange 2007 for Out Of Office settings, it’s now possible to define seperate Out Of Office messages for internet senders and internal senders.</p>

Besides these changes there are no Out Of Office messages send to senders who are listed on the blocked sender list or if the mail is placed in the junk mail folder.

When you are a member of several mailing lists it can be quite irritating if an Out Of Office message is send to it. In Exchange 2007 there are no Out Of Office messages send to it anymore.

With the Exchange Management Shell it's possible to modify several settings:

  • may external users receive an Out Of Office message
  • may internal users receive an  Out Of Office message

The settings above can be configured per user. This is done by using the parameter -ExternalOOFOptions in combination with set-mailbox.

Support policies for Exchange Servers in a virtualized environment

Dynamic Distribution Groups

It has been a while ago so it’s time for a new tutorial.</p>

This tutorial will be about dynamic distribution groups, a new feature in Exchange 2007. With a dynamic distribution group you can create a group which members will be selected according to a filter you specify. Each time a mail is send to this group a query will be done to select the users who are a member of the group.

There are two methods to create a dynamic distribution group:

  • via the Exchange Management Console
  • via the Exchange Management Shell

Dynamic Distribution Group via the Exchange Management Console

We start with the first method, for this you will need to startup the Exchange Management Console and go to groups via recipient configuration .

When you have selected the groups icon you can select the option new dynamic distribution group in the right menu to start the wizard.

You will be presented the screen above, here we can define a name for the new dynamic distribution group. When the name has been defined you can click on next

The next step is to define the filter, here we need to define from which OU the members will be selected. The other thing we can define here is which objects will be selected from the OU. Standard all objects will be selected but if you have an OU which different types of objects you can specify for example only Exchange Mailbox users.

When your statisfied with the filter click on next

The next step is to define the conditions which a user must met to be a member of the group. As you can see in the screenshot there are a few fields displayed at step 1. When you wish to use another field will need to create the group via the Exchange Management Shell.  This is described later in this tutorial.

In this case we would like to select all people who work in the IT department, therefor we select the option  Recipient is in a Department, in the lower part of the screen we must define the condition. By clicking on specified we can specify a value. When clicking on it you will see the following screenshot.

Here we specify the value which we want to use in our filter, in this case IT. When you have specified all values you can click on OK.

Now we have provided all necessary values we will get a short overview of what we are going to configure.

When we are satisfied with this we click on new, after this the new dynamic distribution group will be created.

Now we created the new group we would like to know which users are a member of it. To find this out we need to get the properties of the group.

Next thing is to select the tab conditions and push the button preview

An overview of the users who are a member of the group will be displayed.

Standard only mail from authenticated users will be accepted. This is to prevend people from the internet sending mail to this group. When you would like to enable this group for receiving mail from the internet we need to configure this. This can be done on the tab Mail Flow Settings

When you opened the tab select the item Message Delivery Restrictions and click the button properties.

In the upper part of the screen you will see accept messages from below that title you will find the option require that all senders are authenticated, remove the checkmark before the option to accept mail from the internet. 

Dynamic Distribution Group via the Exchange Management Shell

As mentioned earlier we can create a dynamic distribution group via two methods. The second method is via Powershell. You can do this by using the command new-DynamicDistributionGroup. It can be done via an easy or by are more complex way. Can we specify only a few fields in the EMC, in Powershell we can filter on much more fields.

But that's for later, let's start with the easy version: