Microsoft Confidential Overview .3 New Features .4 Routing Link State Algorithm .4 ArchiveSink Enhancements 5 Lab 1: ArchiveSink 9 Public Folder Affinity .10 DNS Resolver Enhancement 12 Lab 2: DNS Resolver .17 Domain Address Rewrite 18 Lab 3: Domain Address Rewrite 23 Query Based Distribution Group . 24 Lab 4: Query Based Distribution Groups .31 Recipient Filtering 32 Lab 5: Recipient Filtering .37 Distribution Group Restrictions . 38 Lab 6: Restricted Distribution Groups 41 Security Principle Based Submit and Relay . 42 Lab 7: Security Principle Based Submit and Relay . 46 Connection Filtering and RealTime Block List (RBL) 49 Lab 8: Connection Filtering and RBL 64 Fault Analysis .68 Appendix A - Scripts .79 Appendix B – Cube Notes 81 Exchange Server 2003 Troubleshooting: Transport Microsoft Confidential Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Active Directory, Exchange 2000 Server, Exchange Server 2003, Outlook, Outlook Express, Outlook Web Access, Windows 2000, and Windows Server 2003 are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Microsoft Confidential Overview This document is intended to provide Microsoft Exchange administrators with the information necessary to successfully configure, deploy and troubleshoot the new features of Microsoft® Exchange Server 2003 SMTP transport. The module assumes a good knowledge of Exchange 2000 Server SMTP transport. Microsoft Confidential New Features Routing Link State Algorithm The link state algorithm in Exchange 2003 has been changed to address conflicting link states that result when network or other transient hardware problems cause conflicting link state information. This change was implemented in two parts:  First, the default link state update interval was lengthened to ten minutes versus the five minute interval of Exchange 2000.  Secondly, each server compares the last link state it received for a given route to the link state that is to be sent to the Routing Group Master. • If the last link state update received does not match the link state the server is prepared to send, the server appends a new update that matches the last one received and does not change the link state message. • If the next update interval expires, a link state update is not received; the server sends a link down status update to the Routing Group Master. Microsoft Confidential ArchiveSink Enhancements ArchiveSink is a diagnostic tool that enables message archiving. The tool has been enhanced to log all message and recipient details of an e-mail message, include bcc: recipients, and provide logging. When ArchiveSink is enabled, the default behavior is to archive all messages and their recipients, with the exception of bcc: recipients. Each message is archived to an .eml file that includes message ID, subject, and all recipients on the “To” and “cc:” lines. When you enable bcc: archiving, an additional .xml file for each message is generated. The XML file for bcc: contains the same information produced for other message recipients and includes bcc: recipients. All messages are in one of two directories in the archive location the administrator specifies: • MAPI Gateway Messages - This directory holds all messages submitted by MAPI clients, such as Outlook, and messages submitted through foreign gateway servers. • SMTP Messages - This directory contains all messages submitted through the SMTP service. ArchiveSink uses two transport events, OnMessageSubmission, and OnPostCategorize. OnMessageSubmission event All messages submitted through the Information Store and the SMTP transport triggers the OnMessageSubmission event. This event is triggered before any routing or categorizer events. This event is triggered only once per message. Messages archived for this event contain the prefix filename: ARCH_<random number>.eml Microsoft Confidential When the ArchiveSink is installed, messages are archived for this event by default. Messages archived for this event contain the prefix filename: ARCH. So an archived message appears as ARCH_<random number>.eml. OnPostCategorize event The OnPostCategorize event captures a message after it is categorized, that is after the sender and recipients have been located in the directory and any distribution lists have been expanded. Message archival is not the default behavior of the OnPostCategorize event; archival is enabled via the registry. Messages can trigger this event multiple times. Messages archived for this event contain the prefix filename: ARCH_<random number>_POSTCAT.xml. The original message is parsed by the categorizer, which generates a new message for each recipient of the original message. Hence, each message is a new message destined for a specific domain or server and will trigger the OnPostCategorize event. Internet Message Format Messages are parsed or turned into a unique message for each recipient for many reasons; for example, recipients are located in another messaging system or the recipient is a distribution list. The Internet Message Format options available on Exchange Server 2003 