יום שישי, 1 בינואר 2010

Conficker Detection Tool

Conficker Detection Tool

W32/Conficker.worm exploits the MS08-067 vulnerability in Microsoft Windows Server Service. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Machines should be patched and rebooted to clean the system, then rebooted again to prevent reinfection.
McAfee has developed a utility that will assess for the presence of the Conficker worm and identify which systems are already infected.  We recommend that you download the McAfee Conficker Detection Tool now.


Exchange 2003 configuration step by step

Configuring your new Exchange 2003 server for internet email with POPcon for downloading the email from POP3 mailboxes isn't hard if you just do it step by step as shown in this configuration sample. In this guide we will step through a sample installation of Exchange 2003 for a company we will call "Mycompany". Mycompany consequently owns the internet domain name "mycompany.com".
Actually it only takes these simple steps:
And this is how to configure the Exchange Server to accept email for a domain like "mycompany.com" and cooperate with POPcon:

First install the Exchange server software from the CD or DVD. You may have to go back to the "Add/remove Software" utility in the control panel to add NNTP support if you did not do so during initial setup of your windows installation. Then open the Exchange System Manager and configure the new Exchange installation.

1. Adding your internet domain name to the recipient policies

Open the Exchange System-Manager. It should look like this:

One of the problems most often encountered when configuring an Exchange 2003 Server system is the fact that often the internet domain nane you want to receive email for ("mycompany.com") does not match your standard active directory domain name (i.e. "servername.mycompany.com"). The Exchange 2003 Server component handling incomming emails - the SMTP server - does not accept emails for other domains than the ones entered in the "recipient policies", even if you entered the correct email addresses ("user@mycompany.com") in the active directory.
To make Exchange accept email for additional domains like your internet domain you need to add the domain names to the default recipient policy like this:

On the main tree panel of the exchange system manager expand the tree "Recipients" and then click on "Recipient Policies". The policies will be shown on the right panel. Normally only the "Default Policy" will be there:


Open the properties of the "Default Policy" by double-clicking it:


In the Default Policy Properties please choose the tab "E-Mail Addresses". There you will find a list of domains supported by your exchange server. Usually only your internal active directory server domain will be listed here:

Like you can see, after installing our Exchange Server from scratch only our AD domain "Christensen.local" was listed as accepted SMTP address. But emails from the internet will be comming in addressed to "@mycompany.com" and not Christensen.local!

Choose "New..." here to add another accepted inbound domain. Since emails on the internet are sent via the SMTP protocol we want to add an "SMTP Address":

Now enter the domain name you want to receive email for. Please add a leading "@" to the domain name. This is what we entered to support emails addressed to @mycompany.com:


This is how the Default Policy Properties look like after entering the additional SMTP domain:


Enable the newly created entry with a check mark next to it:

When you OK the above dialog, Exchange will ask you with the next dialog box if you want to add the new address to all new users. Usually you do want exactly that to save some typing later.

Please note: You may need to restart your server to activate the new domain!

2. Configuring the SMTP server for inbound email

Next we will configure the SMTP-Server. This is the part of Exchange that accepts incomming emails from POPcon. No special settings are needed to work with POPcon but these are the standard settings in any case:

You will find the settings for the SMTP server under Servers/Protocols/SMTP/Default SMTP Virtual Server. Open the properties by right-clicking on the Default SMTP Virtual Server and choosing "Properties":

The settings on tab "General" can normally be left to the defaults.

On the tab "Access" you can find some configuration settings that might interfere with POPcon.



POPcon only works with a standard SMTP connection WITHOUT authentication, so allow "Anonymous access" in the "Authentication" dialog:


Choose "Connection" to grant or refuse the right to connect to the SMTP server to individual or multiple IP Address Ranges. Please ensure the system POPcon runs on does have the right to connect granted. With this setting ALL systems will have access to your SMTP server:


Under "Relay..." you can assign the right to relay through your SMTP-Server to some systems. This might be needed in some configuration and to be sure you should grant the system POPcon runs on relay rights. All other systems will need to authenticate before accessing the SMTP server to prevent unauthorized users using your system to relay spam:





Under the "Messages" tab you can restrict message size and number of messages accepted for each connection. Please make sure these settings are liberal enough to allow POPcon to transmit large messages to your server.

