Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«94 »
  • Post
  • Reply
Submarine Sandpaper
May 27, 2007



I ended up finding a workflow so it appears to do nothing per: https://docs.microsoft.com/en-us/ex...e-item-recovery

Thankfully this means I'm getting this off my plate asap since I don't have perms to modify our mailDBs. Don't really want to touch hundreds of mailboxes either way!

Adbot
ADBOT LOVES YOU

incoherent
Apr 24, 2004

01010100011010000111001
00110100101101100011011
000110010101110010


Question: are you guys still doing quarantining if you purchase or use ATP?

Old Binsby
Jun 27, 2014



yeah, defanged and wrapped in five flashing banners are all nice and good but theres some stuff the user doesn’t need to see. it removes the opportunity to panic or do something else dumb

or did you mean as opposed to just > dev/null-ing everything it finds? don’t do that

incoherent
Apr 24, 2004

01010100011010000111001
00110100101101100011011
000110010101110010


No i'm not looking to trash messages. Quarantine was previous used for all attachments, if I've got ATP running (which sandbox, opens , checks the links and provides a detailed report) of the attachment wouldn't quarantine just be redundant?

e: or attempt to significantly dial it back to new email addresses or unknown senders.

incoherent fucked around with this message at 18:15 on May 16, 2019

capitalcomma
Sep 9, 2001

A grim bloody fable, with an unhappy bloody end.

Is a batch of 2000 outgoing mails the kind of mail volume that could put my company on a spam list?

A department wants to send out a notification to customers (not advertising, it's related to a change in their accounts), and they are currently planning to do it through our internal mail system.

They want to send the mails in one or two large batches, and are asking me to temporarily change rate limit controls for the account that will be sending them.

I've never dealt with this kind of request before. Is that the kind of mail volume that would merit using a mass-mail service?

capitalcomma fucked around with this message at 23:26 on May 24, 2019

Internet Explorer
Jun 1, 2005





Oven Wrangler

Yes, do not send mass mailings from your email server.

Old Binsby
Jun 27, 2014



yeah the companies that specialize in this gently caress it up often enough that i wouldnt dream of diy'ing mass mailings. If its a single time event you probably might be able to squeeze it in a free trial of one. If you don't get budget or whatever, just rate limit it to very very few, 100 an hour or so and explain you're going to take all day to send out 2000 messages extra.

incoherent
Apr 24, 2004

01010100011010000111001
00110100101101100011011
000110010101110010


I did our exchange upgrade yeeearrrrsss ago and they had an access program that mass emailed, and worked fine with exchange 2003 and the mass mailings were small enough to not trigger people spam services. On 2010, it poo poo the bed and emailed one client 43,000 times. I didn't get on any block lists, but I was really loving pissed at my boss who never disclosed this app to me at any part during the migration process. His boss was pissed at him, so it was nice seeing the diamond pressure process unfold in real time.

We've not done campaigns since, because I will gently caress them hard if they suggest one.

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

The corporate email server is for emails from people, and a relay for stuff going to internal destinations (notifications, scan to email etc). All mass mailings go through SES, Mailgun, whatever. Office 365 is quite sensitive to locking down accounts that it thinks are sending outbound transactional email, which is preferable to being blacklisted by a third party but still not great. You don't want marketing screwing up a newsletter to result in your C-levels seeing their emails bounce.

Old Binsby
Jun 27, 2014



incoherent posted:

I did our exchange upgrade yeeearrrrsss ago and they had an access program that mass emailed, and worked fine with exchange 2003 and the mass mailings were small enough to not trigger people spam services. On 2010, it poo poo the bed and emailed one client 43,000 times. I didn't get on any block lists, but I was really loving pissed at my boss who never disclosed this app to me at any part during the migration process. His boss was pissed at him, so it was nice seeing the diamond pressure process unfold in real time.

