Whew, making good progress now.  Here's Part 14 (Maintaining Anti-Virus) of the 24 part Exchange 2007 webcast series.  Let me know if you have any questions.

Harold Wong
harold.wong@microsoft.com

Exchange Server 2007 Webcast Series (Part 14 of 24) Questions and Answers Log (03-07-07)


Question: Where can I find documentation on how to setup 2 dedicated HUB servers in one site for redundancy?

Answer: Redundancy is built in, so as soon as you introduce the second Hub Transport server, you have redundancy and resiliency for the Site. See http://technet.microsoft.com/en-us/library/bb124721.aspx for more information on high availability.


Question: Will the 2003 OWA and Outlook Anywhere URLs my FE server is proxying for still work after I add my first CAS server? Thank you

Answer: Well, not knowing anything about your configuration, I'll say it depends. :-) The standard approach to transition from Exchange 2003 to Exchange 2007 should be seamless to your end-users. See http://technet.microsoft.com/en-us/library/aa997617.aspx for single forest transitions, and if you have more than one forest, see the topics below this one.


Question: In CCR for small customer could I install TR and CA in cam server and enable NLB . is that supported?

Answer: Can you please clarify what you mean by TR and 'cam server'? If you are asking if Hub Transport and Client Access can exists on the same standalone systems, and you can use NLB for Client Access, then the answer is Yes. You don't use NLB for Hub Transport, but you can use it for Client Access, even when Client Access is installed on the same system as Hub Transport.


Question: I still can create public folder from the outlook 2003?

Answer: Yes, public folders are supported in Exchange 2007, and you can use Outlook 2003 to create them.


Question: what is the definition of tarpetting? ِDoes it that Exchange delays in response?

Answer: Yes, that is basically what it means. It's called 'tarpitting' because it makes the SMTP session 'sticky' by delaying the response to the RCPT TO: command by X number of seconds, where X is configurable. It's a tactic used to slow down address harvesters, particularly those using automated harvesting tools.


Question: So Sender ID does a reverse DNS request on the sender's domain then?

Answer: It is not a reverse DNS lookup. It's a lookup in DNS for a TXT record (also called an SPF record). The DNS record contains the list of servers (by name and/or by IP address) that are authorized to send messages on behalf of the domain.


Question: If I want to block someone from my company to receive email from outside of company in edge server why I need to time smtp address for my user instead doing ADAM lookup from EMC?

Answer: If you do not want someone to receive messages from the Internet, then the best way to accomplish this is to not give them a valid Internet address. Each Exchange mailbox user needs a valid SMTP address, but it does not have to be one that is addressable or accessible from the Internet. For example, their SMTP address could be someone@mycompany.local or user@bogus.addy. Because neither .local or .addy are valid public top-level domains, no Internet email can be sent to them.


Question: Is the hub trans the replacement for smtp connector?

Answer: The Hub Transport server is the replacement for the internal SMTP transport stack in Exchange 2003. The closest equivalent would be a Bridgehead server.


Question: is there a list of valid alphanumeric characters for an SMTP address, perhaps an RFC, that you could give me? it might be helpful to recognize what may be legit.

Answer: See RFCs 2821 and 2822, which govern SMTP. You can find these RFCs at http://ietf.org.


Question: Is it possible to view SCL in Outlook 2007?

Answer: The same way that you view it in Outlook 2003 will work. See this third-party Web site for details on how to do this: http://geekswithblogs.net/twangrotenhuis/archive/2005/11/01/58817.aspx.  Also, you can look at the message headers in Outlook to see SCL and other anti-spam information.


Question: Harold made reference to something called the return code in explaining the RBL feature.

Answer: The return code is the reply code from the RBL provider's DNS service. The return code varies among providers; there is no standard, although they typically use the convention of 127.0.0.2, 127.0.0.3, etc. Check with your RBL provider to find out what their return codes are, as you can take different actions based on the return code.


Question: I migrated from an SE CAL to EE CAL. Yet, the MS Forefront for Exchange trial still has a expiration date. Can I use the EE license key to activate Forefront, or do I need to reinstall Forefront?

Answer: No, you don’t need to reinstall ForeFront.  You will want to contact your Microsoft Sales representative to get a valid code to activate your installed copy of ForeFront Security for Exchange.


Question: I still can export public folder as pst file and import back to the outlook which is login the exchange 2007. can you confirm this? Thanks.

Answer: Outlook can be used to import and export public folders to/from PSTs in Exchange 2007.


Question: Is the concept of storage groups a feature or is it a workaround for some kind of size limitation inherent to storing email messages?

Answer: The concept of storage groups is simply a logical storage mechanism for one or more databases that share a common log stream. Exchange has a 16 TB limit per database, and since each server can house a maximum of 50 databases, a single Exchange server has a limit of 800 TB of data.


Question: How does the Exchange recognize a public computer or a private computer as the sender of an e-mail?

Answer: If you are referring to the Public versus Private option on the OWA logon (Forms based authentication), then the user selects the appropriate option.  Depending on what is configured for Public and Private options, the user may have access to certain functions (or not).  The timeout for the session is tracked as part of the session cookie.  If you are referring to the actual emails that are submitted to Exchange for delivery and how Exchange determines whether they are from an internal Exchange user versus someone on the Internet, this information is part of the email.  When you use Outlook (MAPI or Outlook Anywhere) or Outlook Web Access, you are accessing your mailbox and emails are submitted through your mailbox.  Emails that come from the Internet will flow through your Edge Transport server and Hub Transport prior to even arriving in any inbox.  They do not originate from within the Exchange Organization.


