Posts

Showing posts from 2017

Batch Add Microsoft Exchange 2016 exclusions to Windows Defender on Windows 2016

Image
When you install Microsoft Exchange 2016 on Windows 2016 server it is suggested to add some exclusions to Windows Defender. Since the list is quite large, use PowerShell to add exclusions. Exclusion list can be found at https://technet.microsoft.com/en-us/library/bb332342(v=exchg.160).aspx

SECURITY PRECAUTION - Don't just blindly copy below commands and exclusions but check them. If anyone manipulated the below list on this site without my knowledge you will end adding exclusions you don't want to have.

Run PowerShell on Windows 2016 Exchange 2016 server as administrator.Add Folder Exclusions
Set-MpPreference -ExclusionPath $env:SystemRoot"\Cluster",$env:ExchangeInstallPath"ClientAccess\OAB",$env:ExchangeInstallPath"FIP-FS",$env:ExchangeInstallPath"GroupMetrics",$env:ExchangeInstallPath"Logging",$env:ExchangeInstallPath"Mailbox",$env:ExchangeInstallPath"TransportRoles\Data\Adam",$env:ExchangeInstallPath"…

Exchange Edge server Filter Agent "precedence"

Image
You might find the attachments are being stripped from some email entering your organization despite recipient and sender domain have been added to the "whitelist" in Sender ID Agent.

Agents on Exchange Edge server are as follows:


Each of the agents has its own priority, meaning which of the agent will be first, second, third,... in line to filter. Filters take precedence over another just in case spam is found.

For example: If Connection Filtering Agent finds spam (connection verification fails) it discards the message and none is processed any further. If the message passes Connection Filtering Agent it then goes to Address Rewriting Inbound Agent, which is next on priority list etc.

So, if we put a recipient to BypassedRecipients list in Sender ID Agent, it will be bypassed only for Sender ID Agentfilter and not for example Attachment Filtering Agent.
As per Microsoft. "The BypassedRecipients parameter specifies one or more SMTP email addresses. Messages bound for the…

How to Remove an IP Address from a Blacklist SpamCannibal

Image
Go to http://spamcannibal.org/cannibal.cgiIn the right side menu click Lookup IPEnter mail server IP address into the field and click Lookup IPCheck why you got listed in the first placeIf your mail server is missing PTR (reverse DNS) record, add itIf other problem resolve it firstIf the problem is resolved go again to http://spamcannibal.org/cannibal.cgiClick Contact in the right side menuScroll to the bottomEnter your IP addressEnter your EmailDescribe why you got listed and what you did to solve the problemSubmit NOTE: Don't try to get de-listed from any blacklist BEFORE you solved the problem added you to the blacklist in the first place


Exchange queue 451 4.4.0 Primary target IP address responded with: "235 00000...

Image
You might find messages staying in queue on your email server (mixed environment 2007/2010 Exchange) and Error showing:

451 4.4.0 Primary target IP address responded with: "23500000870YIIGUAYJKoZIhvcSAQICAQBuggY/MIIGO6ADAgEFoQMCAQ6iBwMFAAAAAACjggTEYYIwDCCBLygAwIBBaEPGw1JTkNPSVMuR09WLklOoigwJqADAgECoR8wHRsHU01UUFNWQxsSTUFJTC5pbmNvaXMuZ292Lmluo4IEeDCCBHSgAwIBEqEDAgFMooIEZgSCBGIjDRqyadXg4Y1GQAcMZKo9KfI/2l1JPauKHPjVxyi3sP+6PV8wXjzRn36QjnIsLu7OPtzWDRkJBR/VFnJMLT3wTpg0uEe4eAr7kAgJ+mo4vbuFdlYb+ns23tnLO2kyt3dfXgrPF5Ulm4C6me734JrfOrkT51UCliUMKmlcDAhcPEmDUagjCg9XmLatKNTn41sFZktRjFs8bXexAacl/Wil+gFI5qZbh9nrs922FUoLhmX1U7dS6xiyH2VHaxCAodcbNh14apN/rK0SvjQZi+L2bO2RSF3Rx5LO4zAPfn9LAlNQRwQo8U8NR7J1JACBUwe3t3InTRA0TXyJNCxVGZBM5QjgeJFgBRN6pqa6jZyT7tUgURrG1fHFs4fV77jyxgKjxcrUdc5n7MWT77sfLlb4Ao5HJukOnWlBVUyoDCDvVarc+8/5VJdWFxnNUkohaVUPnDYMMGiGsadDYy39omsSasFkLShLqE7vBGx3WdsvQQnH2kOTwS4mfbWsuulDUfgHOoBg4AW/fB1oxCUT5E3/siLDdurZX/LEjSCmwxbtzzLJ9IGhAlMb+WUUhlZiNb2mn3pZAUlQnDip0ZkXi2nYm71FaTnBb1chScpnpBJ…