We've not done campaigns since, because I will gently caress them hard if they suggest one.

had one like this recently but even worse, an in house app lost contact with the relay server for sending out mailings and instead of queueing those messages and dropping them after a period of time it just kept trying. It also kept generating message delayed/undeliverable notifiations to the admin of the app but also couldnt deliver those for about a month. Email sent out by this mailer app is entirely broken without anyone noticing. Then one Friday night a bit flips somewhere and it regained connectivity to a relay host. Blasted 250k messages out over the course of a weekend, ruined the newsletter.main-domain.org reputation forever. Got me out of a scheduled performance assessment because that's over twice what I scaled Exchange for at that org and things went swimmingly

Boris Galerkin
Dec 17, 2011



I'm not sure if this belongs here but I couldn't find a more general email thread.

My email provider lets me write custom Sieve code for filtering emails and I was wondering if it's possible to write one that does the following:

code:
if regex matches in body
    matched_text = regex capture group
    send email to [email]someone@somewhere.com[/email] with matched_text as subject line
The official "documentation" for this language is flat out unreadable to me, but I did get the sense that it can do regex and it can search body texts.

Old Binsby
Jun 27, 2014



There is an extension that can do body searches listed so that's probably possible. Not sure about the custom subject in the notification mail, none of the examples do anything like that. I don't use it so I'm not going to suggest any examples but the tutorial provides a nice starting point and there's a ton of 3rd party sieve management GUIs here... maybe one has a decent editor that will show syntax errors and such. Don't consider the RFC the user documentation, they always suck.

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

quote:

We are starting to roll out several capabilities Outlook for iOS and Android that address the email and calendar needs for Enterprise customers.

Shared Mailboxes: You will be able read, write and send emails from the Exchange Online Shared Mailboxes in Outlook for iOS and Android. If you are part of the Office Insider program for iOS and using the Microsoft sync technology (MC165218), you will be able get an early preview of the capabilities via TestFlight this week. It is anticipated that we will start to roll out Shared Mailboxes in Outlook for iOS and Android (using Microsoft sync technology) for general availability in the next several weeks.

incoherent
Apr 24, 2004

01010100011010000111001
00110100101101100011011
000110010101110010



loving. finally.

Boris Galerkin
Dec 17, 2011



Old Binsby posted:

There is an extension that can do body searches listed so that's probably possible. Not sure about the custom subject in the notification mail, none of the examples do anything like that. I don't use it so I'm not going to suggest any examples but the tutorial provides a nice starting point and there's a ton of 3rd party sieve management GUIs here... maybe one has a decent editor that will show syntax errors and such. Don't consider the RFC the user documentation, they always suck.

Thanks! I gave it a shot but couldn’t get regex match groups to work—they just stayed as a literal “$1” no matter what combination of escape characters I used so I gave up and set up something with Zapier.

Old Binsby
Jun 27, 2014



Boris Galerkin posted:

Thanks! I gave it a shot but couldn’t get regex match groups to work—they just stayed as a literal “$1” no matter what combination of escape characters I used so I gave up and set up something with Zapier.

cool that you figured something out. in the spirit of the thread i should add that exchange (administrators) can do what you wanted to do natively using transport rules



Woah, i remember when this was put on their roadmap. But only just, it's been that long. Nice

Digital_Jesus
Feb 10, 2011



Exchange/Office related question thats stumping me a bit here trying to clean up some of my predecessors leftover poo poo.

Office People Pane - I've got some users who can't see emails from the user in question at all. They can also see emails from some users that weren't even sent to them. Trying to figure out how to resolve this.

Example: I sent an email to one of my helpdesk guys. If he selects my name down in the people pane, he can't see anything from me, not even emails he was copied on or sent.
Example 2 (The one that concerns me): If said helpdesk guy opens up our directors name on the people pane, he can see dozens and dozens of emails that he wasn't copied on which is obviously a huge problem.

He doesn't have delegation rights or access to that mailbox, so thats not it. Anyone point me in the direction of somewhere I can gander? Google-Fu is getting me a ton of "Turn the people pane on or off" or "Why the people pane doesn't work" but not much "Why you can read the CIO's email when they didn't send it to you".

