SEMblog

I am pleased to announce that the domain exbpa.com has been saved for the Exchange community.
This was a domain that Microsoft first used a few years ago to point to their (at the time) recently released Exchange Best Practises Analyser. There are thousands of links to this domain across the internet as well as in books and magazines.

However Microsoft recently decided to allow the domain to lapse and early this morning it was finally deleted.

Fortunately I was able to register it myself through my consultancy company Sembee Ltd and therefore kept it out of the hands of a domain squatter. 

I have uploaded a slightly modified version of the list of Exchange resources that I maintain at Daniel Petri's forum, which as well as the links to the Exchange Best Practises Analyzer, also contains links to other Microsoft tools, blogs etc.

http://exbpa.com/

While it is not the best designed web site in the world, it does the job. Hopefully the Exchange community will find it of some use.

When I am working with clients and their Blackberry devices, particularly on new deployments, one of the issues I frequently have is  discovering whether the device is enabled for the BES use. It is very common for the service providers to NOT enable the Blackberry device for BES correctly. As anyone who has dealt with mobile phone provider support, when it comes to Blackberry, most of them haven't got a clue.

For some time I have been aware that RIM have a tool available to people with a support contract which allows you to query their database, but none of my clients have a support contract. I actually considered getting a contract just to get access to that database!

However I discovered that recently RIM have released a new web tool, which is free to register and use, which allows you to check the status of the device. In RIM speak "Enterprise Activation Readiness".

It is free for all users of Blackberry Professional Server, Enterprise Server, Server Express and all the other names they have used for their software in the past. All you need is your identifier and CAL key for the server.

You also get a complimentary support incident which is also another good reason for signing up.

From the site itself:

"The BlackBerry Expert Support Center is a Web 2.0 application, which is designed to allow direct access to Enterprise grade tools and resources, and to give you the ability to manage your Technical support agreement and support related inquiries easily and independently.

• One Complimentary Support Incident to receive expert advice from a member of the BlackBerry Technical Support team at any time 
• Online self service tools and resources designed to help with installation and ongoing management of your BlackBerry solution including step-by-step demonstrations 
• All the relevant guides, articles and other resources to increase your BlackBerry solution know-how "

https://www.blackberry.com/besc/dashboard/

I have mentioned before the results I have received from Vamsoft ORF in the past, most recently using they honey pot feature http://blog.sembee.co.uk/archive/2009/09/26/108.aspx.

However recently I deployed the product with another client and the results are truly spectacular.
The client has approximately 300 users, and they noticed the results almost immediately.

It was deployed as I have written in the above blog posting, so running in test only for a day or two to build up a white list to begin with then it went live.

The proof is in the numbers, so here is a screenshot of the statistics. At the time this was taken, the system had been running for almost 12 days.

For those of you not believing their eyes, that is 8.8 million messages were attempted to be delivered.
Roughly 700,000 messages a day.
Of which 60,000 were not spam, so around 5,000 a day or 16 per user on average.
The spam ratio hovers at between 99% and 100% (there is some rounding going on there as it is to the nearest full percentage point).

The logs have been watched very carefully for false positives. There have been none.

So lets just go through what is working with that client.

First is DHA protection. Direct Harvest Attack. This is simply a large number of email messages coming from the same IP address to multiple email addresses in a short space of time. For some reason this client receives a lot of messages to invalid recipients. The software blocks the host from sending more messages. It works hand in hand with the honey pot test and recipient validation.

Next is the Honey pot test. I have talked about that before (link above), but in brief it is blocking hosts sending to known non-valid recipients. This feature is simply the most effective thing I have seen against spam for a long time.

Third is recipient validation. Dropping email that is simply sent to users who do not exist. This is a straight query against the AD.

A DNS blacklist is being used - Spamhaus ZEN, but it is only blocking a small percentage of email.

What the screenshot doesn't show is that the built in Exchange 2007 Content Filtering is also enabled, but the number of messages being received in to the quarantine mailbox is a handful a day.

We are not using Greylisting, reverse DNS or the SPF tests.

In short - the three tests that are getting the most results are based on two factors - non-valid recipients and blocking hosts that are sending to them.

The messages are blocked at the point of delivery, therefore the amount of bandwidth used is negligible. The messages do not come in and have to be processed by Exchange, scanned by AV and anti spam software

Due to the volume of email and the number of queries, this system will most likely be moved to an SQL backed database and the load on the domain controller that is used is being watched carefully and  the hardware of the DC increased if required.

If you haven't had a chance to try Vamsoft ORF, then I suggest that you do. The impact can be almost immediate. It is priced per server and because it is based on host and recipients, no definition files to be updated.

Works with all versions of Exchange, including Exchange 2010.

Vamsoft ORF: http://www.shareit.com/product.html?productid=169362&affiliateid=200023740

Starting to see lots of questions on forums about setting up a hosted Exchange 2010 system.
Well to be supported, you are going to have to wait 12 months.

"Hosting in Exchange 2010 will be supported approximately twelve months after the release of Exchange 2010."

http://www.microsoft.com/hosting/solutions/hostedmessaging.mspx

Interesting little snippet posted on the RIM web site today.

"October 20, 2009 - Research In Motion (RIM) is pleased to notify you that we are working in close collaboration with Microsoft on compatibility and support for BlackBerry® Enterprise Server for Microsoft® Exchange Server 2010. Compatibility is expected later this year. BlackBerry® Technical Support Services for BlackBerry Enterprise Server for Microsoft Exchange Server 2010 is expected within 30 days following the global availability of Microsoft Exchange Server 2010."

http://na.blackberry.com/eng/support/software/server_compatibility.jsp#tab_tab_news

No doubt that will mean BES only, as the Blackberry Professional version seems to be ignored. Looks like I will be giving up my Blackberry when I move across to Exchange 2010 shortly.