Vue normale

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.

À partir d’avant-hierFlux principal

Office 365 for IT Pros
Not a Rant About Microsoft’s Plan to Stop Old Exchange Servers Sending Email to Exchange Online
31 mars 2023 à 01:00

Not a Rant About Microsoft’s Plan to Stop Old Exchange Servers Sending Email to Exchange Online

Clarifying Why Some Unsupported Exchange Servers Need an Upgrade

Yesterday, I was walking the dog and listening to the March 29 edition of the Windows Weekly podcast featuring Paul Thurrott and Richard Campbell. Typically, I listen to pass time without needing to engage my brain too highly, but then Richard mentioned that I could deliver a good “half-hour of rant” about Microsoft’s grand plan to force customers to upgrade unsupported Exchange servers.

I can’t deny that I have been known to rant in the past, maybe even when hosted by Richard on his RunAs Radio talk show, but that’s when I am pointed to a microphone and Richard goads me into action. In this case, I think it might be a reflection that people are struggling to understand what’s going on. Certainly, a fair degree of miscomprehension is apparent in some of the comments posted to Microsoft’s announcement. Let me try to summarize what’s happening without ranting even a little bit.

What Microsoft is Doing with Unsupported Exchange Servers

First, Microsoft is not targeting every on-premises Exchange server. You can absolutely continue to run on-premises Exchange if that’s the best option for your organization. However, if you have a hybrid organization, the rules of the game are changing to force you to use supported software to send email from the on-premises side.

Initially, Microsoft is targeting on-premises Exchange servers with two characteristics:

The servers run unsupported software. Any Exchange 2007 or Exchange 2010 server is now unsupported. Exchange 2013 servers become unsupported on April 11, 2023.
The servers send email to Exchange Online over an inbound connector of the on-premises type. In other words, the problem servers act as the routing point of contact with Exchange Online – Microsoft knows about the servers because they’re part of a hybrid organization connected to Exchange Online. These servers are also connected to the internet (otherwise they can’t route email to Exchange Online) and are therefore vulnerable to attack, and because they route messages direct to Exchange Online, they can be the vector used by attackers to inject malware into Exchange Online.

Servers that do not handle the transmission of email to Exchange Online via an inbound connector are unaffected. Anything that happens inside the privacy of an on-premises organization is up its administrators. For now, you could even connect in some Exchange 5.5 servers running a Wolfpack cluster if you wanted – if the server handling email to Exchange Online runs supported software.

Microsoft says that “The enforcement system will eventually apply to all versions of Exchange Server and all email coming into Exchange Online.” This seems a little harsh but it is intended to make sure that email flowing into Exchange Online is safe. The way things seem likely to pan out is that Microsoft will gradually bring Exchange 2010, Exchange 2013, Exchange 2016, and Exchange 2019 into the program. After they’ve made sure that only Exchange servers running supported software can communicate with Exchange Online, Microsoft will extend the requirement to all Exchange servers that communicate with Exchange Online using any means. In other words, even servers that communicate with Exchange Online via an intermediary are subject to throttling and then blocking.

The final stage is to protect Exchange Online against any server that sends email to Exchange Online over SMTP. I’m not quite sure how Microsoft plans to validate that remote SMTP servers are up to scratch, but that’s where they seem to be heading. This part of the plan is likely more of a long-term strategy than a well-defined plan. Practical issues such as identifying what is and is not a supported version of any particular SMTP server that communicates with Exchange Online need to be resolved.

The end game is to ensure that Exchange Online is not exposed to malware or other issues that come in from external servers (outside Exchange Online). In many respects, this is no different to what happens today when Exchange Online Protection blocks spam and malware. Judgement is passed at a server level rather than individual messages.

Initial Focus on Exchange 2007

The initial focus is on Exchange 2007 servers (Figure 1). As you might expect, this is a very small subset of servers in hybrid organizations. I’ve heard that there might be a couple of thousand servers in this category worldwide. Exchange 2007 reached end of life six years ago (April 2017). It has not received any support or security patches since.