Also, on this tab you can choose an internal additional recipient for copies of the non-delivery reports. These NDRs will be sent back to senders of mails addressed to recipients unknown in your Exchange Server and they include a copy of the original message sent. You can use these postmaster copies of the NDRs to manually forward emails sent to mistyped recipients to the correct users.





Under tab "Delivery" some more configuration settings for outgoing emails can be found:




3. Adding the SMTP Connector for outbound emails

Now we need to add an SMTP-Connector (vs. SMTP Server) to handle outgoing email to the Internet.

Right-click "Connectors" in the Exchange System Manager and choose "New", "SMTP-Connector" to start adding the new connector and name it appropriately (like "SMTP-Out" in our case):


On the "General" tab you can now choose wether Exchange will send outgoing emails directly to the recipients system ("Use DNS...") or if all emails should be relayes through a SMTP relay server ("smart host").
The first option, DNS, is more direct but can sometimes cause problems when you use a dialup internet connection because some recipient systems will not accept emails that are coming from you ISP's dialup IP range while pretending to come from your real internet domain. Sending via your ISP's smart host / smtp relay server is the better option in this case. We chose our ISPs smtp relay server here.


Also, on this tab you need to add the "local bridgehead" server (as shown above)
On the tab "Address Space" we need to add a wildcard address space for SMTP. We want to allow emails to any domain, so we use the wildcard "*" here:

Side note about the "Cost" entry: If you want to send emails to some domains via a different route you can create multiple SMTP connectors and set the "Cost" entry of this wildcard connector to a higher value while setting the cost entry of the special domain route to a lower cost but with only the special domain allowed on this page. This is especially useful if you generally want to send via DNS and only route to some systems that won't accept your email via some relay server.

If your ISP's SMTP server requires authentication (and almost all of them do today) you can set the username and password on the "Advanced" tab of the SMTP connector. Select "Outbound Security":


Select "Basic authentication" and chose "Modify" to enter the username and password:





And that's alreay it - Your Exchange is now configured to send email to the internet and receive an SMTP email feed like it will come from POPcon or a direct internet connection. All you should do now is configure your users' email addresses in the Active directory.


4. Configuring your user's email addresses in the Active Directory

You can set one or multiple email addresses for each user to receive email at. We will step through the neccessary actions when creating a new user called John Galt.
First open the active directory and right-click the "Users" item to select "New", "User":
[Image]
The resulting dialog will allow you to create a new AD user to log into your server and creates an Exchange mailbox all in one wizard pass:
[Image]
Next...
 
[Image]
Next...
 
[Image]
Now the wizard continues into the Exchange Server realm and lets us create a new exchange mailbox
 
We just accepted the default alias here. Next...
 
[Image]
Ok, fine - but wait: What about our desired email address? john@servolutions.com? We need to add this mail address manually. We are back at the AD configuration console and select the properties of our new user "John Galt" by right-clicking on the name:
 
[Image]

Lot's of tabs on this resulting dialog:
 
[Image]
We go to the "E-mail Addresses" tab:
 
[Image]
 
And surprise: john@servolutions.com is already there, but in suspiciously non-bold print. Actually, Exchange automatically entered this additional email address because we choose so during the editing of the default recipient policies. But we want this address to be the primary address meaning all email sent by John will get this address as the "senders" and "reply" addresses in the mail headers. So we click on "Set As Primary" and are done:
 
[Image]
We could also add more email addresses like info@servolutions.com or sales@servolutions.com but only one of these addresses can be the primary address that will be the default senders' address in all emails sent out by john.
And that's really it - just step through you other user's AD entries and set the appropriate primary and additional email addresses.


