Posts

Featured Post

Batch Add Microsoft Exchange 2016 exclusions to Windows Defender on Windows 2016

When you install Microsoft Exchange 2016 on Windows 2016 server it is suggested to add some exclusions to Windows Defender. Since the list is quite large, use PowerShell to add exclusions. Exclusion list can be found at https://technet.microsoft.com/en-us/library/bb332342(v=exchg.160).aspx

SECURITY PRECAUTION - Don't just blindly copy below commands and exclusions but check them. If anyone manipulated the below list on this site without my knowledge you will end adding exclusions you don't want to have.

Run PowerShell on Windows 2016 Exchange 2016 server as administrator.Add Folder Exclusions
Set-MpPreference -ExclusionPath $env:SystemRoot"\Cluster",$env:ExchangeInstallPath"ClientAccess\OAB",$env:ExchangeInstallPath"FIP-FS",$env:ExchangeInstallPath"GroupMetrics",$env:ExchangeInstallPath"Logging",$env:ExchangeInstallPath"Mailbox",$env:ExchangeInstallPath"TransportRoles\Data\Adam",$env:ExchangeInstallPath"…

Exchange Edge server Filter Agent "precedence"

Image
You might find the attachments are being stripped from some email entering your organization despite recipient and sender domain have been added to the "whitelist" in Sender ID Agent.

Agents on Exchange Edge server are as follows:


Each of the agents has its own priority, meaning which of the agent will be first, second, third,... in line to filter. Filters take precedence over another just in case spam is found.

For example: If Connection Filtering Agent finds spam (connection verification fails) it discards the message and none is processed any further. If the message passes Connection Filtering Agent it then goes to Address Rewriting Inbound Agent, which is next on priority list etc.

So, if we put a recipient to BypassedRecipients list in Sender ID Agent, it will be bypassed only for Sender ID Agentfilter and not for example Attachment Filtering Agent.
As per Microsoft. "The BypassedRecipients parameter specifies one or more SMTP email addresses. Messages bound for the…

How to Remove an IP Address from a Blacklist SpamCannibal

Image
Go to http://spamcannibal.org/cannibal.cgiIn the right side menu click Lookup IPEnter mail server IP address into the field and click Lookup IPCheck why you got listed in the first placeIf your mail server is missing PTR (reverse DNS) record, add itIf other problem resolve it firstIf the problem is resolved go again to http://spamcannibal.org/cannibal.cgiClick Contact in the right side menuScroll to the bottomEnter your IP addressEnter your EmailDescribe why you got listed and what you did to solve the problemSubmit NOTE: Don't try to get de-listed from any blacklist BEFORE you solved the problem added you to the blacklist in the first place


Exchange queue 451 4.4.0 Primary target IP address responded with: "235 00000...

Image
You might find messages staying in queue on your email server (mixed environment 2007/2010 Exchange) and Error showing:

451 4.4.0 Primary target IP address responded with: "23500000870YIIGUAYJKoZIhvcSAQICAQBuggY/MIIGO6ADAgEFoQMCAQ6iBwMFAAAAAACjggTEYYIwDCCBLygAwIBBaEPGw1JTkNPSVMuR09WLklOoigwJqADAgECoR8wHRsHU01UUFNWQxsSTUFJTC5pbmNvaXMuZ292Lmluo4IEeDCCBHSgAwIBEqEDAgFMooIEZgSCBGIjDRqyadXg4Y1GQAcMZKo9KfI/2l1JPauKHPjVxyi3sP+6PV8wXjzRn36QjnIsLu7OPtzWDRkJBR/VFnJMLT3wTpg0uEe4eAr7kAgJ+mo4vbuFdlYb+ns23tnLO2kyt3dfXgrPF5Ulm4C6me734JrfOrkT51UCliUMKmlcDAhcPEmDUagjCg9XmLatKNTn41sFZktRjFs8bXexAacl/Wil+gFI5qZbh9nrs922FUoLhmX1U7dS6xiyH2VHaxCAodcbNh14apN/rK0SvjQZi+L2bO2RSF3Rx5LO4zAPfn9LAlNQRwQo8U8NR7J1JACBUwe3t3InTRA0TXyJNCxVGZBM5QjgeJFgBRN6pqa6jZyT7tUgURrG1fHFs4fV77jyxgKjxcrUdc5n7MWT77sfLlb4Ao5HJukOnWlBVUyoDCDvVarc+8/5VJdWFxnNUkohaVUPnDYMMGiGsadDYy39omsSasFkLShLqE7vBGx3WdsvQQnH2kOTwS4mfbWsuulDUfgHOoBg4AW/fB1oxCUT5E3/siLDdurZX/LEjSCmwxbtzzLJ9IGhAlMb+WUUhlZiNb2mn3pZAUlQnDip0ZkXi2nYm71FaTnBb1chScpnpBJ…

NDR for non-existent domain (5.4.4)

Image
By default, NDR (5.4.4) of an email sent to a user with non-existent domain is sent to postmaster's mailbox. If you want your users to get NDR when they send email to a wrong email address (domain in this case), you need to remove 5.4.4 code from Transport Configuration.

In Exchange 2010:


go to Organization > Hub transport > Global settings > Transport settingsremove code 5.4.4 from the list

In Exchange 2013/16
Get-transportConfig to check settingsFind GenerateCopyOfDSNFor and the codes (if 5.4.4 is on the list)Example: {5.4.8, 5.4.4, 5.4.6, 5.2.4, 5.2.0, 5.1.4}Copy ALL codes (from bracket to bracket)Paste into NotepadRemove 5.4.4 from the list (remove 5.4.4, )Set-transportConfig -GenerateCopyOfDSNFor "5.4.8, 5.4.6, 5.2.4, 5.2.0, 5.1.4" Users will get NDR immediately.

Install Docker on Microsoft Windows 2016

Image
Microsoft Windows 2016 supports Docker engine, running containers natively on Windows. To install Docker on Windows server you need to run:

Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -ForceInstall-Module -Name DockerMsftProvider -ForceInstall-Package -Name docker -ProviderName DockerMsftProvider -ForceRestart-Computer -Force After that run:
# Open firewall port 2375
netsh advfirewall firewall add rule name="docker engine" dir=in action=allow protocol=TCP localport=2375# Configure Docker daemon to listen on both pipe and TCP (replaces docker --register-service invocation above)
Stop-Service dockerdockerd --unregister-servicedockerd -H npipe:// -H 0.0.0.0:2375 --register-serviceStart-Service docker
Microsoft images for Docker are available here https://hub.docker.com/u/microsoft/


MacOS Sierra Time Machine - Preparing backup... forever to Synology

Image
I am using Synology NAS to backup my Mac using Time Machine. After upgrade to MacOS Sierra (10.12.1) Time Machine backup sort of backed up my Mac. By sort of I mean it was showing Preparing backup...  forever but if I entered Time Machine backup all backups even new ones were there.

To resolve the issue with "Preparing backup...":

I removed backup disk in Time Machine preferencesRemoved all Synology Diskstation passwords from KeyChain Access (not only Time Machine ones) Deselected Time Machine shared folder from Synology file services menuDisabled Mac file service (AFP) from Synology Control panelDismounted all Synology mounted drivesEnabled SMB 3.0 in Synology File services (Control panel)Enabled back Mac file service in SynologySelected Time Machine shared folder under Mac file services in SynologyOpened Time Machine settings and Selected Time Machine disk from the listSelected Encrypt backupEntered username and password for Time Machine backupEntered password for encrypte…