Redacting email in PST files

With the introduction of GDPR and Subject Data Access Requests it has become very important to be able to quickly redact large sets of email contained in PST files.

To do this email redaction on your local network without the need to release confidential data to third parties or transfer data in the cloud you need a tool that can be installed on Windows desktops within your LAN network.

One such tool is Hexamail Flow a great software tool for all versions of windows.

With this software you can redact email in PST files as follows:

  1. Head over to Hexamail and download the email redaction software
  2. Install the software, just click Next a lot! (You can cancel the setup when it asks for an email account, we will just import PST files)
  3. Navigate to the local folder section of the folder tree on the left
  4. Right click and do Create Subject Access Request folder
  5. This allows you to enter the contact details of the Subject so that those elements will not be auto-redacted
  6. Now right click the SAR folder and choose Import… to import the PST file
  7. Browse for the PST file and choose to import folders as subfolders
  8. You have now imported the email for redaction
  9. Click on any email in the list and in the preview you see the content.
  10. Right click the content and choose Redact to redact the email
  11. Right click on any attachment and choose Redact to redact the attachment
  12. You can also right click any email in the list and choose to save redacted as PDF directly. This will auto redact and save to PDF and optionally open any that have not yet been reviewed, to allow you to manually review the email redactions
  13. In addition to PST file support, Hexamail also support dragging any Office documents or PDF files into the SAR folder, you can then redact those in the same way.

Once redacted, the redacted email or redacted Office documents can be printed or saved to PDF directly for electronic delivery to the subject.

It’s worth noting that Hexamail can import eml files (Thunderbird/Windows Live Mail), MSG files (Outlook), PST files and also directly access email accounts your configure on Gmail, Office365, Amazon Work Mail, IMAP, POP3, Exchange Web Services, and many more types of email account. So you can work directly of live account data too if you prefer.

emailredactsplash

Redacting email content in Hexamail Flow

Overall we found that Hexamail Flow saved us hours of time with email redactions which adds up to real cost savings when performing SAR for GDPR compliance.

 

Exchange 2019 Antispam Improvements are here!

Exchange 2019 Antispam

Exchange 2019 built-in antispam features are difficult to manage, configure and monitor.
Hexamail Guard adds better reporting, logging and control of all Antispam filtering for Exchange 2019. In addition it adds extra layers of spam blocking functionality including:

  • – Bayesian content matching for detecting text spam
  • – Intelligent image matching for blocking image based spam
  • – Multiple DNSBL based real time blocklists
  • – DKIM verification and DMARC verification
  • – SPF verification
  • – Built in antivirus for preventing infected documents and malware

Hexamail also offers unparalleled spam quarantine management

This guide will help you install and setup Hexamail Guard as your Antispam gateway for Exchange 2019.

Preparing

You will need:

  • – a computer with plenty of disk space (>2GB) for storing email
  • – a 64bit or 32bit Windows operating system (Anything over Windows XP is still supported!)
  • – a permanent/reliable connection to the Internet
  • – an email account on a mailserver or email provider such as Gmail, Yahoo, Hotmail, Livemail, Office365 etc
  • – [Optional] an online calendar account such as Office 365, Google Calendar, CALDAV, Memotoo, Fruux etc
  • – [Optional] an online contacts account such as Google Contacts, CARDDAV, Memotoo, Fruux etc

Prerequisites

You will need:

  • – Administrator access or access allowing installation of software onto your computer

Installing

Next you need to download the required software and copy it to your chosen computer.

    • 1) Download Hexamail Guard and save the installer exe file and license on the computer
    • 2) Run the hexamailguardsetupN.N.N.NNN.exe file by double clicking on it. if you are on a 64bit system you should download the 64bit version called hexamailguardsetupN.N.N.NNN_64.exe
The Installer copies files and sets up servicesThe Installer copies files and sets up services
    • 3) If prompted (64bit) you should install both the Administration console and Windows service
    • 4) You can choose the installation folder at this point
    • 5) The installer copies the necessary files and creates the Windows app
    • 6) Once it has finished installing files it will automatically open the configuration wizard and you can begin setting up Hexamail Guard
The setup wizard shows the product logoThe setup wizard shows the product logo

Configuring Using the Setup Wizard

Now you can begin configuring Hexamail Guard. After some initial steps you can use the Windows admin to configure the rest of the settings

