How to Configure the SCL in Exchange

Recently I was asked what the proper Spam Confidence Level (SCL) should be for an Exchange 2007 installation. The answer is the ever-popular, "it depends."

The SCL is a value that Exchange assigns to each incoming SMTP email and is based on Microsoft's SmartScreen technology. This score determines how likely Exchange thinks an email message is spam. A rating of 0 means the message is not likely spam and a rating of 9 means the message is most likely spam.

SmartScreen is a "black hole" technology -- meaning that the algorithms and heuristics it uses for scoring is not published by Microsoft, thereby making it more difficult for spammers to create messages that can score lower and pass the filter. The Exchange server downloads new heuristics from Microsoft periodically.

Exchange 2003 SP2 introduced the Internet Message Filter (IMF) to score emails with an SCL rating. Exchange 2007 uses Content Filtering on the Anti-spam tab of the Edge Transport server to score emails (as shown below). It can also be enabled on a Hub Transport server if Edge Transport servers are not used. See How to Enable Anti-Spam Functionality on a Hub Transport Server.

Selecting the right SCL filter level is not an exact science. You're trying to filter obvious spam without accidentally filtering legitimate messages. You can use the following method to determine the starting point for your filter.

Using Perfmon to Select the SCL Filter Level
The best way to determine the appropriate SCL filter level is to use perfmon and examine the MSExchange Content Filter Agent object. Over time, the "Messages with SCL x" counters will increment and begin to show a trend.

In the example below, the Messages with SCL 0 through 7 counters are in the lower half of the scale. Messages with SCL 8 is off the charts at 270 -- more than all the lower SCL levels combined. From this data we can infer that it is safe to filter messages with an SCL higher than 7.

Note that these counters reset to zero upon restart of the server. It may take a little while before the trend appears.

Keep in mind that this is only the filter to begin with. You may have to adjust your filter up or down for your specific environment, but this will give you an excellent starting point.

SmartScreen filtering is just one of the anti-spam solutions available for Microsoft Exchange Server. Other solutions include Sender ID Framework, Outlook Junk E-Mail Filter, and Microsoft Exchange Hosted Filtering. See the Microsoft AntiSpam Technologies website for more details.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Outlook Calendar Delays Explained

Some customers experience performance issues when opening other user’s calendars. A delay occurs the first time they open the calendar, but subsequent access is fine. At random times the performance issue occurs again. Here’s why this happens.

When Outlook accesses another user’s calendar, Exchange applies a view which restricts the user from viewing private items. This happens regardless of whether there are any private items or not. This process is run on, and controlled by, the Exchange server. The act of applying a view to a folder creates search folders in the Exchange store. Once the search folder has been created, it is cached for later use, which makes subsequent viewings faster.

Exchange doesn’t cache all search folders forever. Doing so would cause server-side delays since the cache folders are continuously updated by Exchange.

The number of search folders (also known as views) is defined at the store level in Exchange. The default is 11 and the best practice is to set it between 5 to 20 views, per mailstore. It’s important to note that this number is global for the mailstore and views are not shared between users.

To demonstrate, suppose John is an administrative assistant and manages 10 separate calendars. The first time he accesses each calendar, there is a delay as Exchange creates the view. After the views have been built, subsequent access is fast. Now another user, Linda, opens 6 other calendars, including the first 3 calendars that John accessed. John and Linda are in the same mailstore. In this example, calendars 1-3 are cached for Linda, 4-7 are cached for John and 8-11 are cached for Linda. John will have to wait to access to access the first calendar while the view is rebuilt for him. By increasing the number of views stored on the Exchange server to 20, this will not occur (10+6=16, which is less than 20).

The number of views stored on the Exchange server is held in the msExchMaxCachedViews attribute in AD. To adjust the value, use ADSIEdit to navigate to dn: CN=Mailbox Store,CN=Storage Group,CN=InformationStore,CN=Server NAME,CN=Servers,CN=AG Name,CN=Administrative Groups,CN=Orgname,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Company,DC=com. Right-click the mailbox store to adjust on the right pane and edit the msExchMaxCachedViews attribute.

Setting the value too low will cause more frequent delays for users as the views are built more often. Setting the value too high will cause slow overall Exchange performance as more views are continously updated. It should never be set higher than 50.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

New Certifications

May 2008 was a busy month for me.

In addition to writing a book, I passed five exams in the first three weeks and earned my MCITP:Enterprise Messaging Administrator (the premier Exchange 2007 administrator certification) and three MCTS certifications (SCOM 2007, ForeFront and Exchange 2007).