These servers are vulnerable to a wide range of known threats. They should not be in active use. The potential exists that an attacker could compromise these servers and use this route to attempt to penetrate Exchange Online. This is the crux of the matter: Exchange Online will not accept email from organizations that transmit email to Exchange Online using obsolete and vulnerable Exchange servers.

Exchange 2007 run in a world where less external threat existed

Unsupported exchange servers — Figure 1: Exchange 2007 run in a world where less external threat existed. Now it’s an unsupported Exchange Server

Blocking of Unsupported Exchange Servers Starts in July

Microsoft will use a three-phase report-throttle-block process to “encourage” customers to upgrade the problem servers. Details are in this article. Microsoft will start to throttle traffic from Exchange 2007 servers in June and move to block traffic from those servers in July. It is entirely the responsibility of tenant administrators to respond before a block descends on their on-premises email to Exchange Online. Three options are available:

Upgrade the problem server(s) to a supported version of Exchange Server (2016 or later, patched with the latest cumulative and security updates). This might involve replacement hardware. The load imposed by mail routing to Exchange Online is not likely to stress modern hardware, so a low-end server will suffice.
Move the on-premises side of the inbound connector to a server running a supported version of Exchange Server.
Direct email from Exchange on-premises to Exchange Online via a third-party mail gateway. (note: if the third-party gateway uses unsupported Exchange servers, its traffic is liable to be blocked).

In any of these cases, it makes absolutely no sense to keep vulnerable Exchange servers in production. It’s time to let Exchange 2007 die. Software designed twenty years ago simply cannot cope with the threat that exists today.

Microsoft is clear that Exchange 2007 is only the start. After they finish dealing with Exchange 2007, they will move on to Exchange 2010 and then Exchange 2013 servers that send email to Exchange Online over inbound connectors. It’s probable that the program will extend to Exchange 2016 and Exchange 2019 servers (that are not kept updated) as they age, and maybe even encompass third-party servers with known problem configurations.

The point is that the project is all about closing a potential attack vector into Microsoft 365. Just like stopping people using basic authentication to connect to Exchange Online (now almost done), this is the right thing to do.

Nothing to do with Consumer Email

Some reaction to the announcement focuses on spam generated from Microsoft cloud accounts. I believe this refers to consumer email accounts. At least one incident occurred where Exchange Online was hijacked and used for spam, but most spam does come from consumer accounts. Microsoft could tighten the use of consumer (Outlook.com) accounts for email, but that’s got nothing to do with the server initiative.

ISVs and Inbound Connectors

Speaking of inbound connectors, in February 2023 Microsoft disabled the ability of new Exchange Online tenants to activate inbound connectors of the on-premises type. This caused a bunch of problems for ISVs that depend on being able to route email for processing to a service that they run before sending messages back to Exchange Online for final delivery. The application of email signatures by a company like Code Two Software is a good example.

Microsoft has now issued guidance about how to handle the issue. Essentially, they have whitelisted some ISVs to reduce the friction caused by the restriction. In other cases, you’ll need to request activation through Microsoft support. According to the ISVs I have spoken with, the new scheme is acceptable. Let’s hope that this proves to be the case in practice.

Microsoft will hold an Ask Me Anything event on May 10 at 9AM PST on the topic of the Exchange Online transport enforcement system. For more details, check out this page. If you have any further questions, that’s the place to bring them.

Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.

4sysops
Set Chrome, Firefox and Edge as default mail client (mailto handlers)
6 mars 2023 à 12:28

4sysops

Set Chrome, Firefox and Edge as default mail client (mailto handlers)

To set Chrome, Edge, or Firefox as default mail client for mailto links (mailto handlers) requires several steps. In managed environments, this can be done for all three browsers with Group Policy.

The post Set Chrome, Firefox and Edge as default mail client (mailto handlers) first appeared on 4sysops.