    • Specify the domains that need to be routed to your mailserver. For example if your mailboxes are user1@domain.com and user2@domain.com you need to specify domain.com as a domain. You may also need sub.domain.com if you also receive email to or from user1@sub.domain.com
Configuring internal domainsConfiguring internal domains
    • Specify the administrator email addresses. Alerts from Hexamail Guard are sent to all addresses on this list and the first entry is used as the sender of the alerts.
Configuring Administrator Email AddressesConfiguring Administrator Email Addresses
    • Specify how you wish to process email. If you want to process SMTP email as it arrives at your organization choose SMTP. If you wish to download email using POP3 and IMAP, process it and send it to your mailserver specify POP3/IMAP
Configuring Email IntegrationConfiguring Email Integration
    • Configure where your email server is and what type. Hexamail can automatically reconfigure Exchange if it is on the same machine as Hexamail or integrate with any SMTP server
Configuring Email Server IntegrationConfiguring Email Server Integration
    • Automatic reconfiguration of Exchange if it is on the same machine as Hexamail will try to create a new receive connector called “Hexamail Inbound” on port 2500. Hexamail will disable the existing Default and Internet receive connectors in order that email can flow to Hexamail on port 25 and then be processed/filtered and then sent on to the new receive connector on port 2500. In some configurations of Exchange this procedure may encounter difficulties, and Hexamail will alert you to this and save a powershell script required for the integration which you can run manually from an Exchange Powershell console. In any case the diagram shows the desired final setup configuration.
Inbound mailflow with Exchange Server IntegrationInbound mailflow with Exchange Server Integration
    • An outbound send connector is also created in Exchange called “Hexamail Outbound” and this sends outbound email back to Hexamail for outbound processing such as automatic whitelisting, antivirus filtering and adding disclaimers
Outbound email flow with Hexamail integratedOutbound email flow with Hexamail integrated
    • If for any reason the default setup flow shown above is not desirable or does not work for you then you can also setup Hexamail as shown in the next diagram. This allows Hexamail to coexist on the Exchange server but does not change any existing connectors and wont disrupt any existing 3rd party apps that are trying to send email via Exchange. Simply install Hexamail, skip the Exchange integration and then change the Hexamail SMTP Server/Network port to 2600 and press apply. Then change your firewall or router rule to route incoming SMTP (TCP port 25) traffic to the Hexamail machine on port 2600
Integrating on the same machine as Exchange using a firewall/router redirectionIntegrating on the same machine as Exchange using a firewall/router redirection
    • If Hexamail is on a machine other than your Exchange server or mailserver you can configure your email server settings. This is the IP address and port of your mailserver. Use the Test Connection button to verify the settings
Configuring SMTP Server IntegrationConfiguring SMTP Server Integration
Configuring Mail server integration with Hexamail on a separate serverConfiguring Mail server integration with Hexamail on a separate server
Configuring Mail server integration with Hexamail on the same serverConfiguring Mail server integration with Hexamail on the same server
Configuring Mail server outbound mail flowConfiguring Mail server outbound mail flow
    • Configure your outbound server settings. Hexamail needs to send email to recipients that do not have local mailboxes on your mailserver. For example it may need to send a notification or alert that there was a problem delivering email to a particular local mailbox. To send these email Hexamail needs to know the hostname or IP address and port of your smarthost. If your ISP requires you send email through their server then you need to specify that server here. If you wish to send directly to other mailservers of the external recipients then leave this blank or uncheck the checkbox. Use the Test Connection button to verify the settings
Configuring Smarthost IntegrationConfiguring Smarthost Integration
  • Other settings such as authentication, rate limits etc can all be configured using the Administration console which will open when you click Finish on the setup wizard.

Configuring Hexamail Guard

You can configure using a remote Windows administration GUI, using the Web Administration or by editing the configuration file directly.

The configuration settings are the same as in the Windows Administration and you can use the same help file to read about the various options in the Administration sections here: Hexamail Guard Help

In the WebAdmin press the help button on the page you are using to see help relating to that specific page of settings.

Web Admin Spam Blocker Help ButtonWeb Admin Spam Blocker Help Button

Alternatively you can configure Hexamail settings directly in the configuration file as per the instructions in the Configuration section here: Hexamail Guard Help

Managing

Once installed and initially configured, Hexamail is very easy to manage with clearly laid out settings, log files and email statistics/reporting. Just click on any section to open that section of the included administration app and click on a page to edit the settings for a given part of a module.

Hexamail also provide a mailserver with built in antispam capabilities Hexamail Server.

