Exchange Configuration and Operations Issues Detected by ExRAP

Exchange Configuration and Operations Issues Detected by ExRAP it’s a document recently published by Microsoft which enumerates the most common configuration and operation problems found by the Exchange Server Risk Assessment and Health Check Program (ExRAP).

The Exchange Center of Excellence (ECoE) administers the Microsoft® Exchange Server Risk Assessment and Health Check Program (ExRAP) at Microsoft. An ExRAP engagement provides a detailed on-site technical and operational analysis of a large Exchange deployment. This Note details the most common issues and overlooked vulnerabilities found so far during ExRAP engagements.

Applying the Principles of MOF to Exchange

Good news for all the MOFaholics out there! Microsoft released recently Exchange Service Management Guide, a top-down, business-driven approach to managing a messaging environment.

This guide applies Microsoft Operations Framework (MOF) principles and specific prescriptive guidance for managing Microsoft Exchange in a mission-critical enterprise setting. The guidance will help you implement process and team best practices within the context of the MOF Process Model. It is aligned with the corresponding components of Exchange Service Management.

I wonder if this guide will evolve to become a service management function in the MOF Process Model.

New articles at Exchange TechCenter

Think on this post as a “Weekend Reading” complement. If you have finished all that technical literature, there’s a bunch of fresh articles at the Microsoft Exchange Server TechCenter. Here are the links:

Application Layer Firewall protection for Exchange 2003 with ISA 2004

A new document about protecting Exchange 2003 with ISA Server 2004. These 2 products really make a happy couple.

The purpose of this document is to detail how to more effectively use the Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) filtering capabilities to secure a Microsoft Exchange Server 2003 environment connected to the Internet by using ISA Server 2004.

Document update: “The Role of Groups…”

Microsoft updated today the document The Role of Groups and Access Control Lists in Microsoft Exchange 2000 Server Deployment. It’s a quite interesting reading for all the people still using Exchange 5.5. Among other things, the document discusses the differences between Distribution Lists and Windows Distribution groups, as well as some considerations for migration and upgrade to Exchange 2003.

By the way, if you’re planning an Exchange migration to a different forest/organization you should have present that there is no way of migrating Distribution Lists using only the tools provided by Microsoft. That’s why I decided to write a script that does the job. For complete instructions on how to use it and to download it, please read the article at or at this blog.

Configuring SMTP in Microsoft® Exchange 2000 Server

Updated document (v2.0), very useful even for Exchange 2003 solutions. Available here.

This book explains how to configure Microsoft® Exchange 2000 Server for sending and receiving Internet mail. Although Exchange supports many Internet protocols and features, this book mainly focuses on Internet mail and SMTP (Simple Mail Transfer Protocol).

Sender ID Framework and Intellectual Property Overview and FAQ

One of the claims people invoke for not deploying Sender ID is that it’s a proprietary technology. Remember that Sender ID is a protocol jointly developed by Microsoft and

To clarify some of these doubts, Microsoft just made available a FAQ regarding the need and use of Microsoft’s royalty-free license for implementation of the Sender ID Framework. Here’s a small excerpt from the Sender ID Framework and Intellectual Property Overview and FAQ:

Q1. Do end users need to sign this license?
No. End users do not need to sign this license.

Q2: Why is Microsoft asking people to take a license?
Microsoft is not aware of any issued patent claims covering the Sender ID specification, and Microsoft does not require anyone to sign a license with Microsoft to implement or use the Sender ID specification.

An Open Look at Groupware

I recently posted on my other blog (in Portuguese) about the launching of the beta program for the Novell GroupWise 7, a competitor of Microsoft Exchange, as you probably know.

There are some topics I keep in my head, about which I plan to blog in the near future. The open source phenomenon and the alternatives to Microsoft Exchange is one of those subjects.

Today I found out a good article about this, An Open Look at Groupware, written by Jim Conley and part of the July issue of the Redmond Magazine. Jim talks about the 2 major open source Exchange competitors: and Open-Xchange. I particularly like the way he finishes the article:

For Exchange administrators considering any messaging or groupware upgrade or migration, open source groupware deserves a look. With Windows-based open source client alternatives to Outlook not yet fully baked, open source groupware will remain an unfeasible work in progress for some; others will find the possibilities of server-side groupware carry enough immediate benefit to replace an Exchange installation.

Of course, for me there’s no turning back. I’m completely addicted to Exchange!

Messaging Hygiene at Microsoft v2.0

The collection of documents “Messaging Hygiene at Microsoft” have been updated to version 2.0. These documents provide us a detailed description on how Microsoft IT manages the large quantities of spam and malware-infected messages in its inbound Internet e-mail traffic.

I haven’t had the time to read them yet, but a quick look unveiled that Sender ID is now mentioned.

The documents are available here.