Thursday, August 30, 2007

Greylisting and Exchange

There is a potential issue between the Mail Servers that implement Greylisting and MS Exchange SMTP Servers.

Greylisting is used on some mail servers to tempfail first attempt of an email, asking the sending server to retry later. When Exchange tries to send mails to certain domains that implement ‘greylisting’, the mails fail to get delivered and an NDR is generated. Here is an example of what that NDR looks like:

"You do not have permission to send to this recipient. For assistance, contact your system administrator. server.domain.com #4.7.1 smtp;450 4.7.1 <recipient@greylistdomain.com>: Recipient address rejected: Greylisted"

The problem is that the sending Mail Servers are not delaying in response to a 450 "mailbox unavailable" response. The standard (RFC2821) specifies this as a transient condition and the sender should re-queue the message and resend it later. While it's reasonable to fail a message after receiving a number of these "transient failure" responses, the timeout before resending should be higher than 1 second - 10, 15 or 30 minutes are usual values.

By defaut, messages receiving a 4xx SMTP response are processed as a "glitch" 3 times before being put back into the queue for processing on the retry interval. So the problem is when the server resend the message 2 more times with a 1-second delay between attempts and then (presumably) fails delivery and notifies the sender that an error has occurred.

So as a workaround, we need to assertively set GlitchRetrySeconds to a value that allows the greylisting conditions to be satisfied, 120 seconds would do good in most of the cases.

How to Configure Glitch Retry Interval in Exchange Server 2003

Sunday, August 5, 2007

Public Folders and Exchange 2007

Public folders are slowly being pushed out of Exchange into SharePoint 2007 and thus is no longer available in OWA from Exchange 2007.

Exchange 2007 client access server has some limitations in public folder support: no IMAP, NNTP, nor OWA access to Public Folders.

Only Public Folders that are stored on an Exchange 2003/2000 server can be accessed via a browser. There is a speculation that PF access via OWA 2007 will be made available when Exchange 2007 SP1 rolls out.
Also with the release of Exchange 2007 SP1, there will be the Public Folder Management Console for Public folders management. As of now public folder management can only be done through the command shell.

Exchange 2007 is surely de-emphasizing public folders. Public folders may not be included in future releases, but support for public folders will be maintained through at least 2016.

Here is what MS Exchange Team say about Exchange 2007 and Public Folders.

Wednesday, August 1, 2007

Restrict expanding a Distribution List for users

I have heard this question a lot... Here is way we can restrict expanding a distribution list so that the users can't see its members.

Use ADUC. Right-click the DL and click on "Exchange tasks...". From there, select "Hide membership".

This is useful when we have the Message restrictions applied on the properties page for the DL and it fails when the user expands the list to its members, then the message is sent again to everybody.