Category Archives: Exchange

SPF and DMARC when domain is not used for email

Just a quick post on SPF and DMARC when you have a domain that’s not used for email. In this scenario mail will never be sent out by any mailserver. If someone does send out email, it is most likely malicious email and can be ignored.

You can add the following records to your DNS:

SPF:

V=spf1 -all

DMARC:

v=DMARC1;p=reject;sp=reject;pct=100

Receiving mail servers that check for SPF and DMARC will see that it’s not valid and will reject the message.

 

Exchange 2010 End of Life extended to October 2020

If you are still running Exchange 2010 you are most likely aware that the end-of-life of Exchange 2010 is in January 2020 when extended support will end.

Because of the size of customer still running on Exchange 2010 and the amount of work it takes, especially for large enterprise customers, to move to newer platforms, Microsoft has extended the extended support to October 2010.

After October 2020, Microsoft no longer support Exchange 2010. This means no bugfixes, no security fixes, no hotfixes, nothing. The product won’t stop working of course, but no fixes will be released by Microsoft, and especially no security fixes can be dangerous.

Note. The support for Office 2010 and SharePoint 2010 is also extended to October 2020, so these are aligned now.

If you are still running Exchange 2010, it is recommended to move to Office 365 or to Exchange 2013 or Exchange 2016. Please note that there’s no direct upgrade path to Exchange 2019, so you have to move to Exchange 2013 or Exchange 2016 (preferred) first before moving to Exchange 2019.

A lot of my customers are moving to Office 365, and I have written two blog posts on this. These are based on Exchange 2010 hybrid, without the hassle of installing Exchange 2016 first into the existing Exchange 2010 organization:

https://jaapwesselius.com/2017/05/15/moving-from-exchange-2010-to-office-365/

https://jaapwesselius.com/2017/05/16/moving-from-exchange-2010-to-office-365-part-ii/

I am not sure, but when support for Exchange 2010 stops in October 2020 support for Exchange 2010 hybrid stops as well and I wouldn’t be surprised that Exchange 2010 hybrid will stop working anytime soon after this date.

If you are still running on Exchange 2010, or working on an upgrade to Exchange 2016 or Office 365, you have some more time to finish these projects, but please don’t slow down at the moment and continue your projects.

You can find the official Microsoft announcement here: https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Microsoft-Extending-End-of-Support-for-Exchange-Server-2010-to/ba-p/753591

 

Openspf.org disappeared

I used to use the openspf.org website as a valuable resource for every SPF question I had, especially around creating SPF records. For some reason, most like funding related the openspf.org website disappeared early 2019.

Another valuable resource with information regarding SPF records is:

And for checking SPF records you can use the following sites:

If you know any other site with valuable SPF information, please leave them as a comment.

Exchange 2019 on Windows Server Core disk management

When installing an Exchange 2019 Edge Transport server on Windows 2019 Server core I realized there’s no disk management MMC snap-in, so all disk configuration needs to be done using PowerShell.

For this blogpost I added a 20GB disk to my Windows 2019 Server Core server which I want to use as a D:\ drive for my SMTP queue.

You can use the Get-Disk command to retrieve the server’s disk configuration, and you can pipe this disk object into the Initialize-Disk command to bring it online and assign a new partition:

Get-Disk –Number 1 | Initialize-Disk –PartitionStyle GPT New-Partition –DiskNumber 1 –UseMaximumSize

Initialize-Disk

By default, Windows installs on drive C:\ and the DVD is mounted as drive D:\. You can use the Get-WmiObject and the Set-WmiInstance commands to assign it a different drive letter, for example drive Z:\

Get-WmiObject -Class Win32_volume -Filter ‘DriveType=5′ | Select -First 1 | Set-WmiInstance -Arguments @{DriveLetter=’Z:’}

The next step is to assign drive letter D:\ to the newly added disk:

Add-PartitionAccessPath -DiskNumber 1 -PartitionNumber 2 –AccessPath “D:\”

And finally format it using NTFS file system and a block size of 64KB:

Get-Partition –Disknumber 1 –PartitionNumber 2 | Format-Volume –FileSystem NTFS –NewFileSystemLabel “Queue” -AllocationUnitSize 65536 –Confirm:$false

format-disk

Now you can continue with the standard installation procedure for an Exchange 2019 Edge Transport server (which does not differ from an Exchange 2013 or Exchange 2016 Edge Transport server)

DNS Suffix Windows 2019 Server Core

While preparing a Windows 2019 Core server for an Exchange 2019 Edge Transport server I had to set the FQDN of the server. The server name itself is not difficult, you can change this using the SCONFIG tool, but you cannot change the DNS suffix using SCONFIG.

For changing the DNS suffix on a Windows 2019 Core you can use the NETDOM, the REG.EXE or PowerShell:

netdom computername %computername% /makeprimary:%computername%.exchangelabs.nl

or when using the computer name itself:

netdomain computername AMS-EDGE01 /makeprimary:AMS-EDGE01.exchangelabs.nl

To add the registry key needed for the DNS suffix (HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain\NV Domain) you can also use the REG.EXE tool:
reg.exe add HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters /v “NV Domain” /t REG_SZ /d “exchangelabs.nl” /f

Or you can use PowerShell:

New-ItemProperty -Path “HKLM:\ SYSTEM\CurrentControlSet\services\Tcpip\Parameters\” -Name “NV Domain” -PropertyType REG_SZ -Value “exchangelabs.nl”

New-ItemProperty DNS Suffix

Reboot the server, run IPCONFIG /ALL and you’ll see the DNS suffix. The server can now be used for installing Exchange 2019 Edge Transport server.
ipconfig all