Site Root

Blog Post: [Microsoft Teams] Définir des annonces avant ou après (ou les deux) la diffusion du message vocale d'un utilisateur à partir du centre d'administration Microsoft Teams

Une nouvelle fonctionnalité est disponible depuis la semaine dernière permettant aux administrateurs définir des annonces avant ou après (ou les deux) la diffusion du message vocale d'un utilisateur à partir du centre d'administration Microsoft Teams Il est désormais aussi possible de standardiser et gérer l'expérience lors d'un appelant a destination d'un utilisateur de l'organisation en associant une stratégie de messagerie vocale spécifique diffusant une annonce importée avec l'utilisation d'un fichier audio MP3, Wav ou WMA d'une taille de 5 MB maximum. Les scénarios d'usages sont multiples pouvant être par exemple la diffusion d'une annonce d’accueil corporative standardisée ou encore, annoncer des informations de conformités spécifiques aux messages vocaux associés avec des profils d'utilisateurs. Les stratégies de messagerie vocale offre ces nouvelles options: PréambuleAudioFile : fichier audio à lire à l’appelant avant la lecture du message d’accueil de la messagerie vocale de l’utilisateur. PostambleAudioFile : fichier audio à lire à l’appelant après la lecture du message d’accueil de la messagerie vocale de l’utilisateur et avant que l’appelant soit autorisé à laisser un message vocal. PréambulePostambleMandatory : lit le pre- ou postamble obligatoire avant que l’appelant puisse laisser un message. La présence d'une option permettant de déclarer le caractère obligatoire de la diffusion de l'annonce est intéressante pour des cas pratiques en lien avec de la conformité. Suite à l'import des fichiers audios, un administrateur est en capacité à tout moment de supprimer ou modifier les annonces. La dernière activité étant d'associer votre politique avec l'utilisateur cible. Cette capacité est aussi disponible en powershell: - PostambleAudioFile - PreambleAudioFile - PreamblePostambleMandatory https://learn.microsoft.com/fr-fr/powershell/module/skype/new-csonlinevoicemailpolicy?view=skype-ps https://learn.microsoft.com/fr-fr/powershell/module/skype/set-csonlinevoicemailpolicy?view=skype-ps

TechGenix
Everything You Need to Know about Your Mail Server
6 janvier 2023 à 15:06

TechGenix

Everything You Need to Know about Your Mail Server

Image showing a person sending multiple emails from a smartphone in their palm. — Mails, mail servers, and more.

Emails are currently the most important form of communication among businesses. So it goes without saying that you need to way to make sure your email communications are as secure and efficient as can be. That’s where setting up a mail server can come in handy. A mail server can help strengthen the privacy and confidentiality of your email data. It also helps you to have better control over data and content customization and allows you to set up your own service levels, among other benefits. But how do mail servers work, and which type is best for your business?

In this article, I’ll discuss mail servers, how they work, and the different types you can choose from. Let’s get going with the definition first!

What Is a Mail Server?

In its simplest form, a mail server is a system that collects user-drafted emails and distributes them to the intended recipients. A mail server or a mail transfer agent (MTA) is an application that handles the process of sending and receiving emails along with all the intermediary steps associated with the process. While this process is very fast, each email transmitted traverses through multiple servers before being delivered to the recipient. It also involves a complex set of network protocols, algorithms, and processes.

Because email platforms are widely accessible today, they may not have as much security as you need. But to counter these privacy concerns, you can host your own mail server instead of relying on large email platforms, like Gmail and Yahoo.

Let’s now learn how a mail server works in the next section.

How Does a Mail Server Work?

As mentioned earlier, sending an email involves several processes, algorithms, and network protocols. For a mail server to function, it needs to have mail server software — this allows you to control the mailing alongside network mailing protocols. Every sender side needs a client node like a laptop or a cell phone and a mail server working with a mailing protocol to send and receive emails.

Graphical representation of how a mail server works along with the sequence of steps and the components involved in the process. — How a mail server works.

In addition, SMTP and POP/IMAP are the most widely used mailing protocols that handle outgoing and incoming mail requests, respectively. Simple Mail Transfer Protocol (SMTP) transmits and moves your email across networks and sends it to the recipient.

Meanwhile, a Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) are used in receiving emails. Both IMAP and POP3 servers are widely used to copy emails from remote servers into the local mail client. POP3 is known for its ease of usage, features, and high success rate. That said, IMAP is more convenient for syncing emails between devices.

