Category Archives: Uncategorized

Exchange 2019 Antispam Improvements are here!

Exchange 2019 Antispam

Exchange 2019 built-in antispam features are difficult to manage, configure and monitor.
Hexamail Guard adds better reporting, logging and control of all Antispam filtering for Exchange 2019. In addition it adds extra layers of spam blocking functionality including:

  • – Bayesian content matching for detecting text spam
  • – Intelligent image matching for blocking image based spam
  • – Multiple DNSBL based real time blocklists
  • – DKIM verification and DMARC verification
  • – SPF verification
  • – Built in antivirus for preventing infected documents and malware

Hexamail also offers unparalleled spam quarantine management

This guide will help you install and setup Hexamail Guard as your Antispam gateway for Exchange 2019.

Preparing

You will need:

  • – a computer with plenty of disk space (>2GB) for storing email
  • – a 64bit or 32bit Windows operating system (Anything over Windows XP is still supported!)
  • – a permanent/reliable connection to the Internet
  • – an email account on a mailserver or email provider such as Gmail, Yahoo, Hotmail, Livemail, Office365 etc
  • – [Optional] an online calendar account such as Office 365, Google Calendar, CALDAV, Memotoo, Fruux etc
  • – [Optional] an online contacts account such as Google Contacts, CARDDAV, Memotoo, Fruux etc

Prerequisites

You will need:

  • – Administrator access or access allowing installation of software onto your computer

Installing

Next you need to download the required software and copy it to your chosen computer.

    • 1) Download Hexamail Guard and save the installer exe file and license on the computer
    • 2) Run the hexamailguardsetupN.N.N.NNN.exe file by double clicking on it. if you are on a 64bit system you should download the 64bit version called hexamailguardsetupN.N.N.NNN_64.exe
The Installer copies files and sets up servicesThe Installer copies files and sets up services
    • 3) If prompted (64bit) you should install both the Administration console and Windows service
    • 4) You can choose the installation folder at this point
    • 5) The installer copies the necessary files and creates the Windows app
    • 6) Once it has finished installing files it will automatically open the configuration wizard and you can begin setting up Hexamail Guard
The setup wizard shows the product logoThe setup wizard shows the product logo

Configuring Using the Setup Wizard

Now you can begin configuring Hexamail Guard. After some initial steps you can use the Windows admin to configure the rest of the settings