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

Digital_Jesus posted:

Exchange/Office related question thats stumping me a bit here trying to clean up some of my predecessors leftover poo poo.

Office People Pane - I've got some users who can't see emails from the user in question at all. They can also see emails from some users that weren't even sent to them. Trying to figure out how to resolve this.

Example: I sent an email to one of my helpdesk guys. If he selects my name down in the people pane, he can't see anything from me, not even emails he was copied on or sent.
Example 2 (The one that concerns me): If said helpdesk guy opens up our directors name on the people pane, he can see dozens and dozens of emails that he wasn't copied on which is obviously a huge problem.

He doesn't have delegation rights or access to that mailbox, so thats not it. Anyone point me in the direction of somewhere I can gander? Google-Fu is getting me a ton of "Turn the people pane on or off" or "Why the people pane doesn't work" but not much "Why you can read the CIO's email when they didn't send it to you".

Are you sure this person doesn't have access to the mailbox? While you have probably checked for a direct delegation assignment, this smells to me like a security group delegation has been done and the person in question is apart of it.

I would check the CIO mailbox for all delegation. If there is a group delegation there of any kind that is the issue.

Digital_Jesus
Feb 10, 2011



The CIO has no group delegation, or any delegation at all except one specific user who is not the person in question.

I've gone through this dudes security groups too. Other users mailboxes are doing this too, but there doesn't seem to be a pattern across departments or anything.

Is it possible the users who's email can be read have accidentally enabled something stupid in their outlook profiles?

Digital_Jesus fucked around with this message at 13:27 on Jun 12, 2019

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

Digital_Jesus posted:

The CIO has no group delegation, or any delegation at all except one specific user who is not the person in question.

I've gone through this dudes security groups too. Other users mailboxes are doing this too, but there doesn't seem to be a pattern across departments or anything.

Is it possible the users who's email can be read have accidentally enabled something stupid in their outlook profiles?

The first thing I would do is test. Can this user open owa and open the CIO mailbox? Once that is ruled out, you know its for sure a feature issue you have to get fixed.

I would also take a quick look at the admin log report. Lets say the helpdesk person in question has been snooping and the data in the peoples tab was cached when he delegated himself access and snooped previously. That would also explain why its inconsistent.

And just to be clear, the people's pane should ONLY show the mail that exists in that persons mailbox. Showing other peoples mail and such leads me to believe that the data exists in the OST and someone has just gotten caught.

Sickening fucked around with this message at 13:53 on Jun 12, 2019

Digital_Jesus
Feb 10, 2011



I think I figured it out.

Previously what was done when someone was terminated here was access was granted to a specific user to that persons old mailbox (rather than giving them a pst archive export). This is stupid and has since been fixed and the relevant parties clubbed.

However, it looks like it you had access to a mailbox at any point in time, even if that access has since been revoked, any emails your outlook profile cached during the time period you *had* access stays put, even if you didn't open or read any of them. Again I verified this guys mailbox access in exchange and the management shell reports he can't do poo poo except to his own mailbox, so as a test I had him blast his outlook profile away and re-sync with the server. Now he can only see the emails he's been sent that are still in his mailbox.

So it appears that its just a side effect of the cache functionality in outlook, but even so I'm just going to disable this stupid rear end plugin across the org.

Thanks

E: For reference the helpdesk guy hasn't been snooping and doesn't have the access to do so even if he wanted to, aside from the fact he isn't that kind of person. All of the HD permissions have been adjusted to what they actually need instead of the previous Admins policy of "gently caress it whatever heres domain admin and exchange org rights". Hes the one that brought the problem to my attention going "Yo why can I see this poo poo?".

E2: Basically the previous network administrator here was real real bad at security and gave people too much access and a lot of bad habits on how to do things like pull out emails, files, or grant other users access or copies to data. I don't believe any of this is malicious, its just a compounded case of stupidity.