That makes 34 exams in a row that I've passed without failing, including my CISSP. Yes!! The streak remains unbroken!

I've put together a certifications page that lists the current certifications that I hold, which I'm rather proud of.

Tomorrow I'm off to TechEd and I can't wait! I'll be blogging at least once a day while I'm there. Check my blog all week. If you're going to TechEd yourself, I might meet you at the TechEd Blogger Ultra Lounge. See you there!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Outlook Calendar Synchronization Cookbook

I carry an AT&T 8525 Windows Mobile device as my phone and PDA. It’s connected to my company’s Exchange 2007 server back in the office, but as a consultant I’m nearly always at a client site.

When I’m onsite for any length of time the client usually provides me with an email account on their network so that I can more easily communicate with teams and accept meeting invitations. The trouble for me has always been how to synchronize calendar data between the two calendars. There are lots of hard and messy ways to do this – I can forward the appointments to my WM device or type them in manually, or I can use Google calendar to do a “middle man” synchronization.

What I’ve discovered that does a really good job is a software and service called Funambol. This free service is made up of three components:

• The Funambol client for Windows Mobile
  
• The Funambol client for Windows Outlook
  
• The myFunambol Portal, the hosted server that holds the synchronized data
  

Funambol can perform synchronization of email, contacts, calendar items, tasks, notes and briefcases. Synchronization can be one-way (from Funambol server to phone only or from phone to server only) or two-way. Since I only perform calendar synchronization this article only covers this, but the other types of synchronization can be setup the same way.

To begin, sign up for a free myFunambol account at http://my.funambol.com. This creates a personal database account for you that will hold the synchronized data. The myFunambol portal also offers a web interface where you can view and manage your synchronized data stored on the server.

Next, download the Funambol Outlook Plugin from https://www.forge.funambol.org/download and install it on the computer with Outlook that you want to sync with your mobile device. Follow the Wizard to install the plugin. I won’t list them here because Funambol updates their software regularly and the steps may change, but here are the settings I use in the version I’m currently using:

• Account and password are the same as the myFunambol account
  
• Sync Calendar; One-way: Outlook -> Server; Synchronize every 2 hours

Test the synchronization from Outlook. The plugin may warn you that it needs to perform a full sync the first time. Once the sync completes, log into the myFunambol portal to ensure that your data is there.

Now download and install the correct Funambol client for your mobile device from https://www.forge.funambol.org/download. Funambol makes one for Windows Mobile PocketPC, Windows Mobile Smartphone, Blackberry, Java based phones and even the Apple iPod.

Install the client on your device and configure it thusly:

• Account and password are the same as the myFunambol account
  
• Synchronize all items in: Calendar
  
• PIM options – Sync Direction: Server to Phone only
  
• Sync Method: Scheduled Sync, Sync every 2 hours

Now sync your mobile device. The device will tell you that it needs to perform a full sync the first time and begin syncing the data from the myFunambol portal.

Viola!!! Calendar synchronization made easy!

For this solution to work, your Outlook client must be running and have Internet access.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

New File Extensions Blocked in Outlook 2003 SP3

After several months of testing, a client recently deployed Service Pack 3 for Microsoft Office 2003 to nearly 10,000 clients via WSUS. They have a scripted routine that they follow during testing of patches and updates to ensure that there are no interoperability issues, but of course, you can't test everything. I mean, how are you going to know that a certain update will prevent an HP 4200 printer from feeding from the secondary paper tray? And yes, I've actually seen that happen.

Well, shortly after deployment they start getting complaints that emails with links to Public Folders (XNK files) can't be opened on Outlook 2003. Could it be that Microsoft actually did this on purpose? After an hour or so of re-reading all the scattered documentation for Office SP3, including Information about certain file types that are blocked after you install Office 2003 Service Pack 3 and the Downloadable list of issues that the service pack fixes, I couldn't find anything that documented this change.

I opened a case with Microsoft and found that not only are XNK extenstions blocked, but several others are as well. Here's an unofficial list of the extensions blocked by Outlook 2003 SP3 (I apologize for all the blank space that Blogger inserts before this table, please scroll down):

