What is Sender Policy Framework?

Sender Policy Framework (SPF) is an attempt to control forged e-mail. SPF is not directly about stopping spam – junk email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren't. While not all spam is forged, virtually all forgeries are spam. SPF is not anti-spam in the same way that flour is not food: it is part of the solution.

SPF was created in 2003 to help close loopholes in email delivery systems that allow spammers to “spoof” or steal your email address to send hundreds, thousands or even millions of emails illicitly. SPF is a protocol developed by a group of motivated volunteers, joined by a mutual desire to improve the operation of the internet. It is not a commercial product offered by a for-profit corporation. The SPF protocol is being adopted by a growing number of domain hosts and Internet Service Providers (ISPs), and, as in any technology evolution, there will be some bumps on the road, but Azaleos is here to help along the way.

Now that all the fuss, intrigue and mystery has died away after the Apple iPhone SDK announcement last week, let’s take a look and see if the enhanced IT-orientation of the next version of the iPhone will really pass muster with enterprise IT departments.

1. What is ActiveSync's potential benefit to iPhone customers?
ActiveSync (especially now that it is built into Windows in Vista) is the most widely accepted mobile device interface to Windows PC's in the market. By licensing this and building the sync interfaces into the iPhone Apple will immediately overcome a huge IT blocking barrier that has previously existed and make it much easier for iPhones to be officially embraced (both technically and philosophically) in the enterprise.

Many Azaleos customers and prospects continue to ask us if we can help them to connect iPhones to their Exchange messaging systems. Key executives, and now increasingly even the rank and file employees, have purchased the iPhone on their own and want to use it to send and receive Exchange e-mail. Our skilled Azaleos engineering team has already authored a number of blog entries on this site which describe how to utilize IMAP to connect the iPhone into Exchange. So, the answer at the high level is YES --- we can help you to architect this connection. The bigger issue, though, in my opinion, before we even get to the “How,” should be the “Why” or the “When” or perhaps even the stiff arm.

Outlook 2003 GAL Displays EX type / Creating Detail Templates

The issue has been raised on occasion of Outlook 2003 not providing a good way to retrieve a user’s email address in the GAL. The ‘Email Address’ field in the GAL is of EX type, and displays as the LegacyExchangeDN, and there is no ability to copy the email address from the contact properties.

When looking in Outlook 2003’s GAL, you probably see something like this:

In Outlook2007 you see the following:

The reason for this is that Outlook 2003 uses the EX type for the Email Address column and Outlook 2007 uses the SMTP type. The EX type is an internal type that exchange uses, and returns a value equal to the LegacyExchangeDN. Unfortunately, Microsoft has hardcoded the GAL view from being modified. A great way to work around this is to use the Details Template Editor under the Exchange 2007 Toolbox (or in Exchange 2003’s ESM, under Recipients), and create a field for email address in the property template. Performing this action is actually good to do anyways for both 2003 AND 2007 clients given the fact that it displays the user or contact’s email address in a field that can be copied if needed.

Although a little different from the normal posting, here's a little code snippet that we needed to write to check the version of the .NET framework installed on a client machine.

All of our new ViewXchange software is written using WPF and XBAP, and some folks haven't kept their clients current with the latest versions of the .NET framework. So, it's advisable to test for the framework version installed before you download your large application.

So, borrowing heavily from some sample code on the Microsoft web site (http://msdn2.microsoft.com/en-us/library/aa480198.aspx), this may prove helpful to those writing .NET browser applications.

Upgrading Exchange 2007 to SP1

Preparing
Upgrading SP1 is pretty straight forward, but there are a few things you must pay attention to. In my experience, it is best to suspend any storage group copies you have in motion if the Mailbox role is installed. This includes LCR, CCR, SCR, etc. The command to suspend this replication is:

Suspend-StorageGroupCopy \ -DomainController

For SCR:
Suspend-StorageGroupCopy \ -StandbyMachine -DomainController

This will gracefully bring replication to a halt. This is important primarily because replication can get too far out of sync if you don’t, which means you must completely reseed. We also need to verify that the Windows Firewall/Internet Connection Sharing (ICS) service is running. Simply change it to Manual or Automatic if it isn’t already, and Start the service. We can disable it when we are done if we so choose, but it needs to be running so that setup can configure it properly. Microsoft also recommends stopping any services that have open handles to performance counters such as Performance Logs and Alerts and any Microsoft Operations Manager agents. Restart the Remote Registry service.

Why not?

With the recent release of Exchange 2007 SP1, the email community is far less reluctant to move toward Exchange 2007, and SCR (Standby Continuous Replication: http://technet.microsoft.com/en-us/library/bb676502.aspx) is one of the best new features.

The technology SCR runs off is the same technology used with LCR. The ability to replicate off site to function as DR is invaluable, as well as the ability to have multiple targets. Azaleos has done testing to these ends, and have run installations on both hardware and virtualization.

A solution I prefer if the initial hardware is there, is to run production servers on straight hardware (blades work well) in a CCR configuration for both high reliability and high availability, then have an off-site virtual SCR target (CCR standby option). Exchange has also been tested and works on fully virtual environments.

Challenges with CAS-CAS Proxy

Upon upgrading a HUB/CAS server that handles mail in one geographic location to Exchange 2007 Service Pack 1 (SP1), I was unable to log into OWA. This is because CAS-CAS proxying cannot be done if the version that you are going to is different/higher. Once I patched the source CAS server to SP1 as well, I could get in with no issues.

The error you will receive if the versions are too far out of sync is:

Outlook Web Access is not currently available for the user mailbox that you are trying to access. If the problem continues, contact technical support for your organization and tell them the following: The Microsoft Exchange Client Access server that is proxying the Outlook Web Access requests is running an older version of Microsoft Exchange than the Client Access server in the mailbox Active Directory site.

Folks,

Azaleos has now spent 6 months working with Microsoft on the issue of the support for the Macintosh Mail.App application against Exchange 2007, vs the support against Exchange 2003.

The diagnosis appears to be that significant changes were made to the IMAP protocol implementation in Exchange 2007 that significantly deteriorates the performance of MAC Mail.App clients, especially clients that have large mailboxes, against Exchange 2007 vs. Exchange 2003.

Although the Microsoft support team's response has been absolutely exemplary in troubleshooting and understanding the problem, we have been unable to make the Exchange development team understand the significance of this takeback from Exchange 2003, nor been able to have them implement fixes in the Exchange 2007 stack to address the issue.

Failing over a Exchange 2007 cluster for Scheduled Outages

In the old days with Exchange 2003, we used to just move the cluster group using CluAdmin.exe or issues the command line script to move the groups. Now with Exchange 2007 and CCR clusters, we have must start using a different method. Why? Well, Windows Server 2003 Clusters are not Exchange 2007 aware and you could end up with a corrupted database.

The basis of Exchange 2007 management is PowerShell. So, it makes since to leverage that tool to fail over a CCR cluster. Remember, in a CCR cluster only one node can be taking down at one time, otherwise there will be a disruption in service.