Every now and then time-dependant rule questions come up and today I took a few minutes to figure them out. The good news is, Exchange 2007 transport rules make this easy and seamless. The bad news is, Outlook 2007 can do this too but only as a client-based rules. This means that without Exchange 2007, time-dependant rules can fire only if an instance of Outlook 2007 is running.

Corey Powell asks:

I have a customer with 6 sales people.  They have leads arriving via email to one email address.  They want the “on-call” person to receive all of the leads that come in for the period of time that that person is “on-call”.

So, how do you do this in Outlook 2007? Easy:

Click on Tools > Rules and Alerts > New > Check messages when they arrive > with specific words in the message header:
” 07:”
” 08:”
” 09:”
” 10:”

Forward it to people or distribution list and pick a user.

This will effectively forward messages received from 7:00 am - 10:59 am to the user or distribution list you specify. Repeat for the other 6 shifts with respective 4 hour windows.

Few notes: leading space is very important because some MTA’s use IPv6 which without a leading space can match the wrong part of the header. Furthermore, Outlook does not have the “and” operator (something that Exchange 2007 does in its transport rules stack) so if you receive mail from other time zones your filter may not work as intended.

Courtesy of PC World, Apple today announced that 1.1.5 will ship with Exchange ActiveSync functionality which will, for all intents and purposes, make iPhone “business capable,” more:

Enterprises want great push e-mail–”huge request.” And push calendar information. And push contacts. And a global address list. And Cisco IPsec VPN, and a variety of security-related options. And automated configration options, and remote data wiping just in case the phone is lost or stolen.

“I’m really excited to be the one telling you today we’re doing all these things in the next release of the iPhone software.” Applause.

Back to push. Customers have asked for built-in Microsoft Exchange information. Apple has licensed the ActiveSync technology needed from Microsoft to support Exchange.

Schiller explains how old-school push is complicated and unreliable, then says that ActiveSync is modern, simple, and reliable. iPhone apps like its e-mail and calendar will support it.

He walks over to a podium to demo all this. His phone has no contacts, no events, and no e-mail. But the screen for adding e-mail has a new option: Exhchange. He’s skipping that, but is turning on an Exchange account he had pre-configured. He wants to use ActiveSync for contacts, calendars, and e-mail. He turns them on. “And that’s it.”

His contacts show up, as do his appointments and his e-mail. Apple’s Bob Borchers is in the audience on Wi-Fi helping Schiller with a demo. Schiller creates a new contact, and Borcher confirms that it was instantly synched via Exchange and has shown up on his device.

Next, Schiller goes to mail. Borchers sends him an e-mail. And there it is on Schiller’s phone. Applause. “This is exactly what enterprise customers have asked for.”

Schiller’s looking at his calendar. He asks Borchers to move a meeting up, and the schedule change shows up on Schiller’s iPhone. “All that is happening live.”

Schiller says the last part of the demo is the most fun. He’s saying that maybe he’s lost his iPhone. He asks Borcher to wipe the phone remotely. He does, and Schiller’s phone loses all his data. Applause.

Also interesting is the quote on sales. iPhone is now the second most deployed smartphone (28% market share), second only to Blackberry. I am not sure if Windows Mobile devices are counted under a single brand, or if Samsung Blackjack and AT&T Tilt are two completely different smartphone brands. However you define it, nearly a third of the smartphones on the market now supports Exchange along with its push email and remote wipe. That is… significant.

One of the more frequent questions about Exchange 2007 is the new update technology, the rollup:

Rollup is a collection of hotfixes and Exchange system updates that apply to the entire product. While in the past, Exchange hotfixes included updates for the affected binaries/libraries only, they did not update the product as a whole. The new “rollups” do just that, they provide all the hotfixes affecting Exchange 2007 deployment. Much like service packs, the rollups contain all the hotfixes and patches Microsoft has published and bring the Exchange deployment to an identifiable state (ie, tell me the rollup not a list of all the hotfixes you installed). The schedule is also pretty reliable, every 6-8 weeks.