To further bolster your understanding of the steps and processes involved in sending an email, here are the 4 different steps that explain the end-to-end process of sending an email.

4 Steps Involved in Sending an Email

Emails are now an essential part of our work routines. Almost all companies across the globe use some form of mailing solution to carry out their daily business communication. Here’s a step-by-step process to help you understand how a mail server works.

Image of a laptop and a smartphone with many mails flying out of it. — Mail overflow!

1. Connecting to the SMTP Server

To send an email, any email service provider like Gmail, Exchange, or Yahoo has to connect with an SMTP server. An SMTP server connects with your domain and has a specific address like smtp.gmail.com or smtp.ExampleService.com. In this step, your email service provider will also give out crucial information like your and your recipient’s email address along with the email content to the underlying SMTP server for processing.

2. Processing the Recipient’s Email Domain

As a next step, the SMTP server will work on processing the data it receives from the email service provider. It parses the recipient’s email address and identifies the domain to which you need to forward the email. If the domain is the same as the sender’s, it directly transmits the data to the internal POP3/IMAP server. On the contrary, if the SMTP server identifies the receiver’s domain to be external, the SMTP server will need to identify the recipient’s server.

3. Identifying the Recipient’s IP

Once the SMTP establishes the connection, it needs to work on identifying the recipient’s server to deliver the email. For this, the SMTP server then connects with the Domain Name System (DNS). The DNS will work as a translation system to help convert the recipient’s domain into an IP address. This IP address is then used to uniquely identify the recipient and transmit the email.

Image showing multiple IP addresses on a plane with a magnifying glass to showcase the search. — IP addresses being mapped for mail delivery.

4. Delivering the Email

The final step is to deliver the email to the recipient. The process of your SMTP server sending the email to your recipient involves several SMTP server hops. When the recipient receives the email, their SMTP server checks the email and forwards it to their corresponding POP3 or IMAP servers for receiving the email. The email is then placed in a queue until it’s made available for the recipient to consume it.

Now, let’s look at different types of mail servers based on their function and purpose.

2 Different Types of Mail Servers

Mail servers can be broadly classified as outgoing and incoming based on their functioning. As the name suggests, an outgoing mail server is responsible for sending emails from the sender to the recipient. Meanwhile, an incoming mail server is responsible for receiving emails and making them accessible to the recipient. For any mailing system to send and receive emails, they need to have both incoming and outgoing mail servers configured.

Feature	Outgoing Mail Server	Incoming Mail Server
Purpose	It enables the user’s machine to communicate with SMTP, which handles the process of mail delivery	It is a digital version of an actual postbox that stores incoming emails and forwards them to your inbox
Example Protocols	SMTP	POP3, IMAP
Protocol Details	SMTP Function: It sends email from an email client or a server to another email server	POP3/IMAP Function: Both these protocols’ primary function is to retrieve emails from an email server

Learn the differences between outgoing and incoming mail servers.

You might be wondering now about your options when it comes to mail servers. You can choose from traditional on-premise or cloud-based email servers for your company.

On-Premises vs Cloud-Based Mail Servers

With the exponential increase in the cloud paradigm across almost all industries, enterprise IT teams continue to leverage both cloud-based and traditional on-premise email servers. Let’s see the major differences between on-premise vs cloud-based email servers.

Parameter	On-Prem Email Server	Cloud-Based Email Server
Installation Costs	Expensive to set up	Cheap to install and configure, but can become expensive with high usage
Control	Offers complete control of data	Lacks control over the data as it resides in the cloud
Configuration	Involves a complex configurational overhead	Are usually very easy to set up and use
Scalability	Aren’t easy to scale	Are very easy to scale up or down cloud-based mail servers
Maintainability	Need to handle updates, upgrades, security patching, and configurational overhead	Are easier to maintain with the vendor support

Here are the major differences between on-prem and cloud-based email servers.

Image of a hand with a cloud icon on top. The cloud has a lock icon in it. — Cloud setup for mailing servers.