5. Installing and configuring POPcon or POPcon PRO

After going through the above 4 steps your Exchange is configured to send out email but it still can't pull down email from POP3 or IMAP mailboxes on your provider server. For this you need to install and configure POPcon.
Configuring POPcon is quite straightforward. You need to follow these steps:
a) Configure a Postmaster email address on the GENERAL configuration tab.
b) Add one or more POP3 mailboxes on the POP3/IMAP tab.
c) Configure the Exchange server name on the EXCHANGE configuration tab.

Download and run the self-extracting installer of POPcon or POPcon PRO and follow the instructions during the installation. It will install the POPcon Administrator program and the POPcon service that runs in the background on your system.
Run POPcon Adminstrator from Start > Programs > POPcon
POPcon Administrator

POPcon Screenshot

Click on "Configure" to open up the POPcon configuration screen.

a) Configure a Postmaster email address on the GENERAL configuration tab.

Screenshot of general options tab in POPcon PRO
On this first configuration page you only need to enter the email address of your Postmaster or Administrator user. The Postmaster will receive all emails without a valid recipient as well as general POPcon status notifications. It is very important to define a real email address from inside your exchange server here because mails can be lost irretrievably if POPcon forwards some mail with no recipient information to the postmaster and that account does not exist in your exchange server.
You can leave the log file options to their default settings for now.

Next go to the POP3/IMAP tab to configure the POP3 or IMAP mailbox accoutns you want POPcon to download email from.

b) Add one or more POP3 mailboxes on the POP3/IMAP tab.

POPcon PRO POP3 accounts configuration screenshot
POPcon PRO collects mail from as many POP3 accounts you like. Just click on Add to add another POP3 host or account to the list of Polled POP3 Hosts. For each server or account you need to fill in the POP3 server settings as shown below.
If you are using catch-all style mailboxes (mailboxes that receive email for a whole domain, regardless of the recipient part before the "@") POPcon needs to filter recipients from incoming mail so only the recipients at your own internet domain are accepted. Please add the domain you consider your own in the "Accepted Recipient Domains" box. This is the same domain you configured earlier in the Exchange Default Policy.

Individual account settings

This dialog lets you input the specifics about a POP3 or an IMAP server you want to have polled by POPcon PRO.
This is the information POPcon PRO needs to know about each server:
Server type:
Here you can select on the four supported server types:
POP3: Default. POP3 servers are by far the most common mail server types on the internet.
POP3-SSL: Some POP3 Servers need SSL encryption enabled for the connection in order to protect passwords and sensitive information. Choose this type to have a SSL-encrypted connection to a POP3 server.
IMAP: IMAP Servers are also quite common and theoretically allow the client to manipulate email folders and move email between folders online. In our case the protocol is used to download email from the INBOX of the IMAP server to your exchange server.
IMAP-SSL: Supports SSL connections to IMAP servers for added protection.

Access:
Configure the server name, account name and password to connect to the mail server here.
Servername: The name the server you want to have polled. You can also enter the IP address directly.
Username: The username needed to log into your POP3 or IMAP mail server.
Password: The password needed to log into your mail server.
IP portnumber: Almost always the TCP/IP port for POP3 mail is 110. Under some circumstances, internet routers or firewalls change the port number. Please ask your network administrator or internet provider. The standard port for POP3-SSL is 995, for IMAP it is 143 and for IMAP-SSL this should be set to 993.
Timeout: Leave this to the default value.
Please ask your POP3 mailbox hosting provider if you do not have the above information.

Type of mailbox / distribution:
POPcon PRO supports both catch-all and single user mailboxes
Catch-all mailbox ("*@domainname.com"): For this type of mailbox, POPcon PRO will distribute the email retrieved from this server according to what it finds in the TO:, CC:, BCC: and other header-fields of the mail. If you choose this option, don’t forget to add your internet domain name(s) to the "Accepted Recipient Domains" box. on the POP3/IMAP configuration dialog
Single user mailbox ("user@domainname.com"): This type of mailbox receives email for only one specific Exchange mailbox. You need to specify the receiver of the email here. POPcon PRO will then direct all mail retrieved from this server to the recipient email address given here.