require special content handling for recipients in foreign domains or smart hosts. Consider the case when all mail sent to one domain is sent as plain text and to another as MIME. These new messages also trigger the OnPostCategorize event. Setup ArchiveSink is installed via script and configured via script and the registry. The sink is installed on a per virtual server basis. The sink must be uninstalled using the same script; ArchiveSink_Setup.vbs. • ArchiveSink requires restart of IISAdmin service after installation. • Registry changes require restart of SMTP service. Copy archivesink_setup.vbs and archivesink.dll files from the location where you expanded the Web Release of Exchange Server 2003 tools into the \exchsrvr\bin directory. The text below demonstrates the command line and usage of the setup script. Cscript archivesink_setup.vbs [install|uninstall|display] [Virtual server ID] [archive location] Run archivesink_setup.vbs with the appropriate switches for the given SMTP virtual server. When installation is successful, the script automatically creates registry key parameters for advanced archiving controls. Microsoft Confidential HKLM\SOFTWARE\Microsoft\Exchange\ArchiveSink\<virtualServer#>\ "Archive System Messages" "Dump P1" "Enable MAPI Gateway Messages" "Enable Message Logging" "Enable PostCat" "Enable Precat" "Enable SMTP Messages" "MAPI Gateway Messages" "SMTP Messages" The sink archives only OnMessageSubmission messages by default. In addition, system messages are not archived (public folder messages, replication messages, and so on). ArchiveSink archives all messages to the path specified in the registry. If this key is absent, it defaults to the system temp folder. For most computers running Microsoft® Windows Server™ 2003 computers, the default location is %windir%\temp. Universal Naming Convention (UNC) paths are not supported for the archival location; Distributed file system (DFS) should work. Optional Settings:  Message Logging = 1: ARCH_RandomNumber.xml file is generated for each archived message. The XML file includes internet message ID, subject and all envelope recipients of the message. This is the feature that archives BCC recipients.  Dump P1 = 1: ARCH_RandomNumber.P1 binary file is generated for each archived message. This binary file contains the property stream of the e- mail message and is helpful only for Exchange debugging purposes. Install the sink on SMTP virtual server 1 and make logs in c:\archivesink directory: Cscript archivesink_setup.vbs install 1 c:\archivesink  BCC recipients = All messages that pass through SMTP virtual server 1 will be archived. However, the BCC recipients will not be logged until the value of the Enable Message Logging key is changed to 1 in the registry: a. Click Start, click Run and type RegEdit. b. Browse to HKEY__LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Archi veSink\1 (where 1 represents SMTP virtual server 1). c. Right-click on the Enable Message Logging key. Then click Modify. d. Change the value data to 1. Then click OK. e. Restart the default SMTP virtual server. f. Display the bindings on SMTP virtual server 1: Important Microsoft Confidential Cscript archivesink_setup.vbs display 1 g. Remove the sink from SMTP virtual server 1: Cscript archivesink_setup.vbs uninstall 1 Microsoft Confidential Lab 1: ArchiveSink Objective:  At the end of this lab students will be able to set up ArchiveSink to archive all messages and their recipients. Instructor Notes: Run the archivesink_setup.vbs script. Enable the Message Logging registry key that ArchiveSink creates, to turn on message logging by importing .reg file or manual adding key to registry. Send messages with Outlook 2003 and Outlook Express to verify that MAPI, BCC and standard messages are archived. Exercise 1: 1. Enable archiving for all message types. 2. Send messages with MAPI and SMTP client. 3. Verify that P1, bcc: and standard message types are archived. 4. Have instructor verify your results. Microsoft Confidential Public Folder Affinity The default Public Folder (PF) referral is calculated based on the routing cost. Exchange Server 2003 introduces the concept of PF Affinity. This new feature allows the administrator to define which servers will receive client request for PF content. The new feature is configured on the Public Folder Referrals tab of the “server” properties in ESM. The list has two choices; Use Routing Groups or Use Custom List. When Use Custom List is selected, the administrator may enter or browse for the servers in the organization and add their cost (preference). Lower cost represents a greater preference. This gives the administrator the ability to use costs to prioritize servers in the referral list. Exchange Server 2003 implements this new feature with two new attributes, msExchFolderAffinityCustom, msExchFolderAffinityList, and supporting code. The value of msExchFolderAffinityCustom determines if PF affinity will be used for PF referrals.  If the msExchFolderAffinityCustom attribute is not set or has a value of 0, PF referral behaves the same as Exchange 2000.  