Archive for the 'BPOS' Category

Send email to BPOS from a “fake” email address

Published on May 24, 2010 in BPOS. 1 Comment

After I setup the SMTP relay server to send emails to BPOS, the next challenge to address was how could I allow multiple email addresses to send to BPOS that weren’t real mailboxes. For example, I have firewall logs sent from firewall@domain.com, but it isn’t a real mailbox.

The solution was much easier than I thought.

In your SMTP relay account, you just have to add it as an alternate email address. Make sure you add the alternate email addresses under this account!

To verify it, take a look at your SMTP relay logs.

If you send a test email from an email that isn’t added as an alternate email address, this is what you’re going to see:

MAIL - FROM:<firewall@demouser.org>
550+5.7.1+Client+does+not+have+permissions+to+send+as+this+sender

Log in to your admin site for BPOS. Find the account that you have setup as your relay account, and add the email address as an alternate email on the admin site as shown below.

image

Once you have added the email address, resend your test email and check your logs. You should now see this:

MAIL - FROM:<firewall@demouser.org>
250+2.1.0+Sender+OK

That’s all there is to it. Now all you have to do is add the email addresses for the rest of your “fake” senders.

If I have missed anything or you have some comments, please leave a comment.

Configure SMTP Relay for BPOS/Exchange Online

Published on May 9, 2010 in BPOS. 33 Comments

When we made the move to Microsoft’s BPOS, we were left with a situation where some of our appliances were not able to make secure connections to the BPOS servers in order to send secure mail. The Microsoft Online Services (MOS) had a blog entry that explains how to setup SMTP relay to Exchange Online for your devices, but it makes an assumption that you can change the port on your appliance and/or software. We had ones that wouldn’t allow us to do that.

We talked to the support team about setting up a local SMTP relay that we could use to send messages to locally and in turn would send messages to Exchange Online securely. Unfortunately, they weren’t able to help much. They had some instructions on how to set it up, which was the blog post above, but nothing detailed.

I decided to use IIS’s SMTP Relay since it was something that was free and looked to be fairly simple to use.

Here is how I set it up. I’m making the assumption that you’ve already installed IIS and the SMTP service as shown below.

image

1) Go to the properties of the SMTP Virtual Server. Select the IP address of the server, and then click Advanced. In the Advanced section, verify the port that you want to use. In this case, I chose to use port 25.

image image

2) Select the Access tab. Click on Connection inside the Connection Control section and select the nodes you would like to have access to the SMTP Relay. Next click Relay under the Relay Restrictions section and select the nodes you want to relay through the server. In this example, I only chose this single server the ability to relay messages.

image image

3) Select the Delivery tab. Click the Outbound Security option. Select the Basic Authentication radio button and the TLS encryption option as well. Under basic authentication, enter the username/password (I left the username blank intentionally) of the mailbox that is going to be the account that is going to send out the email. IMPORTANT: This user must be an Exchange Online user, so you will use a license on this account. Once you have entered the information, hit OK. Select the Outbound Connections button. Change the TCP port to 587 and hit OK. And finally, select the Advanced button and enter in smtp.mail.microsoftonline.com into the smart host field. (Thanks Jeff for the reminder.)

image image image

NOTE: If you attempt to send as a user that is not an actual Exchange Online account, you will see the following message inside the logs. The logs are located here if you used the default values: C:\WINDOWS\system32\LogFiles\SMTPSVC1.

550+5.7.1+Client+does+not+have+permissions+to+send+as+this+sender

Otherwise you should see this entry in the log file.

250+2.1.0+Sender+OK

At this point, you can send a test email via the SMTP relay server to a recipient. I used a free command line utility called SendEmail. It has enough options to get the job done.

Once you send the email, check the logs to make sure that everything went through OK. When I enabled logging, I selected quite a few options because I’m not very familiar with IIS and didn’t know what I needed to record. I cleaned up the logs a little, but not enough. However, it’s enough for you to see what’s going on below.

EHLO - +tnssync1.tnslab.org 250 0 197 24 0 SMTP -
MAIL - +FROM:<trusteduser@senddomain.com> 250 0 41 28 0 SMTP -
RCPT - +TO:<user@recdomain.com> 250 0 33 30 0 SMTP -
DATA - +<792785.64453125-sendEmail@tnssync1> 250 0 120 720 16 SMTP -
QUIT - tnssync1.tnslab.org 240 31 68 4 0 SMTP -
220+smtp.mail.microsoftonline.com+Microsoft+ESMTP+MAIL+Service+ready+at+Sun,+9+May+2010+11:10:58+-0700 0 0 102 0 188 SMTP -
EHLO - tnssync1.tnslab.org 0 0 4 0 188 SMTP -
250-smtp.mail.microsoftonline.com+Hello+[75.228.236.136] 0 0 56 0 656 SMTP -
STARTTLS - - 0 0 8 0 656 SMTP -
220+2.0.0+SMTP+server+ready 0 0 27 0 1031 SMTP -
EHLO - tnssync1.tnslab.org 0 0 4 0 2281 SMTP -
250-smtp.mail.microsoftonline.com+Hello+[75.228.236.136] 0 0 56 0 2750 SMTP -
AUTH - - 0 0 4 0 2750 SMTP -
334+UGFzc3dvcmQ6 0 0 16 0 3063 SMTP -
235+2.7.0+Authentication+successful 0 0 35 0 3391 SMTP -
FROM:<trusteduser@senddomain.com>+SIZE=982 0 0 4 0 3391 SMTP -
250+2.1.0+Sender+OK 0 0 19 0 3531 SMTP -
RCPT - TO:<user@recdomain.com> 0 0 4 0 3531 SMTP -
250+2.1.5+Recipient+OK 0 0 22 0 3656 SMTP -
BDAT - 982+LAST 0 0 4 0 3656 SMTP -
250+2.6.0+<792785.64453125-sendEmail@tnssync1>+Queued+mail+for+delivery 0 0 71 0 4266 SMTP -
QUIT - - 0 0 4 0 4266 SMTP -
221+2.0.0+Service+closing+transmission+channel 0 0 46 0 4406 SMTP -

As you can see, the message sent out to Exchange Online via TLS. To verify it even further, look at the header information in the email that you received. In the header you should see the following line:

Received: from tnssync1.tnslab.org (75.228.236.136) by
smtp.mail.microsoftonline.com (10.32.16.41) with Microsoft SMTP Server (TLS)

At this point, your server is setup to send messages to Exchange Online securely.