And speaking of the devil, the first rollup for Exchange 2007 SP1 is out and it fixes the issue of store.exe allocating 100% of CPU. This is a common thing in the 2007 world, there are never enough resources so if you don’t choose to throttle it the Exchange 2007 will allocate so many resources that you’ll hardly be able to launch the management console without snapins timing out.

So, in review: Exchange 2007 SP1 Rollup 1, Exchange 2007 RTM Rollup 6.

Few years ago tar-pitting was a big deal among SBSers who tried to protect their systems from spammers, worms and directory harvesting. Microsoft’s Alex Nikolayev, the big daddy of Microsoft’s SMTP stack developed the tar pitting technology for Microsoft’s SMTP server on top of which Microsoft Exchange 2003 works.

What is tar pitting you ask? It is a process of throttling bad recipient responses in the SMTP channel that are meant to slow down the spammer or directory harvesting attack meant to figure out the valid (or prune invalid) email addresses on your mail server. It works in conjunction with recipient filtering, so if you’re being a good little Internet participant and issuing NDRs as per RFC requirement, tar pitting can help. What exactly does it do? Here is a visual example:

220 daisy.theofficeserver.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Sat, 9 Feb 2008 15:31:38 -0500
ehlo vlad.net
250-daisy.theofficeserver.com Hello [65.99.255.240]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250 OK
mail from: vlad@vlad.net
250 2.1.0 vlad@vlad.net….Sender OK
rcpt to: administrator@daisy.theofficeserver.com
250 2.1.5 administrator@daisy.theofficeserver.com
rcpt to: moo@daisy.theofficeserver.com
550 5.1.1 User unknown
rcpt to: cow@daisy.theofficeserver.com
550 5.1.1 User unknown
rcpt to: bee@daisy.theofficeserver.com
550 5.1.1 User unknown
rcpt to: sheep@daisy.theofficeserver.com
550 5.1.1 User unknown

What tar pitting enables you to do is specify the timeout interval in seconds between each rcpt to: command and the 550/511 rejection. Assuming that a regular spambot will issue thousands if not hundreds of thousands of commands in an attempt to filter out the valid recipients on the domain, tar pitting delays can significantly delay their connections.

Why SBSers shouldn’t use this!

First, if you wish to use this technology, here is a Microsoft KB842851 addressing this. If this is something you believe is worthwhile, you should outsource it to a service adequate of handling the volume of these connections, check out ExchangeDefender.

There are two reasons why you shouldn’t implement this technology on a small network:

First, if you are running SBS 2003 or 2003 R2 you have likely upgraded your server to ISA 2004. ISA 2004 establishes the max number of connections per server, per rule to 1000. Likewise, if you are using cheapie firewall solutions that also throttle down the connection limits as to not exhaust an internal server, you are likely going to run out of connections on your server. Remember that tar pitting does not close the connection, it keeps it open. So if you set a timeout of 30 seconds for example, you could run into hundreds of open connections during an attack which would result in service unavailable and connection drops for the valid SMTP connections that may be trying to reach you.

Second, tar pitting has proven itself effective enough that nobody uses DHA anymore. The malicious use of DHA has gone away to a large degree, the spambots are now either being launched with a raw write straight to the socket (ignoring any delays in the connection) or tend to disconnect if more than 5 seconds (depending on the spambot config) has passed between a rcpt to and 250/550 response.

So in effect, this would be worthless to you in stopping spammers and DHA but would backfire on you the first time a larger worm/virus outbreak starts slamming your server.

All in all, not a worthwhile practice for this day and age. Remember, spammers adapt much faster than the rest of the net does, what worked in 2005 won’t work in 2008.

In another desperate Microsoft-bashing event, eWeek (surprise!) is predicting the end of Microsoft in a desperation move to buy Zimbra. Yeah. Forget the advertising. Forget IM share. Forget the webmail dominance in the consumer space..

It’s all about Zimbra..

Yeah. Sure. Cause that’s whats replacing corporate email, a webmail client. But of course, an AJAX frontend is a good replacement for Identity Management, integration into the unified communications for seamless  IM/voice/voicemail, content sharing controls that support encryption, IRM, RPC over HTTP, push sync built in..