If the attribute is present and contains a value of 1, the new server attribute msExchFolderAffinityList list is parsed for the cost of each of the selected servers; the list is the server GUID. Then servers not listed as preferred servers are assigned an infinite cost. This ensures that servers in the list with lesser cost will be the target of the referral.  If the selected server is unavailable, the referral will be passed to the next server in the list until the list is exhausted. At this time, the referral will fail and the client will receive an error. [...]... the PF server; and therefore the destination cannot be changed Exchange Transport has no knowledge of which servers have a complete PF hierarchy Transport has been engineered to make a calculated assessment of when the PF hierarchy will be present Exchange Server 2003 and Exchange 2000 SP4 transport first selects servers from TLH list, PF servers list, whose history is more than two days Next, server. .. DNS server state; an unresponsive DNS server will cause a delay each time it is queried, unlike Windows Server 2003 SMTP which has code to track which servers are unresponsive The Exchange 2000 DNS resolver sink does not load balance equal priority mail exchanger records Microsoft Confidential The sink did not maintain the state of external DNS servers If several external DNS servers are used by Exchange. .. list from the Exchange Server 2003 DNS resolver sink in lieu of the default global DNS server list if the SMTP virtual server is configured to use external DNS servers for mail delivery The new DNS resolver sink in Exchange Server 2003 exposes both the old and the new interface The new interface only checks to see if the domain to be resolved is an external domain, and if so, returns a DNS server list... for designating and configuring expansion servers and global catalog servers for expanding distribution groups into individual recipients Option 1 Consider designating an Exchange Server 2003 server with no mailboxes, such as a public folder replica server or a bridgehead server, as the expansion server for a large Query Based Distribution Group Because this server has more bandwidth and resources to... the expansion server to use one or more global catalog servers that are not used by other Exchange servers in the organization You can configure this setting in Exchange System Manager on the Directory Access tab of the server properties Option 2 Create a Query Based Distribution Group for every Exchange server and limit each Query Based Distribution Group to the mailboxes on that Exchange server Assigning... Group,CN=InformationStore,CN=TI6767,CN=Servers, CN=First Administrative Group,CN=Administrative Groups,CN=First Organization, CN=Microsoft Exchange, CN=Services,CN=Configuration,DC =server, Dc=concsi,d c=lab)) ))))) Microsoft Confidential Query Based Distribution works reliably in a NATIVE MODE Exchange 2000 /2003 deployment where all Exchange 2000 servers are running Service Pack 3 and the AD uses Windows Server 2003 global catalog servers... is an Exchange Server in the Org fe.concsi.lab is in the Exchange Org Global DNS servers will be used Using the default DNS servers configured for this computer 192.168.1.2 Querying DNS server: 192.168.1.2 Created Async Query: QNAME = fe.concsi.lab Type = MX (0xf) Flags = UDP default, TCP on truncation (0x0) Protocol = UDP DNS Servers: (DNS cache will not be used)192.168.1.2 Connecting to DNS server. .. most preferred mail exchanger record Shutting down ATQ Shutting down IISRTL Exit code: 4 Note Example: fe.concsi.lab is the SMTP server DSN logging Delivery Status Notification (DSN) is the SMTP nomenclature for system transport notifications NDR, or non-deliverable, has become synonymous with DSN in the Exchange world DSN error codes were cryptic in Exchange 2000 Exchange Server 2003 addresses this... that mail exchanger records are tried in the same sequential order for each connection within the SMTP queue, an unnecessary delay occurs when unavailable mail exchangers are tried There are no performance counters for Exchange DNS resolver sink, and the Exchange DNS resolver sink does not update the DNS query/sec on the SMTP virtual server object in performance monitor Solution Exchange Server 2003 running... topology; local server, then servers in same routing group, then servers in same Adminstrative Groups (AG) and then servers in other administrative groups The rationale is that a server older than two days will most likely have the PF hierarchy in place So if you install a new PF server, it is highly unlikely PF messages will flow to that server until two days have passed If a message reaches a server with . Exchange Server 2003 and Exchange 2000 SP4 transport first selects servers from TLH list, PF servers list, whose history is more than two days. Next, server. Windows Server 2003 DNS event to return the DNS server list from the Exchange Server 2003 DNS resolver sink in lieu of the default global DNS server list