Adding DMARC support to Exchange 2016

Spammers can sometimes forge the “From” address on mail messages so the spam appears to come from a user in your domain. To help prevent this sort of abuse, Hexamail supports DMARC, which gives domain owners more control over what recipient domains do with spam emails from your domain. Hexamail software allows you to follow the DMARC.org standard and decide how recipient domains treat unauthenticated emails coming from your domain. You can publish a policy telling recipient domains and other participating email providers how to handle unauthenticated messages sent from your domain. By defining a policy, you can help combat phishing to protect users and your reputation.

Let’s break the guide into some easy steps:

To add DMARC support to Exchange 2k – Exchange 2016 you need to do the following:

  1. Download and install a Hexamail Gateway product like Hexamail Guard or Hexamail Nexus
  2. Enable the Secure module
  3. Configure an Outbound Send Connector in Exchange to send email out via the Hexamail SMTP gateway
  4. Configure your DMARC settings for your domain.

Setting up SPF

SPF is the Sender Policy Framework. This is one of the two mechanisms used by DMARC to help verify email from your domain.It is implemented just by creating a simple DNS record telling other domains which servers can legitimately send email with a From address containing your domain. You just need to know all the servers and other domains or mailservers that may need to send email using your domain email addresses.

Creating the SPF record for your domain

Creating the SPF record for your domain

 

Hexamail software (the spam blocker module) includes a wizard to help you create the SPF record you need to add through your DNS management console.

 

Setting up DKIM

DKIM is DomainKeys Identified Mail and involves signing your outbound email with a special signature in the header that guarantees the message was sent thru your server and has not been tampered with or modified since leaving your server. This is the second mechanisms used by DMARC to help verify email is genuinely from your domain. The system uses encryption keys to sign and verify the email. Your private key is generated on your server and signs all outbound email and the public key is published as a DNS record through your DNS management console to allow others to verify your signed email.

Managing DKIM keys for your domain

Managing DKIM keys for your domain

 

 

 

 

 

 

 

 

Hexamail software (the secure module) includes a management interface to let you simply generate and manage your signing keys. You can have multiple different signing keys with various different parameters. This lets you test a key or have keys that expire after a certain time or use specific keys for specific email subdomains or email addresses.

Generating a DKIM key for your domain

Generating a DKIM key for your domain

 

 

 

 

 

 

 

 

 

 

You need at least one key setup to start using DMARC. The secure module also shows you how to create the DNS record you need to add through your DNS management console to allow others to access your public key for verifying your email.

Creating a DKIM ADSP record for your domain

Creating a DKIM ADSP record for your domain

ADSP is Author Domain Signing Practices. This has largely been replaced by DMARC now. The secure module also shows you how to create the DNS record you need to add through your DNS management console to allow others to access your public key for verifying your email.

Setting up DMARC

Next you need to create a DMARC DNS record instructing other domains how to verify email from your domain and what to do with spoofed or fraudulent email

Creating a DNS record for DMARC

Creating a DNS record for DMARC

The secure module also shows you how to create the DNS record you need to add through your DNS management console to allow others to perform DMARC processing on email from your domain.

Verifying your DMARC setup

Finally you should verify your DMARC setup. To do this send an email from your domain to one of the many DMARC verification services or to a gmail account. The verification services usually send a reply containing the DMARC, SPF and DKIM test results in details.

Unlock the Inbox can verify your DMARC setup if you send an email to this address mailtest@unlocktheinbox.com
Returnpath can verify your DMARC setup if you send an email to this address checkmyauth@auth.returnpath.net

There are also many other deployment tools and verification services listed here DMARC.org

Gmail will add an email header to all received email stating the authentication results for DMARC, SPF and DKIM. Just view the “original message” in the Gmail inbox and you can read all the headers.

Powershell script to create inbox rule to move spam to junk folder on all Exchange 2010 mailboxes

With Hexamail Guard you can tag any email that is processed as spam using header or subject tags. The script below uses the simplest case (a subject prefix tag) to move spam to user “Junk E-mail” folders  automatically in Exchange.
Remember to turn off the Spam blocker Block and Delete options if you want all spam to pass through to the users’ mailbox junk folders.
#Get list of all Exchange mailboxes
$list = Get-Mailbox * -ResultSize unlimited

foreach ($entry in $list)
{
$user = $entry.alias
$check = Get-InboxRule -Mailbox $user | where { $_.name -like "Hexamail Spam" }

if ($check -ne $null)
{
continue
}
elseif ( $check -eq $null)
{
New-Inboxrule -name "Hexamail Spam" -mailbox $user -MoveToFolder "$($user):\Junk E-Mail" -SubjectContainsWords "Potential spam:" -ExceptIfSubjectContainsWords  ("RE: Potential spam:","FWD: Potential spam:") -confirm:$false -priority 999 -force
}
}
exit

Using DNSBL in Exchange 2013

In order to use an RBL with Exchange 2013 its best to use Hexamail to provide antispam for Exchange 2013.