File Extension	File Type
.ade	Access Project Extension (Microsoft)
.adp	Access Project (Microsoft)
.app	Executable Application
.asp	Active Server Page
.bas	BASIC Source Code
.bat	Batch Processing
.cer	Internet Security Certificate File
.chm	Compiled HTML Help
.cmd	DOS CP/M Command File, Command File for Windows NT
.com	Command
.cpl	Windows Control Panel Extension (Microsoft)
.crt	Certificate File
.csh	csh Script
.der	DER Encoded X509 Certificate File
.exe	Executable File
.fxp	FoxPro Compiled Source (Microsoft)
.gadget	Windows Vista gadget
.hlp	Windows Help File
.hta	Hypertext Application
.inf	Information or Setup File
.ins	IIS Internet Communications Settings (Microsoft)
.isp	IIS Internet Service Provider Settings (Microsoft)
.its	Internet Document Set, Internet Translation
.js	JavaScript Source Code
.jse	JScript Encoded Script File
.ksh	UNIX Shell Script
.lnk	Windows Shortcut File
.mad	Access Module Shortcut (Microsoft)
.maf	Access (Microsoft)
.mag	Access Diagram Shortcut (Microsoft)
.mam	Access Macro Shortcut (Microsoft)
.maq	Access Query Shortcut (Microsoft)
.mar	Access Report Shortcut (Microsoft)
.mas	Access Stored Procedures (Microsoft)
.mat	Access Table Shortcut (Microsoft)
.mau	Media Attachment Unit
.mav	Access View Shortcut (Microsoft)
.maw	Access Data Access Page (Microsoft)
.mda	Access Add-in (Microsoft), MDA Access 2 Workgroup (Microsoft)
.mdb	Access Application (Microsoft), MDB Access Database (Microsoft)
.mde	Access MDE Database File (Microsoft)
.mdt	Access Add-in Data (Microsoft)
.mdw	Access Workgroup Information (Microsoft)
.mdz	Access Wizard Template (Microsoft)
.msc	Microsoft Management Console Snap-in Control File (Microsoft)
.msh	Microsoft Shell
.msh1	Microsoft Shell
.msh2	Microsoft Shell
.mshxml	Microsoft Shell
.msh1xml	Microsoft Shell
.msh2xml	Microsoft Shell
.msi	Windows Installer File (Microsoft)
.msp	Windows Installer Update
.mst	Windows SDK Setup Transform Script
.ops	Office Profile Settings File
.pcd	Visual Test (Microsoft)
.pif	Windows Program Information File (Microsoft)
.plg	Developer Studio Build Log
.prf	Windows System File
.prg	Program File
.pst	MS Exchange Address Book File, Outlook Personal Folder File (Microsoft)
.reg	Registration Information/Key for W95/98, Registry Data File
.scf	Windows Explorer Command
.scr	Windows Screen Saver
.sct	Windows Script Component, Foxpro Screen (Microsoft)
.shb	Windows Shortcut into a Document
.shs	Shell Scrap Object File
.ps1	Windows PowerShell
.ps1xml	Windows PowerShell
.ps2	Windows PowerShell
.ps2xml	Windows PowerShell
.psc1	Windows PowerShell
.psc2	Windows PowerShell
.tmp	Temporary File/Folder
.url	Internet Location
.vb	VBScript File or Any VisualBasic Source
.vbe	VBScript Encoded Script File
.vbs	VBScript Script File, Visual Basic for Applications Script
.vsmacros	Visual Studio .NET Binary-based Macro Project (Microsoft)
.vsw	Visio Workspace File (Microsoft)
.ws	Windows Script File
.wsc	Windows Script Component
.wsf	Windows Script File
.wsh	Windows Script Host Settings File
.xnk	Exchange Public Folder Shortcut

Nothing p$%#es me off more than undocumented changes in functionality. At this point in time, this information is not documented ANYWHERE on Microsoft's website.

I certainly don't mind Microsoft fixing security holes, but for crying out loud, DOCUMENT IT!!! How do they expect us to roll out critical patches and updates if they change functionality and don't tell anyone? No one looks good when that happens.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Using DiskPart

This post is mainly for me, since I never can seem to remember the commands to use. :)

DiskPart is a utility that, among other things, allows you to specify the cylinder alignment of hard drives. Exchange and SQL particularly benefit from a 64KB sectors. So much so, in fact, that 64KB alignment is (finally!) the default in Windows Server 2008.

There are plenty of resources on the net that explain when and how to use it. A good explanation by the Exchange Blog can be read here and the Microsoft reference for DiskPart is here.

The commands I use are:

C:\>diskpart
Microsoft DiskPart
version 5.2.3790.1830
Copyright (C) 1999-2001 Microsoft Corporation.
On computer: Exchange2003

DISKPART> select disk 1

Disk 1 is now the selected disk.

DISKPART> create partition primary align=64
DiskPart succeeded in creating the specified partition.

Then open Disk Management, assign a drive letter to the new drive and format it as usual.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email