Let’s consider why you need to have a mail server and all the benefits it provides you.

4 Reasons to Own a Mail Server

Although setting up your own mailing server for your business could involve multiple challenges and complexities, it can offer several benefits to companies, especially SMBs. It also offers better control, security, protection, and integration with your internal systems and services. This allows you to achieve better operational control and continuity. Let’s look at these advantages in detail.

Customization: You can customize the emails and their content to fit your business needs. It also allows you to configure your emails to meet the company’s risk profiles, perform whitelisting and blacklisting emails, etc.

Data Confidentiality and Security: Owning your own email server allows you to safeguard your data. It also allows you to perform mailing, encryption, email infrastructure management, and more in-house.

Service Levels: You can customize and design your service levels to control the criticalities of incidents and emails. This also saves costs in setting up third-party systems to ensure service levels.

Control: Having your own mail server also gives you complete control over the mail, data, and the process involved in transmitting the data via emails.

If you’re considering transitioning or upgrading your mail server, you first need to know your existing mail server.

Accessing Mail Server Information on Your Device

If you’re working on making any changes, upgrading your mail server, or integrating a new service or tool that uses your mail server configuration, you’ll need to know which mail server runs across your company. You can then access, configure, and set up your email server’s SMTP and IMAP/POP3 configuration by accessing your account settings.

To access your mail server information on your device based on the application you use, you’ll also need to follow different steps. Here are the steps based on each device.

Windows PC/Microsoft Outlook

Select View all Outlook Settings in the Settings menu
Now, click on Mail and select Sync mail
This will give you access to the POP and IMAP settings with an option to enable them

Apple Mail for macOS

Launch the Mail application and go to Preferences > Accounts
Select Server Settings from the Accounts menu
Select the Account pop-up menu to access the SMTP server list

Image showing the Server Settings tab in the Accounts section of Mail for macOS. — IMAP settings in Mail for macOS.

iPhone/iOS

Go to Settings and click on Mail
Select Accounts and select the corresponding email account
Under the account information, you will see SMTP under the Outgoing Mail Server section to access the SMTP settings

Access to mail server configuration and settings allows you to view your email server settings. From here, you’ll be able to integrate new systems and/or reconfigure the mail server settings.

Final Words

Emails play a crucial role in the operation and business continuity of all companies around the globe. A mail server allows you to configure, control, and customize your company’s ability to send and receive emails. The behind-the-scenes working process for a mail server involves 4 steps. These steps are connecting to the SMTP server, processing the recipient’s email domain, identifying the recipient’s ID, and delivering the email. In addition, you can differentiate between mail servers based on different types. Setting up and configuring your email server also allows you to better control your company’s email data and establish a secure mail and mail data monitoring system.

I hope this article sufficiently answers all your questions about mail servers. If you still have any more lingering questions or you’d like to read more, check out the FAQ and Resources sections below.

Get The Latest Tech News

FAQ

What are some examples of mail servers?

Mail servers come in all shapes and forms. Some are open-source and free, while others are available for commercial purposes. For example, some mail servers are Halon MTA, Oracle BeeHive, Amazon SES, and OpenSMTPD.

Is the SMTP server secure?

SMTP server isn’t inherently secure and has no encryption standards or security mechanisms built into them. So, to avoid unfortunate happenings like spoofing, spamming, or data thefts, you can add additional layers of security like Secure Sockets Layer (SSL).

What are some key aspects to consider before choosing a mail server?

On top of choosing between a cloud-based vs on-prem mail server, you need to consider other crucial factors before choosing a mail server for your company. Email security, cost, features, integrations, and compatibility are also some factors.

What are some of the common mail attacks?

The most common email attacks include phishing, adware, scareware, spyware, and ransomware. Each of these email attacks either steals, corrupts, or damages the data associated with or transferred over emails.

What is a Domain Name System (DNS)?

Domain Name System (DNS) is a distributed and hierarchical naming system that associates a domain name with IP addresses. Mail servers also leverage and use DNS to accurately identify the domain name associated with the mailing addresses to send and receive mail.

Resources