Oh, yeah. It’s got none of that!

Let’s face some reality, shall we? We’re talking about webmail people, the black hole of portal’s budgets. This, Google’s other solution which years into the service still bears the Beta tag which in the Web 2.0 world means – we’re losing money big, we can’t make money at it, please click on the ads.  Every commercial reincarnation of which has failed – for bCentral, for Hotmail, for Yahoo, for Excite…

And he huffed puffed and blew the story down…

Got Exchange questions that you’d like answered, for free, by some of the biggest names in the Exchange scene (and me)? I’ll be in the Exchange Expert chats tomorrow and next week, if you have SBS / Centro / WHS specific stuff this would be a place to get them answered. We did one of these back in May and people really seemed to like it so hop on…

Q&A With the Exchange MVP Experts
We invite you to attend a Q&A with the Microsoft Exchange Server MVPs. In this chat Exchange MVPs will be on hand to answer your questions about Exchange Server, Outlook and Exchange for Small Business Server. So if you are thinking of upgrading to Exchange Server 2007 or have questions about Exchange Server 2003 we hope you can join us for this informative online chat!

Add to Calendar

December 5, 2007
10:00 A.M. Pacific Time
Additional Time Zones

EnterChatRoom

Q&A With the Exchange Server MVP Experts
We invite you to attend a Q&A with the Microsoft Exchange Server MVPs. In this chat Exchange MVPs will be on hand to answer your questions about Exchange Server, Outlook and Exchange for Small Business Server. So if you are thinking of upgrading to Exchange Server 2007 or have questions about Exchange Server 2003 we hope you can join us for this informative online chat!

Add to Calendar

December 12, 2007
5:00 P.M. Pacific Time
Additional Time Zones

EnterChatRoom

Exchange 2007 SP1 has shipped today, there is a TON of stuff you need to be aware of before you roll out. This is a significant upgrade that should not just be clicked through without reading the manual. So while congratulations are in order and feature set gold enough to make you go for it right now, hold on, wait a minute..

The set of release notes linked in with the download link points to the RTM (ie, the original release of Exchange 2007, not SP1). The actual Exchange 2007 SP1 Release Notes are here.

I’ll break down the SP1 over the next couple of days so stay tuned. If you need to rush and install it today, please read the documentation first.

One of the most frustrating things I do for living is troubleshooting mail delivery. Not because it’s incredibly frustrating and almost never my fault, but because I tend to get pwned by the most ridiculous “gotchas” of the SMTP.

Of the items that I probably deserve a Darwin Honorable Mention award for is troubleshooting delivery for an expired domain name, for a mail server that had the SMTP service stopped, that had the IP address changed, that had the letter 0 or O in the domain name and they just blurred together.

So today I set myself up for another “documentation writing” day and I have to say that I enjoy it. Writing about the products I’ve designed makes me realize how braindead some of our process is, nothing sounds quite so stupid than when you read it back to yourself. It also gives me ideas on how to improve the service, add in some gizmos that could help cut out a lot of time from troubleshooting.

Today, I proudly bring you the OWN Guide for Troubleshooting ExchangeDefender Delivery. Even if you are not an ExchangeDefender customer (come on!) the guide is general and verbose enough to give you an idea how to troubleshoot mail flow, diagnose issues with SMTP servers, create sample email messages from the command prompt.. I really hope you like it.

At the very worst you’ll learn how to install the telnet client for Microsoft Vista / 2008 Server from the command prompt.

One of my fellow Exchange MVP buddies, Bharat (sounds like “Bart”) Suneja is talking about the release of Windows PowerShell 2.0 CTP! Now, before you get overly excited, that CTP acronym stands for Community Technology Preview which is just a fancy name for Beta which is just a pretty name for Broken. So while you should definitely not go buck wild and install this on a production system, kudos to PowerShell team for getting the stuff out into developers hands especially given that the new release supports:

Remoting!!! Jim Harrison and I were talking about this very feature at this years TechEd, and the limitation that seemed almost crippling. Remoting gives you the ability to manage remote systems, execute cmdlets on remote servers which is important because..