    • Specify the domains that need to be routed to your mailserver. For example if your mailboxes are user1@domain.com and user2@domain.com you need to specify domain.com as a domain. You may also need sub.domain.com if you also receive email to or from user1@sub.domain.com
Configuring internal domainsConfiguring internal domains
    • Specify the administrator email addresses. Alerts from Hexamail Guard are sent to all addresses on this list and the first entry is used as the sender of the alerts.
Configuring Administrator Email AddressesConfiguring Administrator Email Addresses
    • Specify how you wish to process email. If you want to process SMTP email as it arrives at your organization choose SMTP. If you wish to download email using POP3 and IMAP, process it and send it to your mailserver specify POP3/IMAP
Configuring Email IntegrationConfiguring Email Integration
    • Configure where your email server is and what type. Hexamail can automatically reconfigure Exchange if it is on the same machine as Hexamail or integrate with any SMTP server
Configuring Email Server IntegrationConfiguring Email Server Integration
    • Automatic reconfiguration of Exchange if it is on the same machine as Hexamail will try to create a new receive connector called “Hexamail Inbound” on port 2500. Hexamail will disable the existing Default and Internet receive connectors in order that email can flow to Hexamail on port 25 and then be processed/filtered and then sent on to the new receive connector on port 2500. In some configurations of Exchange this procedure may encounter difficulties, and Hexamail will alert you to this and save a powershell script required for the integration which you can run manually from an Exchange Powershell console. In any case the diagram shows the desired final setup configuration.
Inbound mailflow with Exchange Server IntegrationInbound mailflow with Exchange Server Integration
    • An outbound send connector is also created in Exchange called “Hexamail Outbound” and this sends outbound email back to Hexamail for outbound processing such as automatic whitelisting, antivirus filtering and adding disclaimers
Outbound email flow with Hexamail integratedOutbound email flow with Hexamail integrated
    • If for any reason the default setup flow shown above is not desirable or does not work for you then you can also setup Hexamail as shown in the next diagram. This allows Hexamail to coexist on the Exchange server but does not change any existing connectors and wont disrupt any existing 3rd party apps that are trying to send email via Exchange. Simply install Hexamail, skip the Exchange integration and then change the Hexamail SMTP Server/Network port to 2600 and press apply. Then change your firewall or router rule to route incoming SMTP (TCP port 25) traffic to the Hexamail machine on port 2600
Integrating on the same machine as Exchange using a firewall/router redirectionIntegrating on the same machine as Exchange using a firewall/router redirection
    • If Hexamail is on a machine other than your Exchange server or mailserver you can configure your email server settings. This is the IP address and port of your mailserver. Use the Test Connection button to verify the settings
Configuring SMTP Server IntegrationConfiguring SMTP Server Integration
Configuring Mail server integration with Hexamail on a separate serverConfiguring Mail server integration with Hexamail on a separate server
Configuring Mail server integration with Hexamail on the same serverConfiguring Mail server integration with Hexamail on the same server
Configuring Mail server outbound mail flowConfiguring Mail server outbound mail flow
    • Configure your outbound server settings. Hexamail needs to send email to recipients that do not have local mailboxes on your mailserver. For example it may need to send a notification or alert that there was a problem delivering email to a particular local mailbox. To send these email Hexamail needs to know the hostname or IP address and port of your smarthost. If your ISP requires you send email through their server then you need to specify that server here. If you wish to send directly to other mailservers of the external recipients then leave this blank or uncheck the checkbox. Use the Test Connection button to verify the settings
Configuring Smarthost IntegrationConfiguring Smarthost Integration
  • Other settings such as authentication, rate limits etc can all be configured using the Administration console which will open when you click Finish on the setup wizard.

Configuring Hexamail Guard

You can configure using a remote Windows administration GUI, using the Web Administration or by editing the configuration file directly.

The configuration settings are the same as in the Windows Administration and you can use the same help file to read about the various options in the Administration sections here: Hexamail Guard Help

In the WebAdmin press the help button on the page you are using to see help relating to that specific page of settings.

Web Admin Spam Blocker Help ButtonWeb Admin Spam Blocker Help Button

Alternatively you can configure Hexamail settings directly in the configuration file as per the instructions in the Configuration section here: Hexamail Guard Help

Managing

Once installed and initially configured, Hexamail is very easy to manage with clearly laid out settings, log files and email statistics/reporting. Just click on any section to open that section of the included administration app and click on a page to edit the settings for a given part of a module.

Hexamail also provide a mailserver with built in antispam capabilities Hexamail Server.

Exchange Server 2007 Transport: 452 4.3.1 Insufficient system resources

When trying to telnet to the SMTP port of an Exchange 2007 Hub Transport server, it issues the following error:

452 4.3.1 Insufficient system resources

The Application Event Log has Event ID 15002 from MSExchangeTransport saying “The resource pressure is constant at High. Statistics… “ and goes on to tell you that inbound mail submission has stopped, and it’s due to disk space being low on the volume where the queue database is located.

What’s Back Pressure?

In Exchange Server 2007, the Transport service monitors system resources such as disk space and memory on Transport servers (the Hub Transport and the Edge Transport servers), and stops message submission if it’s running low on these resources. It continues to deliver existing messages in the queue. When resource utilization returns to normal, it resumes message submission. The feature is called Back Pressure.

In this case, Exchange required 4 Gigs of free disk space on the volume where the Queue database was located – I had about 3.95 Gigs. 🙂

Changes to Back Pressure settings in Exchange Server 2007 SP1

The Back Pressure settings in Exchange Server 2007 RTM stop inbound mailflow if free disk space is below 4 Gigs. This static threshold has been lowered in SP1 to a more realistic 500 MB.

The Resolution

Many configuration options for transport servers are saved in an XML file namedEdgeTransport.exe.config (it’s the same file name on both server roles— Edge Transport and Hub Transport) located in \Exchange Server\Bin\.

To get transport to resume submissions, you can use any of the following methods. All of the following require you to edit the EdgeTransport.exe.config file.