Delete / keep email on the server:
This block allows you to configure POPcon PRO to either delete email after downloading or keep it on your POP3 or IMAP server for a specified amount of time or indefinitely.
Delete downloaded email: This is the default setting – POPcon PRO will delete the Email on your POP3 or IMAP server after successfully downloading it.
Leave a copy of downloaded email (indefinitely): This option will cause POPcon PRO to leave a copy of the email on the server. Only use this option during testing or when you are sure the mail will be deleted eventually, i.e. by another system periodically downloading an deleting email.
Leave a copy of downloaded email for n number of days: Causes POPcon PRO to leave a copy of the email on the POP3/IMAP server for the specified number of days before deleting it. You can use this option to allow access to a single POP3 or IMAP mailbox by two different systems.

c) Configure the Exchange server name on the EXCHANGE configuration tab.

POPcon PRO SMTP/Exchange settings screenshot

On this configuration screen you can specify the Exchange™-(SMTP) Server you want the mail to be directed to. Normally this will be the computer name of your Exchange™ server (like "MYSERVER").
You can leave all other settings default

These three steps to configure POPcon will provide you with a working set-up. Test it out by confirming the new configuration with OK and then use the "Trigger mail retrieval" button on the POPcon Administrator main screen to start the first mail download. You can follow what is happening in the scrolling log display on that screen. Watch out for any error messages there. There is also a POPcon log file (c:\program files\POPcon\POPconSrv.log – open with notepad) that you can view at your leisure.

6. Check out the ChangeSender Outlook Add-in

ChangeSender Exchange Send-as Add-in adds one important piece of functionality to Microsoft Outlook when used with Exchange Server: It allows you to send as any of your email addresses and even group addresses or those of other users if allowed by the administrator. Effectively this is the Exchange Send-as function without the limitations of the ActiveDirectory
Without the ChangeSender Exchange send-as components, Exchange always sends out emails on your default email address fixed in the ActiveDirectory even when answering emails received on one of your additional email addresses. Also, Exchange does not allow sharing the same email address (i.e. department-wide or company-wide email addresses) between users. ChangeSender solves both problems by adding a configurable "send as" selection box to your Outlook email form.

ChangeSender Features
  • Automatically selects the right send-as address when replying to emails. ChangeSender uses the address of the original email as sender address for replies.
  • Easy selection of send as addresses for new emails via a new sender address selection box in Outlook.
  • Multiple users can send from the same sender address (i.e. send as sales@yourcompany.com or support@yourcompany.com)
  • Sender appearance fully configurable as "Any name" <any@address.com> for each individual email address. Does not show up as "sent on behalf of...".
  • Very simple installation and administration.
  • Administrator can restrict or allow user choices for the sender address and prevent users from sending as other users.
  • Works with Exchange 2010, 2007, 2003, 2000 and with Outlook 2010, 2007, 2003, 2002, 2000 versions.

ChangeSender in Outlook 2007 screenshot

Downloads
Download the free 30-day trial version of ChangeSender and test the full product without any restrictions until you are sure it meets all your requirements. Then just order license codes to remove the 30 day limit without re-installing.
ChangeSender consists of two separate components: A server component to be installed on the Exchange server and a Microsoft Outlook add-in component that is needed for each client. The Outlook add-in does not work without the server component installed as well.
Server component:
Download Exchange Send-as server component, Exchange 2000, 2003 version Install this on the Exchange Server (this version for Exchange 2000 or 2003)
Download Exchange Send-as server component, Exchange 2007, 2010 version Install this on the Exchange Server (this version for Exchange 2007 or 2010)
Client component / Outlook add-in:
Download Exchange Send-as Outlook add-in Install this on each user's system.

You can license ChangeSender Exchange Send-as online and will receive the license codes by email in just minutes.