Digital_Jesus fucked around with this message at 14:07 on Jun 12, 2019

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

Finally!

https://support.office.com/en-us/ar...76-6c49c5473c9f

Will Styles
Jan 19, 2005



Wow.. that's actually awesome.

AlternateAccount
Apr 25, 2005
FYGM

Outlook Mobile is so good, but we can't use it. They aren't too up front about it, but Microsoft pulls and caches your email internally and then pushes down to the device. That makes some people anxious.

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

I assume you aren't using Office 365 if that is people's objection to it

AlternateAccount
Apr 25, 2005
FYGM

Thanks Ants posted:

I assume you aren't using Office 365 if that is people's objection to it

We are not! For, I assume, similar reasoning.

incoherent
Apr 24, 2004

01010100011010000111001
00110100101101100011011
000110010101110010


There are far worst threats than microsoft MITMing your email.

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

incoherent posted:

There are far worst threats than microsoft MITMing your email.

I would assume that any org that chooses on prem vs cloud email are idiots at this point even from a security aspect of things.

Happiness Commando
Feb 1, 2002
$$ joy at gunpoint $$



We have O365 hybrid with two on prem mail servers - Exchange 2010 as a hub transport and Exchange 2016 just as a mailbox server (with no mailboxes). I need to decommission the older server. I'll have to add the hub transport role to the new server, are there any gotchas that I need to watch out for? I've never done any serious heavy lifting in Exchange and it would suck if I inadvertently break all the email that comes from our on prem apps.

Old Binsby
Jun 27, 2014



Happiness Commando posted:

We have O365 hybrid with two on prem mail servers - Exchange 2010 as a hub transport and Exchange 2016 just as a mailbox server (with no mailboxes). I need to decommission the older server. I'll have to add the hub transport role to the new server, are there any gotchas that I need to watch out for? I've never done any serious heavy lifting in Exchange and it would suck if I inadvertently break all the email that comes from our on prem apps.

Besides the Edge role Exchange 2016 kind of did away with the whole concept of roles compared to 2010. All of the old roles are wrapped up in what's now called the Mailbox server. So you don't need to install anything but you might break all the email coming from on prem apps anyway if you don't recreate receive connectors used for relaying on the 2010 box on the 2016 server. Depending on how those apps are configured to submit mail you also might need to adjust the DNS entry for that or the app configuration (if they were using the mail server host name directly).

AlternateAccount
Apr 25, 2005
FYGM

incoherent posted:

There are far worst threats than microsoft MITMing your email.

Well, Microsoft also has cached credentials so they can MITM the email as well, afaik. It doesn't keep me up nights, but it makes some people unreasonably anxious.

Old Binsby
Jun 27, 2014



i wish someone'd read my mail, honestly it's comforting to know ms might be

I'm currently working the most conservative and security-oriented gig right now I've ever done. Data so well protected the user experience is slow and garbage enough for a hacker to just go away out of frustration. Also i am very much aware of the actual end of support date for exchange 2013 and how far away that is as a result

Submarine Sandpaper
May 27, 2007



Speaking of Exchange 2013, I've been tasked with implementing DKIM on an on-prem exchange 2013 shop. They only have one CAS server and two mailbox servers. I assume I have to install the DKIM tool @ https://github.com/Pro/dkim-exchange/ on the two mailbox servers as the CAS:

quote:

Front End Transport service on Client Access servers: This service acts as a stateless proxy for all inbound and (optionally) outbound external SMTP traffic for the Exchange 2013 organization. The Front End Transport service doesn't inspect message content, doesn't communicate with the Mailbox Transport service on Mailbox servers, and doesn't queue any messages locally.
won't inject the headers? I think I confirmed this by getting a null output when doing get-transportrole CASserver but heck if I've dealt with on prem 13 before.

incoherent
Apr 24, 2004

01010100011010000111001
00110100101101100011011
000110010101110010


The most angozing part of moving o365 is setting up an relay praying all my customer emails (the automated ty for your order nonsense) don't trip the "reasonable" transaction limits.

