Microsoft Exchange and Remote Desktop Services Specialists

SEMblog

Microsoft Exchange Server and
Blackberry Enterprise Server news, views and fixes.

Check Whether the Blackberry is BES Ready - Free

When I am working with clients and their Blackberry devices, particularly on new deployments, one of the issues I frequently have is  discovering whether the device is enabled for the BES use. It is very common for the service providers to NOT enable the Blackberry device for BES correctly. As anyone who has dealt with mobile phone provider support, when it comes to Blackberry, most of them haven't got a clue.

For some time I have been aware that RIM have a tool available to people with a support contract which allows you to query their database, but none of my clients have a support contract. I actually considered getting a contract just to get access to that database!

However I discovered that recently RIM have released a new web tool, which is free to register and use, which allows you to check the status of the device. In RIM speak "Enterprise Activation Readiness".

It is free for all users of Blackberry Professional Server, Enterprise Server, Server Express and all the other names they have used for their software in the past. All you need is your identifier and CAL key for the server.

You also get a complimentary support incident which is also another good reason for signing up.

From the site itself:

"The BlackBerry Expert Support Center is a Web 2.0 application, which is designed to allow direct access to Enterprise grade tools and resources, and to give you the ability to manage your Technical support agreement and support related inquiries easily and independently.

  • One Complimentary Support Incident to receive expert advice from a member of the BlackBerry Technical Support team at any time 
  • Online self service tools and resources designed to help with installation and ongoing management of your BlackBerry solution including step-by-step demonstrations 
  • All the relevant guides, articles and other resources to increase your BlackBerry solution know-how "

https://www.blackberry.com/besc/dashboard/

Truly Spectacular Results from Vamsoft ORF

I have mentioned before the results I have received from Vamsoft ORF in the past, most recently using they honey pot feature http://blog.sembee.co.uk/archive/2009/09/26/108.aspx.

However recently I deployed the product with another client and the results are truly spectacular.
The client has approximately 300 users, and they noticed the results almost immediately.

It was deployed as I have written in the above blog posting, so running in test only for a day or two to build up a white list to begin with then it went live.

The proof is in the numbers, so here is a screenshot of the statistics. At the time this was taken, the system had been running for almost 12 days.

 

Vamsoft ORF Statistics

For those of you not believing their eyes, that is 8.8 million messages were attempted to be delivered.
Roughly 700,000 messages a day.
Of which 60,000 were not spam, so around 5,000 a day or 16 per user on average.
The spam ratio hovers at between 99% and 100% (there is some rounding going on there as it is to the nearest full percentage point).

The logs have been watched very carefully for false positives. There have been none.

So lets just go through what is working with that client.

First is DHA protection. Direct Harvest Attack. This is simply a large number of email messages coming from the same IP address to multiple email addresses in a short space of time. For some reason this client receives a lot of messages to invalid recipients. The software blocks the host from sending more messages. It works hand in hand with the honey pot test and recipient validation.

Next is the Honey pot test. I have talked about that before (link above), but in brief it is blocking hosts sending to known non-valid recipients. This feature is simply the most effective thing I have seen against spam for a long time.

Third is recipient validation. Dropping email that is simply sent to users who do not exist. This is a straight query against the AD.

A DNS blacklist is being used - Spamhaus ZEN, but it is only blocking a small percentage of email.

What the screenshot doesn't show is that the built in Exchange 2007 Content Filtering is also enabled, but the number of messages being received in to the quarantine mailbox is a handful a day.

We are not using Greylisting, reverse DNS or the SPF tests.

In short - the three tests that are getting the most results are based on two factors - non-valid recipients and blocking hosts that are sending to them.

The messages are blocked at the point of delivery, therefore the amount of bandwidth used is negligible. The messages do not come in and have to be processed by Exchange, scanned by AV and anti spam software

Due to the volume of email and the number of queries, this system will most likely be moved to an SQL backed database and the load on the domain controller that is used is being watched carefully and  the hardware of the DC increased if required.

If you haven't had a chance to try Vamsoft ORF, then I suggest that you do. The impact can be almost immediate. It is priced per server and because it is based on host and recipients, no definition files to be updated.

Works with all versions of Exchange, including Exchange 2010.

Vamsoft ORF: http://www.shareit.com/product.html?productid=169362&affiliateid=200023740

 

Blackberry Support for Exchange 2010 News

Interesting little snippet posted on the RIM web site today.

"October 20, 2009 - Research In Motion (RIM) is pleased to notify you that we are working in close collaboration with Microsoft on compatibility and support for BlackBerry® Enterprise Server for Microsoft® Exchange Server 2010. Compatibility is expected later this year. BlackBerry® Technical Support Services for BlackBerry Enterprise Server for Microsoft Exchange Server 2010 is expected within 30 days following the global availability of Microsoft Exchange Server 2010."

http://na.blackberry.com/eng/support/software/server_compatibility.jsp#tab_tab_news

No doubt that will mean BES only, as the Blackberry Professional version seems to be ignored. Looks like I will be giving up my Blackberry when I move across to Exchange 2010 shortly.

Anti Spam Product Selection

A common question that keeps coming up on forums and similar sites is "What is the best anti spam solution?"

Unfortunately there is no single answer to this question.
I usually respond with something like "What is the best car, best house, best wife?"

The only answer is that the best product is the one that works for you.
On most forums, most of the posters will have experience with one or two products, so will post that product X has worked well for them.
Someone else may well post and say that product X sucked and product Y was the best solution. Then another person will say, don't bother with a product, outsource it to service Z.

On my home network I have had good experience with Vamsoft ORF, but when I tried it on another site it was unsuccessful. I also tried GFI Mail Essentials at home, found it's performance wasn't great for me. However at another client it has been very successful.

When it comes to looking at antispam solutions, the key metric should not be how much spam does it remove, but how much legitimate email it blocks. If the product is stopping email you want from being delivered, then you need to look at a different product.

I have personal experience with this with a client a few years ago.

The client was a large finance company. They did loans and mortgages through brokers, many of whom used AOL and similar accounts.  (It will surprise you how many of the very small businesses like one man band brokers still do).
They have a requirement for zero false positives - because a single false positive could mean the loss of many thousands of pounds of business.
We evaluated every product on the market, from open source to high end commercial and out sourced solutions. The requirement was very strict - and every product failed because they were all blocking one or two messages a week that were legitimate.
It actually reached the point where we started to put a plan together to hire IT contractors whose sole responsibility was to go through the quarantine email manually, as it was worked out that they would only have to save one email every six months to make it worth while to the company. However in the end, one of the out sourced providers built a custom solution for them so that the management could be handed off.
 
The point I am trying to get across is that asking people what works for them and then using that for a buying decision isn't really a good idea. It does not allow you to bypass the evaluation period. Everyone knows that users don't like spam and no doubt as the administrator of the server you will be under pressure to find a solution that works. However purchasing in haste may actually end up costing your company money.

Most of the major products have evaluation versions you can download. Install them and run them in report only mode. See what it would catch. If you decide to start block messages, then quarantine them first so you can check for false positives.

You could find that the product that someone posts saying "We tried product X and it didn't catch a thing" actually works very well for you.