  1. Disable BackPressure: Although Microsoft doesn’t recommend it, it does provide a way to Disable Back Pressure
  2. Tweak BackPressure thresholds: Modify BackPressure parameters to more accurately define what’s high utilization for your deployment or server configurations, as explained in the above docs.
  3. Move the queue database to another volume: Another resolution, and the one I used in this case, was to move the queue database to another volume with ample of free space, using the following procedure:
    1. Add the following key in the <AppSettings> section in EdgeTransport.exe.config, as documented in “How to Change the Location of the Queue Database“:

      <add key=“QueueDatabasePath” value=”D:\Queue\QueueDB” />

    2. Save the file and restart the Microsoft Exchange Transport service from the Services console or by using the Restart-Service cmdlet (Restart-Service MSExchangeTransport).

Solved: 552 4.3.1 Message size exceeds fixed maximum message or 552 5.3.4 Message size exceeds fixed maximum message

When email is sent by my SMTP Relay (or Forward in POP3 downloader) module I see errors in the log saying “552 4.3.1 Message size exceeds fixed maximum message” or “552 5.3.4 Message size exceeds fixed maximum message”. This is typically when sending email to Microsoft Exchange. What can I do?

Those errors are being reported from the next server, the one Hexamail is trying to send the email onwards to. In the log just above it should say which server is being contacted. Typically this error message is generated by message limits set in Microsoft ISA server, Microsoft Exchange or Symantec Antivirus SMTP gateway.

Setting the maximum message size is of course different in almost every single version of Exchange. Follow the links below to find out how to do so in each version:

Exchange 2000

Exchange 2003

Exchange 2007 or here

Exchange 2010

A general discussion thread on Technet

Quarantine in Exchange Server IMF

 

Exchange 2003 IMF and Exchange 2007 Content Filter do have their own Quarantine functionality.  In Exchange 2003 you can Quarantine Emails into an archive directory.  You can then use one of the freely available Archive viewers to release emails. This is a little fiddly to do.

 

 Exchange 2007 provides the Quarantine by routing blocked emails to a central mailbox.

 

 In addition both versions support routing emails to the user Junk Email folder. In this manner users can review filtered spam on their own. In order to release the email more configuration is required

The disadvantages of quarantining spam inside Exchange or in user mailboxes are as follows:

– Once in the Exchange server the spam has already wasted processing resources. There may be many thousands of spam email!

– Once in the Exchange server the spam has already wasted storage resources

– If using a central quarantine, the admin has to manually review and release spam using limited tools to browse the quarantine and identify the spam vs non spam email

– If spam goes to user mailboxes then the administrator cannot easily mass-delete blocked spam for users

– If spam goes to user mailboxes then the administrator cannot easily add specific blocks and reject rules based on the  blocked spam to prevent similar spam even arriving in the quarantine in future.

–  If spam goes to user mailboxes then the users may inadvertently trigger malware or scripts or open attachments in the spam email and infect their machines. Any images shown in the spam may track their viewing

of the spam and notify the spammer that the email address is active.

So it seems its best to keep spam (as email) away from the user mailboxes, and quarantine it outside of Exchange.

Hexamail Guard allows you to  quarantine spam BEFORE it reaches Exchange. The advantages of this approach:

– Eliminate  processing and storage requirements on Exchange.

– The Administrator can review spam in large volumes, grouped by subject, block rule, country code, ip address etc.

– The Administrator can perform batch operations such as deleting all spam of a similar nature

– The Administrator can perform batch operations such as releasing all nonspam of a similar nature

– The Administrator can use blocked spam to setup new rules to automatically  reject or delete future spam before it is even quarantined

– The Administrator can whitelist nonspam senders so that in future they are never blocked.

– Users can review their spam using a web interface that is entirely safe, only the text of the email is rendered so no scripts or attachments can be triggered.

– Users can whitelist non spam senders for their specific account so that they will receive email from those senders unhindered in future.

– Users on restricted bandwidth (such as mobile devices) don’t have to waste time downloading spam email. They can review the headers and delete or accept email in a fully responsive web app.

Some of the features of the administrator spam quarantine are shown here

antispamquarantine

batch-action