Enable Connection Filtering Agent on Exchange 2013

Block List Providers like zen.spamhaus.org are an important part to any mail server because they block 99% of the spam. One problem with Exchange 2013 is that this feature doesn’t work by default. The agent that creates the connection between your mail server and the Block List Provider is the “Connection Filtering Agent”, so you need to enable this agent.

  1. Change Directory to scripts folder.
    cd $exscripts 
  2. Install the agent.
    Install-TransportAgent -Name "Connection Filtering Agent" -TransportService FrontEnd -TransportAgentFactory "Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentFactory" -AssemblyPath "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll"
  3. Add an IPBlocklistprovider
    Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $true -Enabled $true
    Add-IPBlockListProvider -Name "SpamCop IPBlockListProvider" -LookupDomain "bl.spamcop.net" -IPAddressesMatch "127.0.0.2","127.0.0.5" -Priority 1
  4. Enable the agent
    Enable-TransportAgent -TransportService FrontEnd -Identity "Connection Filtering Agent"
  5. Restart FrontEnd transport service

    Restart-Service MSExchangeFrontEndTransport
  6. Check to see if the Agent is enabled
    Get-TransportAgent -TransportService FrontEnd -Identity "Connection Filtering Agent"
  7. Logging for the frontend agent is here “C:\Program Files\Microsoft\ExchangeServer\V15\TransportRoles\Logs\FrontEnd\AgentLog”

Shylock malware spam

I’ve just received notice that a malware called Shylock can be received through spam mail. There are some spam mail servers that have been used to send this malware so you need to make sure you block these domains. Run the following command on the Exchange 2013 mail server to block these spam servers:

Set-SenderFilterConfig -BlockedDomainsAndSubdomains aqu.su,atmgion.su,axr.su,azr.su,bai.su,bcv.su,bern.su,blz.su,caf.su,cif.su,dorwwc.su,eca.su,eevootii.su,ehk.su,eprotect.su,e-protections.su,e-statistics.su,feat.su,fve.su,gaso.su,grs.su,higuards.su,igate.su,iprotect.su,jcy.su,klr.su,lbb.su,leq.su,lud.su,many.su,maw.su,mouih.su,mue.su,nohtheer.su,oul.su,queiries.su,rnx.su,simkas.su,sito.su,soinstlen.su,tco.su,tnbc.su,vkloft.su,vng.su,wand.su,wbx.su,wsysinfonet.su,acx.su,aisuvied.su,ccl.su,dmf.su,exy.su,ezootoo.su,fey.su,main2woo.su,nfg.su,oogagh.su,pcg.su,pqe.su,r4i6nb.sxo.su,sge.su,sxo.su,thepohzi.su,umc.su,uphebuch.su,ahbee.su,ajeic.su,choop.su,eimiecha.su,tagoo.su,vun.su,wyp.su,teighoos.su,jan.su,navyfederal.jan.su,onlineaccess1.jan.su,apb.su,CDN-STORE.SU,egu.su,GREENCLOUD.SU,OHY.SU,STRONG-SERVICE.SU,TECH-SUPPORT-LLC.SU,YIEQUEIH.SU,YIMGSCORES.SU

Exchange 2013 create Address Book Policy (ABP)

If you want your company to have an easy way to access the company’s Contacts, Users, Rooms, Distribution Lists you will have to create and map an Address Book Policy to all Exchange users.

Execute the following commands in Powershell to find out your existing lists:

Get-AddressList
Get-GlobalAddressList

Oce you find out what your lists are, run the following command:

New-AddressBookPolicy -Name "Contoso ABP" -AddressLists "\All Users","\All Contacts","\All Groups","\All Rooms" -OfflineAddressBook "\Default Global Address List" -RoomList "\All Rooms"

See if the ABP was created:

Get-AddressBookPolicy

If it was created now you can go and enable this policy on specific users.

Exchange 2013 Single Namespace

If you have a small Exchange infrastructure you will most likely benefit from using only one namespace, like reducing costs on SAN certificates.

1) In case you are trying to set your Exchange Server to use only one namespace (ex. mail.contoso.com) you first need to change the internal and external FQDN for all Virtual Directories. You can use the following link to do that. LINK

2) The second and final step is changing the FQDN on the “Default Frontend” receive connector.

If you get an error when you click “Save” go to “security” and deselect “Exchange Server authentication”. Now you will be able to save.

To verify this configuration you can telnet to your Exchange server and EHLO. The result should be your single namespace FQDN (mail.contoso.com).

You can also change the SMTP Banner that is displayed when you telnet to your Exchange server. Visit my post HERE.

Exchange 2013 OWA/ECP blank page

If you recently changed your certificate for your Exchange server this might result in OWA and ECP not working properly. The problem is that Exchange doesn’t update the certificate in IIS “Exchange Back End” site. So you have to do this manually.

  1. Open IIS
  2. Navigate to “Exchange Back End” site
  3. Open bindings and edit the HTTPS binding
  4. Make sure that the binding is configured with the new certificate
  5. Restart IIS