Friday, December 23, 2005

Sender ID Framework troubleshooting

Per has earlier written about SenderID and we of course implemented the required SPF records at Inceptio. But then we needed to change our E-mail server publishing to another Firewall with another IP Scope / ISP and the trouble began. Usually changing the IP address of a DNS record takes some time to replicate (Actually technically it needs to expire in the cache on the DNS servers around the world, but that’s another story).
So changing the IP address required changing our A record for mail.inceptio.dk - which should be enough as our SPF record points to mail.inceptio.dk (And all A records) –

"v=spf1 a mx mx:mail.inceptio.dk -all"

After changing the firewall configuration, the A record and waiting a few hours everything seemed to work fine, email was flowing in- and outbound and rpc/https worked - I was happy ;-)
Then I received an e-mail with the text "Sender is forged (SPF Fail)" appended to the subject line. At first I thought it was a matter of DNS cache expiration and that time would solve the problem – but then a few hours later a mail bounced with the error “**Message you sent blocked by our bulk email filter**”.

For troubleshooting I used the SPF testing tool from dnsstuff (That provides other great tools as well) and a few others with only positive results. After a bit of troubleshooting I decided that synthetic testing method of dnsstuff wouldn’t give me an answer to the problem. Instead I used port25’s automated testing tool, which basically is an e-mail address called check-auth@verifier.port25.com that you send an e-mail to. A few minutes later you will receive an authentication report that includes compliance checks for the Sender ID standard and Yahoo’s DomainKeys (Also check their site for other resources).
In my case the problem was that the new firewall used a different outbound IP address than I expected. Changing the configuration of the firewall solved the problem and now its working fine again (Actually the whole situation reminded me about the problems we had back in the NT4/W2K and Exchange 5.5. days, with e-mails bouncing due to Exchange clusters using the Host IP address instead of the Exchange Virtual IP address because of problems with the gethostbyname() method as I described in my old article Tips for Clustering Exchange Successfully).

Wednesday, December 21, 2005

LCS 2005 Configuring Certificates guide updated

Microsoft has updated their "Microsoft Office Live Communications Server 2005 Certificate Configuration" deployment guide to version 2.2. Comparing the old with the new version shows that it’s mostly clarifications and removal of some references to using client certificates that were required in earlier versions of LCS.

Find the guide here.

Santa IM Worm hits MSN (And AOL / Yahoo)

A new worm called IM.GiftCom.All tricks users into installing a rootkit on their computer, that in turn will IM the users other contacts with links to an image of Santa. Quote -
"This worm is a medium threat in terms of its distribution, but in terms of the damage it can create, it's a more severe threat," said Art Gilliland, vice president of products for IMlogic.
"It's not a very happy delivery," he added.

This is just one more reasons for companies to block Public IM communications and move to Live Communications Server 2005 with PIC and IMLogic/Sybari for their RTC needs.

Read more at source and thanks to bink.nu for pointing to the info.

Tuesday, December 20, 2005

IMF Updates explained

Alexander at EHLO has posted a very good description of how to enable automatic updates of IMF v2 and the functionality of IMF updates

IMF updates are twice per month
IMF updates are only supported on Exchange 2003 Servers with SP2 where IMF is enabled
IMF updates are supported on all Exchange server languages
IMF updates are available from Microsoft Update via both manual and AU
IMF updates supports uninstall through Add/Remove Programs and manual rollback


Find it here

Friday, December 16, 2005

Microsoft Command Shell "Monad" Videos

Monad - or msh as the exe is called - is still in the works. Currently, it is in public beta 2 (September
2005). You can get a version for .Net Framework 2 RC/RTM at MS Downloads. Click
this link to search for your version.
If you want to get a little deeper into this, look at the
Channel 9 videos on Monad. They feature Jeffrey Snover, are short and useful.

Getting Started documentation is available
here.

Monad can do the same stuff in a few commands like you can do in many lines of VBScript (or similar) - it will hit you some day!


Being an old (Open)VMS user, it really like the nice words he uses about its DCL. Even though it can be better, it is very good owing to it consistent syntax, error handling and lots of other features. Man, I spent a lot of time using that...

Thursday, December 15, 2005

Exchange DirectPush notifications to WM5 may be delayed / stopped

Several sources including msmobiles reports that a company called Visto has filed a lawsuit against microsoft for infringing three of their patents
(Redwood Shores, CA, December 15, 2005) - Visto Corporation has filed a legal action against Microsoft (NASDAQ: MSFT) for misappropriating Visto’s intellectual property. The complaint asserts that Microsoft has infringed upon multiple patents Visto holds regarding proprietary technology that provides enterprises and consumers with mobile access to their email and other data. The company is seeking a permanent injunction that would prohibit Microsoft from misappropriating the technology that Visto and its cofounder helped develop nearly a decade ago.

Read Visto's press release here.

Wednesday, December 14, 2005

Microsoft Office Communicator Web Access has been released

"OWA" for Live Communications Server 2005 SP1 has been released to the web. It's an interesting product that support for example external users and those whose platforms aren't supported by Office Communicator (E.g. Windows 2000) and it contains the following features -
Web access – Users can access the IM and presence features in Live Communications Server 2005 SP1 through any supported Web browser.
Presence – Communicator Web Access users can determine the status of other SIP users and update their own presence information.
Personal notes – A user can publish a personal note that is displayed along with the user’s presence information.
Extensive contact management – Users can add contacts to a contact list, tag contacts to be notified when those contacts’ presence status changes, and organize listed contacts into groups.
Federation – When federation is enabled in Microsoft Office Live Communications Server 2005 with SP1, Communicator Web Access users can view the presence of users in external organizations and send instant messages to those users.
Multiple browser and operating system support – Users with Windows-based and non-Windows-based browsers and operating systems can use Communicator Web Access
User search – The Communicator Web Access server connects to the Microsoft Active Directory® directory service. Unlike Communicator, however, Communicator Web Access does not query the Live Communications Server Address Book.

Tuesday, December 13, 2005

Circumventing Group Policy as a Limited User

Just a warning :)

Read it all at Mark's Sysinternals blog. As always, you have to be impressed by Mark.