Wednesday 1 August 2007

SBS - Exchange Email and DNS

With today's spam filters getting more militant, it is up to us to make sure that our SBS based Exchange servers and the DNS associated with them are absolutely correct.

Many anti-spam filters will not send out an NDR - Non Delivery Report - to let the sender know that something is amiss.

How about a phone call from a client saying something to the order of, "We have a client that we can't seem to send e-mail to. Please fix it!"

After verifying all of the settings being correct, or at least seemingly correct, another call comes in a while later by the same client stating that e-mail is not getting through again.

Sometimes, it is someone on the other end who has incorrectly setup some sort of anti-spam appliance. We were in that situation. The call came through, and we know that our settings were correct, so it must be the other side's issue. It turns out that their IT department had installed this anti-spam appliance a number of months ago and since then many board members were no longer able to receive a lot of their email. Ouch!

For us, there is no excuse for an incorrectly setup Exchange server on SBS. The tools are available for us to make sure everything is correct.

To verify your client's DNS for email go here: DNSStuff and run the DNSReport. You will be surprised what you may find there. Kewl thing about this tool? It provides all of the relevant fix information too.

So, get it done. And, if you are dealing with a less than cooperative ISP, then counsel the client into a 3rd party email hosting setup for your SBS email redundancy. Exchange hosting might be an option in this case.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.


stryqx said...

The most important thing about configuring Exchange is to really think about whether or not you should use the DNS blocklist capability. If you do use it, be aware that blocked e-mails aren't recorded in the logs, which makes troubleshooting very difficult.
The better approach is to use an anti-spam product that scores e-mail, including adding a score for entries in the DNS blocklists. It's far better to mark a message as spam rather than outright blocking it. Remember that a blocked valid e-mail takes up the sender's time, the recipient's time and your time.

Philip Elder Cluster MVP said...

I can't agree with you more!

It is the bane of our existence right now to deal with clients whose emails are seemingly disappearing.

So far, a significant part of the problem has been misconfigured anti-spam appliances on the other end. Too many false positives. Instead of tagging them with a score and sending them off to the user to deal with, the emails are getting caught in some sort of spam bucket with no user access. Not good.

The other part of the problem are the so called spam cops, the blacklisters. Sometimes ranges of IPs appear on their lists, and one of our clients happen to rest in that range. We then have to sometimes jump through some hoops to get their IP removed or saved to a "whitelist".

This whole spam thing is very disappointing in so many ways. :(