If you have any additional input or if I missed anything, please email me and let me know.

My experience with BPOS

Published on April 24, 2010 in BPOS. 18 Comments

It’s been about 6 weeks since we have started using Microsoft’s Business Productivity Online Suite (BPOS), and I think it’s a good time to write down a few thoughts about our experience with the service. I’ve scoured the web for reviews when we were in our planning phase, and it was very difficult to find any real world reviews. I have had a couple of requests to describe our experience with BPOS, but I just haven’t had enough time to put down all my thoughts on paper. I hope to write more about our problems and solutions hopefully soon as well.

Let’s start with the good.

Support

I can’t praise the support reps enough that I have spoken to over the past few weeks. I haven’t had this great level of service from any other company before. The reps really went out of their way to help us as much as they could. Again, I can’t thank these guys enough for all their help. There is one caveat. Since this is still relatively a new service, they don’t have all the answers. That’s not their fault by any means, and I only expect it to get better as the service matures. Even when they didn’t have the answers, they went out of their way to help us during our migration and the issues we had afterwards.

Setup

Overall, the setup to get the migration and directory sync was relatively simple. First you have to decide whether you want to live in a coexistance mode vs. strictly using BPOS. Chances are that if you have Exchange on premise, you’ll spend some time living in co-existance mode before fully switching to BPOS. I’ll write about this in a separate entry.

Mailbox Sizes

Recently, Microsoft made a decision to increase everyone’s mailbox limit to 25GB. That doesn’t mean you have to give it all to your users, but it’s nice to know that we have space available if we need it. We don’t give our users the max size because that would mean more forwards and chain-letters stored in their inbox.

Now on to the not-so-good.

Service Uptime

Microsoft has published a RSS feed with notifications about the online services. When I first started going through the feed, I was worried. It seemed that every few days they had some issue affecting the mail servers. In fact, 3 weeks into our service, we had a downtime of almost 2 hours. The good news is that it didn’t affect all of our users. This can be both a good and bad thing depending on who you’re asking. Since I was on the server that went down, I wasn’t thrilled. We haven’t had any major issues since that event, and I expect the uptime to get better as they work out the kinks.

Ancillary Services

One thing we quickly learned after signing up with BPOS is that each piece of the puzzle is handled by multiple departments – 13 total from what I was told. For example, we have signed up to use the Exchange Hosted Archiving solution for our company. The service setup took much longer than expected. Once the order was put in, it took a few business days for the service to be activated. In fact, it’s been over 5 business days since we put in our request for email encryption and we still don’t have the service activated. One thing I want to point out is that this was made known to us from the very beginning. We knew going into this that the setup would not be quick. Once again, as the service matures, I expect this setup process to drastically reduce in time.

Final Thoughts

I am in no way regretting our decision to move to BPOS. If anything, I will miss having a local Exchange server to administer, but this does leave me some room to move on to other projects.

I cannot stress enough about the great support we have received from the reps. Even our rep for our Hosted Archiving has been nothing but helpful. They really have made the service a great experience. I hope that Microsoft commends them for their work.

Even though I have listed a couple of negative points here, I really don’t consider them that bad. I knew that this was a relatively new service and that we would experience a few bumps along the way. If you don’t have the patience to deal with minor bumps, then BPOS is not the service for you – at least not at this point in time.  This service will get better over time, but for now expect some bumps along the way.

If there is something specific you would like to know, please leave a comment. If I have any experience with it, I will be more than glad to let you know how it went.  I still have more to write about how we dealt with BPOS internally, but I’ll have to save that for another entry.

Taz is slowly waking up. Father mode ON.

Configuring a web filter for Microsoft BPOS

Published on March 12, 2010 in BPOS. 6 Comments

I’ve recently started migrating our users over to Microsoft’s BPOS offering. After moving our initial set of users over, we noticed that Outlook was moving at a snails pace when reading emails. It was to a point that Outlook would just lock up and become non-responsive.

We tested a user that was on a different gateway, and we noticed that the speeds were noticeably faster. The only difference between the two gateways is that one had a Barracuda Networks web filter appliance.

After speaking to a Barracuda support rep, we came to the conclusion that we needed to add exemptions for the IPs used by Microsoft. I called Microsoft Online Services support, and got the IPs used for BPOS.

However, after adding these exemptions in, we still noticed that the speeds were unbearable. There were moments that it seemed to work quick but it was short-lived. After searching the firewalls logs to see what exactly was being accessed, I found 3 more subnets that Outlook was connecting too. Once I added those subnets into the exemption list, everything started to run much quicker.

Here are the subnets that are supplied by Microsoft Online Services support for North America:

Primary: 65.55.171.0/24
Secondary: 65.55.63.0/24

These are the additional subnets that I added in:

65.55.236.0/24
65.55.97.0/24
65.55.50.0/24

I’m planning on writing about my experience with Microsoft BPOS once I complete the migration. I’m hoping to be able to complete it within the next two weeks.

Have any of you completed a migration to BPOS? How was your experience?