Question: I don't have the "Get-AttachmentFilterEntry" cmdlet that Harold used (I'm running RTM).

Answer: This functionality is only available on the Edge Transport server role.  If you installed the anti-spam agents onto your Hub Transport role, you will not have access to Attachment Filtering.


Question: Are there any specific procedure to add new Disk drive and new storage group to that drive in CCR Exchange 2007 server?

Answer: I assume you mean local storage, since CCR does not use shared storage. Basically, the rule of thumb is that you always want to perform maintenance on the passive node. So the process would be to use the Move-ClusteredMailboxServer cmdlet to move the clustered mailbox server to the passive node if your intent is to add storage to the node that is currently active. Then, add the storage. Now CCR replicates all storage groups to the same path on the passive node, so when you add storage to the active node, be sure to make the same changes to the passive node's local storage.


Question: I have CCR and each of node hookup a SAN via LUN, how can i make sure that two databse are the sync?

Answer: You can use the Get-StorageGroupCopyStatus cmdlet to check replication and replay activity. See also, http://technet.microsoft.com/en-us/library/aa997676.aspx for more information on managing and monitoring CCR.


Question: On Edge and Hub antivirus software is the antivirus for exchagne or just antiviruse for OS?

Answer: You can use file system-level anti-virus, as well, but make sure that it does not scan any Exchange queues, data files, etc.


Question: If the mail is sent to the spamquarantine mailbox, and the determination is made that it is not email, how do you then forward it to it's intended user? Won't it be blocked again?

Answer: There is a resubmit feature in Outlook and Outlook Web Access that an administrator can use; that injects it back into the transport stream, but further filtering does not occur, and the message is delivered and looks like it came from the original user (and not the administrator who resubmitted it).


Question: Regardig the 16 TB limit Database limit in Exchange 2007. NTFS Volumes can not be created larger then 2 TB unless you use GPT disks which is not yet supported with MS Cluistering. How can a database grow past 2TB on an Exchange Cluster?

Answer: You are correct; GPT disks are needed to exceed 2 TB, and the Cluster service does not support GPT disks. So there would be a physical limit of 2 TB per database in an Exchange cluster. But the real question is what is the recommended database size. And that is, if you use continuous replication, then the recommended maximum size (which is based on current backup and restore technology and the need to meet reasonable RTOs and SLA requirements) is 200 GB per database. If you don't use continuous replication, then the recommended max is 100 GB.


Question: question about the last answer, the resubmit feature for fowarding quarantined emails. Is that an option in Outlook, OWA or only in the Admin too?

Answer: Outlook and OWA; not in the Exchange Management Console.


Question: I missed if it was suggested to install forefront on a mailbox server as well as the others.

Answer: We recommend that you install Anti-Virus (Forefront Security for Exchange is one option) on the Edge Transport and Hub Transport server roles.  Installing on the Mailbox server role utilizing the AV API is not the recommended configuration any longer.


Question: If ForeFront software or a managed service?

Answer: It's software, but our managed service, Exchange Hosted Services, also offers it as part of their services.


Question: I guess I don't understand the difference between Forefront and, for example, McAfee or Symantec.

Answer: I think the information at http://www.microsoft.com/forefront/default.mspx would be helpful. It explains the three flavors of ForeFront that are available and how you use each one.


Question: just a clarification on the resubmit option for forwarding quarantined email on to the user. Is this a special option that gets installed, or is it just the "resend" button that is already in Outlook?

Answer: Re-send option in both OWA and Outlook. Be sure to set the SMTP address for the quarantine mailbox on both the Edge Server and a Hub Transport server. If you don't set it on the Hub Transport server, the original sender will not be preserved.


Question: Exchange 2007 works with Eset's NOD32?

Answer: NOD32 is file system-level antivirus, not Exchange-aware antivirus. See http://www.microsoft.com/exchange/partners/2007/antivirus.mspx for a list of some of the Exchange aware applications that are available.


Question: does forefront license come with EX2007?

Answer: Forefront does not “come” with Exchange Server 2007.  You can license Forefront Security for Exchange 2007 as part of the Exchange Enterprise CAL or separately.  See http://www.microsoft.com/exchange/evaluation/editions.mspx for this information.


Question: Is Forefront licensed by the mailbox or server

Answer: Forefront is licensed per user (per month).  Please see: http://www.microsoft.com/forefront/serversecurity/exchange/how-to-buy.mspx.  If you have the Exchange Enterprise CAL, the Forefront (Exchange) license is included for each User / Device CAL purchased.


Question: Is there a log file where all this events are logged? It's very important for us to have this tracking possibility to be able to know why mails were rejected (ie. false positives or blacklisted customer for any reason)

Answer: We do log to the Event Log. We also encourage you to use a monitoring product such as Microsoft Operations Manager (MOM)


Question: will the templates in antigen work with forefront?

Answer: I was informed that they should work.


Question: How do you manage file filtering exceptions, ie. IT guys need anyway .exe files how can the rule be bypassed?

Answer: Unfortunately, this is not possible with the built in Attachment filtering in Exchange 2007 Edge Transport server role.  As an alternative, you can include an exception in the Content Filtering component on the Edge Server role to include the IT guys.  This should then bypass Attachment filtering for these users.


Question: It's quit impossible to Monitor Antigen with MOM so I guess Fronrefront isn't better! Did you try it with 500000+ mail per day?

Answer: I assumed you were referring to the Edge Transport Filtering that you wanted statistics on. ForeFront has it's own reporting and you can see the statistics under Incidents in the Report section.