This has several advantages over any built in antispam protection in Exchange:

  1. Hexamail blocks spam before it reaches Exchange and therefore email doesnt ever burden Exchange
  2. It offers various options per blocklist, such as allow, weight, block and reject so you can configure each blocklist to be as aggressive as you wish
  3. Blocked spam appears in a web based quarantine allowing the admin or users to unblock and whitelist in a single click if required
  4. Blocked spam never reaches Exchange or Outlook so no scripts or malicious links can be activated by end users
  5. Configuration is via a full Windows GUI that allows clear configuration of each list and the action it performs rather than using a complicated command line interface (Powershell)

Hexamail DNSBL support is shown in the screenshot below:

ip

 

DNSBLs can be used not only for the sending IP address (or IP address in the email headers) but also to reject sender

email address domains:

 

sender

 

 

And also any links (URL hostnames)  contained in the contents:

urlhost

 

 

In every case the email can be allowed, weighted, blocked or rejected/deleted based on the matching list found.

 

Hexamail can be installed on the same server as Exchange or on another, separate server. Installation is controlled by a really simple to use setup wizard that automatically integrates with Exchange if it is installed on the same machine.

You can download a trial of Hexamail Guard here

Exchange Server 2007 Transport: 452 4.3.1 Insufficient system resources

When trying to telnet to the SMTP port of an Exchange 2007 Hub Transport server, it issues the following error:

452 4.3.1 Insufficient system resources

The Application Event Log has Event ID 15002 from MSExchangeTransport saying “The resource pressure is constant at High. Statistics… “ and goes on to tell you that inbound mail submission has stopped, and it’s due to disk space being low on the volume where the queue database is located.

What’s Back Pressure?

In Exchange Server 2007, the Transport service monitors system resources such as disk space and memory on Transport servers (the Hub Transport and the Edge Transport servers), and stops message submission if it’s running low on these resources. It continues to deliver existing messages in the queue. When resource utilization returns to normal, it resumes message submission. The feature is called Back Pressure.

In this case, Exchange required 4 Gigs of free disk space on the volume where the Queue database was located – I had about 3.95 Gigs. 🙂

Changes to Back Pressure settings in Exchange Server 2007 SP1

The Back Pressure settings in Exchange Server 2007 RTM stop inbound mailflow if free disk space is below 4 Gigs. This static threshold has been lowered in SP1 to a more realistic 500 MB.

The Resolution

Many configuration options for transport servers are saved in an XML file namedEdgeTransport.exe.config (it’s the same file name on both server roles— Edge Transport and Hub Transport) located in \Exchange Server\Bin\.

To get transport to resume submissions, you can use any of the following methods. All of the following require you to edit the EdgeTransport.exe.config file.

  1. Disable BackPressure: Although Microsoft doesn’t recommend it, it does provide a way to Disable Back Pressure
  2. Tweak BackPressure thresholds: Modify BackPressure parameters to more accurately define what’s high utilization for your deployment or server configurations, as explained in the above docs.
  3. Move the queue database to another volume: Another resolution, and the one I used in this case, was to move the queue database to another volume with ample of free space, using the following procedure:
    1. Add the following key in the <AppSettings> section in EdgeTransport.exe.config, as documented in “How to Change the Location of the Queue Database“:

      <add key=“QueueDatabasePath” value=”D:\Queue\QueueDB” />

    2. Save the file and restart the Microsoft Exchange Transport service from the Services console or by using the Restart-Service cmdlet (Restart-Service MSExchangeTransport).

Solved: 552 4.3.1 Message size exceeds fixed maximum message or 552 5.3.4 Message size exceeds fixed maximum message

When email is sent by my SMTP Relay (or Forward in POP3 downloader) module I see errors in the log saying “552 4.3.1 Message size exceeds fixed maximum message” or “552 5.3.4 Message size exceeds fixed maximum message”. This is typically when sending email to Microsoft Exchange. What can I do?

Those errors are being reported from the next server, the one Hexamail is trying to send the email onwards to. In the log just above it should say which server is being contacted. Typically this error message is generated by message limits set in Microsoft ISA server, Microsoft Exchange or Symantec Antivirus SMTP gateway.

Setting the maximum message size is of course different in almost every single version of Exchange. Follow the links below to find out how to do so in each version:

Exchange 2000

Exchange 2003

Exchange 2007 or here

Exchange 2010

A general discussion thread on Technet