Users, emails, mail flow was super easy.

myron cope
Apr 21, 2009



Is it possible in Exchange to push a folder to a set of users?

We have incident plans that are supposed to be pushed to appropriate people's mailboxes (you get the cyber security plan if you are on the cyber security team, that kind of thing) so they can have a copy of the plan on their email (and on their phone) and it can be updated with new updates to the plan without requiring an email be sent every time

We use(d) Code Two Exchange Sync (I think it's called that...something similar to that) but it somehow broke and the fix looks to be turn of SSL or something--we haven't looked super far in-depth at fixing it because my boss swears there is a built-in way to do this in Exchange that since we now have Enterprise licensing we can use. When the C2 thing worked it seemed to work fine, although it was a bit janky. You could delete the plan and it would just show back up in your mailbox, new ones could be published pretty easily, etc

I don't know if he imagined it or if I'm just not coming up with the correct search terms but I can't find anything like it. I thought he was talking about Public Folders but we had our weekly meeting today and I said "hey you can't access public folders on your phone" and he was kinda lovely about it and said "well I'm not talking about public folders this is something else" so I kinda just want to prove him wrong

Edit: exchange 2016, on prem

Submarine Sandpaper
May 27, 2007



There are some crack pot ways to.

Search-mailbox from a source mailbox and target whatever departments/groups.

Pstimport, but the process of creating or modifying the PST every time seems like a huge pita.

Shared mailbox?

myron cope
Apr 21, 2009



Submarine Sandpaper posted:

There are some crack pot ways to.
Shared mailbox?

I wonder if this isn't what we end up going with.

I asked him directly what feature he was talking about and of course he couldn't come up with the name of it. Then he said he saw an article before that was like 4 steps of things you had to do, but we couldn't do it because of licensing--but of course couldn't find the article anymore.

So then we decided to go back to the Code 2 product. Now it looks like it stopped working because of Exchange 2016, not really for anything else.

Then he said "well maybe we just send them an email and make it so they can't delete it"



I also wonder if the solution is just "email the document, tell them to be a responsible adult and not delete it" but of course that's fantasy. The C2 thing was nice because even if you deleted it, it was coming back.

Bob Morales
Aug 18, 2006

I love the succulent taste of cop boots

Before I started here, an Exchange 2016 server was added to the existing 2010 server, and mailboxes were migrated over etc. Everything was working properly, the 2010 server was really doing anything but was still part of the setup.

After trying to remove Exchange 2010 from that server, a couple other things were found to be still running, so the uninstaller of course would stop and give an error. After resolving those issues (a mail connector and then like an address book and one or two other things), the uninstaller would proceed but then stopped because it couldn't find some files from the SP3 install files (they were no longer on the server).

So the server uninstalled.....mostly. We're having a couple odd things happen now, like a few people's email wouldn't refresh until we re-created their outlook profile, just a couple weird goofy things.

Part of me wants to remove the references to the old server using ADSI edit, but the smart side of me wants to just spend a couple hundred bucks on having an 'expert' clean it up. I don't want to risk knocking out mail for a few hours or worse, a day.

I've used Microsoft Professional Support before for things like recovering from corrupted information stores and things like that, it's $499. Are there any other suggested go-to experts for something like this? I don't want to call a local MSP because I have a feeling they're going to just go through some standard troubleshooting steps and charge us for 5 hours of research, we might get a green tech....

Old Binsby
Jun 27, 2014



they're basically going to go through this list, which you can also do (might have already). I'd prefer ponying up for MS support over ADSI editing a server out of a production environment.
https://techcommunity.microsoft.com...10/ba-p/1247559

Adbot
ADBOT LOVES YOU

Will Styles
Jan 19, 2005


Alternatively you can install and un-install a 2010 server with the same name/role. That should remove anything from AD that shouldn't be there.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«94 »