You can now write your own cmdlets in PowerShell instead of having to compile .NET code. That in turn is important because:

PowerShell 2.0 comes with a GUI (of sorts) so you can do cool stuff like multiple shells, highlight and run only select pieces of the code..

Now, you do need .NET 3.0 but the boldfaced stuff up threre ought to give you more than enough reason to go get it. If you are new to PowerShell try get-help, if you’re experienced you’ve GOT to check out remoting: get-help About_Remoting

Sorry for the inane fanboyism about this but this level of flexibility and automation is what the PowerShell is all about and it allows organizations that rely on these servers to save a ton of time. It’s really a two-fold benefit. We spend a lot of time automating the documenting our processes in PowerShell since we have gone to Exchange 2007 and now Server 2008 because it enables us to give higher level administrative functions to the jr admins and not worry about them breaking anything. This shrinks our training requirements, makes sure everything is done according to our process (after all, humans make a lot more mistakes than computers).

So go, check it out. If you’re a sysadmin and you’re not yet knees deep in PowerShell I hope you’re working for the government cause you’re becoming obsolete more rapidly than the computer you’re reading this blog on. Go, get your dev on!

This has been on my mind for a little while now and sometimes the fanboy eyeglaze needs to wear off before you evaluate things for what they are.

I will never buy another Windows Mobile phone until Microsoft stands behind its platform and here is why you shouldn’t either: It’s not Microsoft.

Microsoft has made its significant wealth by producing business tools that grew, scaled and upgraded. I have never owned a computer that I couldn’t upgrade to the next version of Windows. Our servers have scaled from Windows Server standard, to SBS, to Enterprise with clustering. We (and I) could afford to keep up with the technology and with Microsoft and realize the business and productivity benefits because we did not face a significant hardware charge every time we wanted to implement something new. The idea of Software Assurance further delivers on this promise.

But take that same strategy to Windows Mobile platform. Can you do the same? For a very large population of devices the answer is yes – albeit, illegally.

Want a legal way to upgrade your phone? $499 please. Wait, $499 is $400 more than you advertise a brand new phone for, how can an upgrade cost four times more? Oh! You’re not really upgrading my phone, which is perfectly capable of running the said software, you’re just replacing it with the brand new phone. Oh, and you want at least a two year contract on it too?

This is where the Microsoft – OEM – Telco menage a  trois infuriates the customer and makes them abandon Windows Mobile and crumbles the Exchange, Unified Communications, Windows Platform and the “connected” dream evaporates: They look elsewhere.

I cannot and will not recommend a Windows Mobile phone anymore until Microsoft starts offering upgrades for them, directly from Microsoft’s site. Please do not buy into the lie that only the OEM can write the drivers and only the carrier can publish it because thats a total copout. For literally everyone in my audience that has seen a Windows Mobile demo or a new release preview, just what do you think that demo ran on? Boiling pot of water? Of course not. Microsoft develops and tests this software on the Windows Mobile devices you own and use. Every developer that compiles of a piece of Windows Mobile code already has the architecture cabs as a part of their Visual Studio SDK for mobility so if we can roll out the new OS, if we can compile software for it – what are we waiting for the OEM and the carrier to do? Compile their garbage IM software and design a new theme?

OEMs and carriers have the least incentive to implement any software upgrades because it means more support and more documentation work for them. They usually never relase them and you’re stuck buying a new phone. And in business, being forced to buy something new and abandon something functional is equivalent to theft.

Blackjack is my last Windows Mobile phone, even if I get a free one I will give it away.

If you are a business, avoid Windows Mobile until Microsoft chooses to stand behind its platform a little more than just releasing Haloween backgrounds and ringtones.

For those of you that don’t understand what I mean without using crude street language (all complaints should be sent to my PR firms: Tim Barrett & Co in USA and Susanne Dansey, LTD worldwide):

If I wanted to be fucked by a telco carrier and mislead into a product purchase of a toy that will be obsolete the moment I opened the box I would have bought an iPhone.