removing user pemissions 1

[Hfnet]

I have a CRM which requires a command to be run on the EX2007 to allow email to be sent out. The admin document give the following command to use:

get-mailboxserver [Exchange2007ServerName] | add -adpermission -user [UserAccount] -extendedrights “Send As”, “Receive As”, “Administer Information Store”, “View
Information Store Status”

I am now receiving self-addressed spam and want to revert my account to default settings. I guess I need to use the above command but with remove -adpermission, but what it the default rights list compared to the above command? I don't want to kill my email! What from the above list is safe to remove?

Thanks

 

[markdmac]

Let's step back a second. Is the spam coming from the account you added rights to or another account? Is that account a resource account or your admin account?

Should that account receive mail from the outside? If not, then why not just block the receipt of mail from external sources?

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[Zelandakh]

Receiving self addressed spam can be halted with an SPF record and a hard fail delete option.

 

[Hfnet]

I have implemented SenderID filtering but am dubious of hard deleting. The odd thing is that it is only me receiving these emails. I have removed all of the above mentioned rights which has made no difference, but the start of receiving these does coincide with the change to my account.

 

[Zelandakh]

Hard delete is deletion of emails from your own domain arriving through your SMTP connector. What's the problem there?

 

[Hfnet]

I was unsure exactly what it deleted. If it only does my own domain spoofs, then no problem.

I have looked at the Exchange Management Console and in the anti-spam settings (this is a single hub transport server running SBS2008, no edge involved) and have set SenderID to delete as suggested, but this has made no difference. Am I in the wrong place?

 

[Hfnet]

I am now still receiving self-addressed spam, but the header has:

Received-SPF: TempError (server.mydomain.local: error in processing
during lookup of user@mydomain.co.uk: DNS timeout)

 

[Zelandakh]

Do you have the same internal domain name as external? You'll need to get your internal DNS sorted to contain your external resources including an SPF record. Then it will delete your problem emails and any other actual fails too.

 

[Hfnet]

no, i have domain.co.uk as the public email domain and domain.local as the internal network. I have set DNS up to use root hints as seemingly required by SBS 2008. Maybe I should review this?

 

[Zelandakh]

Hmm, what is your SPF record detail?

 

[Hfnet]

Well, I'm not convinced I have one. I have enabled the Anti-Spam SenderID filter which apparently is the SPF lookup, but unlike EX2003 I cannot see where to place or create a proper SPF record...

Although I have run the cmdlet Set-SenderIDConfig -SpoofedDomainAction Reject since starting this post which I had not found before now, so let's see.

 

[Hfnet]

Hmm, now the emails are still being delivered but go into my junk folder. It's better but still something is screwy...

 

[markdmac]

SPF should be set in your public DNS.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[Hfnet]

um, ok. Being new to SBS 2008 I know not where to start now! I am now receiving spam again and even with Sophos PureMessage installed the mails are not being scanned seemingly. All of the ones alleging to be from myself do not have the [spam score] tag even though they have the [scanned] tag, and now some emails from other people (legitimate) also are lacking the [spam score] tag!

aaaargh!

 

[Zelandakh]

Go here:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Read, complete, follow and understand.

 

[Hfnet]

Thanks, will have a look at this when I get back to the office

 

[Hfnet]

um, AAAARGH!

I have created an Internal SPF record on my SBS DNS space, and also had my ISP create an external one for me, and guess what! No difference!

I am receiving self-addressed spam in my inbox which is bypassing the Sophos PureMessage spam check! How is this happening?

 

[markdmac]

Perhaps you have a PC infected with a spam engine within your LAN?

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[Hfnet]

No, all PC's have been checked and are turned off over night. Also all of the emails are stamped with [Scanned] by Sophos PureMessage which only happens for emails received from outside the company.

I am now getting so fed up I want to blat the server and start over!

 

[markdmac]

How many users are in your environment? You might want to look at anti-spam solutions that prevent the mail from ever reaching your server. You can get Postini from Google Apps for just $2/mailbox/year.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.