This chapter discusses techniques you’ll use to manage Microsoft Exchange organizations. Exchange organizations are the root of your Exchange environment, and it’s at the organization level that you specify global settings and define the administrative and routing group structures you want to use. Global settings define default message conversion rules and message delivery options for all Exchange servers in your organization. Administrative groups define the logical structure of your organization; you use them primarily in large Exchange installations to simplify the management of permissions. Routing groups define the connectivity and communication channels for the organization’s Exchange servers; you normally use them only when you need to connect branch offices or other geographically separated locations.
You use global settings to set basic messaging rules throughout the organization. They are ideally suited to environments in which you require consistent message formatting and delivery options. Although global settings are important, you can specify many of the same configuration options at other levels in the organization. For example, instead of setting the rules on a global basis, you can set messaging rules for servers, data stores, or individual mailboxes.
It’s important to make sure that global settings don’t conflict with settings made elsewhere in the organization. This is why local settings always override global settings. This means you can set global values at the organization level and then override those values as necessary.
Internet message format options allow you to set rules that Simple Mail Transfer Protocol (SMTP) servers use to format outgoing messages. By default, when Messaging Application Programming Interface (MAPI) clients in the organization send messages, the message body is converted from Exchange Rich Text Format (RTF) to Multipurpose Internet Mail Extensions (MIME) and message attachments are identified with a MIME content type based on the attachment’s file extension. You can change this behavior by applying new rules.
You enforce message formatting rules through SMTP policies. The default policy applies to all outbound mail that isn’t subject to another SMTP policy. Other policies apply to a specific domain that you designate.
You can access and modify the default SMTP policy by completing the following steps:
Start System Manager, and then expand Global Settings.
Select Internet Message Formats. In the right pane, you should see a list of the currently defined SMTP policies. The Domain column specifies the domains to which the policies apply.
Right-click the policy labeled Default, and then select Properties. You can now view or modify the default message formats for the organization.
Occasionally, you’l l need to format mail that is bound for another organization in a specific way. To do this, you’ll need to create an SMTP policy for the domain by completing the following steps:
Start System Manager, and then expand Global Settings.
Right-click Internet Message Formats, point to New, and then choose Domain. This displays the Properties dialog box shown in Figure 13-1.
In the Name field, type a descriptive name for the SMTP policy. Then type the Domain Name System (DNS) name of the domain to which the policy will apply, such as microsoft.com.
Click the Message Format tab and then set the message encoding and character sets you want to use as described in the section of this chapter entitled "Setting Message Encoding and Character Set Usage."
Click the Advanced tab and then set advanced formatting options as described in the section of this chapter entitled "Managing Rich-Text Formatting, Word Wrap, Autoresponses, and Display Names."
Click OK to create the policy. The policy is then applied to all mail being delivered to the designated domain.
You can change or delete message formatting rules at any time. To do this, follow these steps:
Start System Manager, and then expand Global Settings.
Select Internet Message Formats. In the right pane, you should see a list of the currently defined SMTP policies. The Domain column specifies the domains to which the policies apply.
To edit the formatting rules for a domain, right-click the related policy, and then select Properties. You can now modify the message formatting rules for this domain.
To delete the formatting rules for a domain, right-click the related policy, and then select Delete. When prompted to confirm the deletion, click Yes.
Two key aspects of message formatting are encoding and character set usage. Message encoding rules determine the formatting for elements in the body of outbound messages. Character set usage determines which character sets are used for reading and writing messages. If users send messages with text in more than one language, the character set that’s used determines how the various languages are displayed.
To set message encoding and character set usage, follow these steps:
Start System Manager, and then expand Global Settings.
Select Internet Message Formats. In the right pane, you should see a list of the currently defined SMTP policies.
Right-click the policy you want to edit, and then select Properties.
Click the Message Format tab, as shown in Figure 13-2. Exchange Server can format messages using either UUEncode or MIME. To use UUEncode, select UUEncode and then, if you wish, select Use BinHex For Macintosh to deliver messages to Macintosh clients using the native binary encoding format. To use MIME, select MIME in the Message Encoding panel, and then choose one of the following options:
Provide Message Body As Plain Text. Exchange Server converts the message body to text format and any other elements, such as graphics, are replaced with textual representations.
Provide Message Body As HTML. Exchange Server converts the message body to Hypertext Markup Language (HTML). This allows compliant client applications to display the message body with graphics, hypertext links, and other elements. Clients that don’t support HTML, however, display the actual markup tags mixed in with the text, which can make the message difficult to read.
Both. Exchange Server delivers messages with their original formatting, which can be either plain text or HTML. Use this option to allow the sender to choose the message format.
Note
Exchange Server also supports a third message encoding format called Exchange Rich Text Format that you enable through an advanced configuration setting, which I will discuss later on. Exchange Rich Text Format is displayed only when clients elect to use this format and you’ve set the Rich Text Format as Always Use or Determined By Individual User Settings.
Select the character sets to use for MIME and non-MIME messages, such as Western European (ISO-8859-1). All text in the affected outbound messages uses the character set you specify.
Click OK to apply the changes. Keep in mind that local settings override global settings.
Many advanced options are available for message formatting as well. These options control the use of Exchange Rich Text Format, word wrap, autoresponses, and display names.
To set these advanced formatting options, follow these steps:
Start System Manager, and then expand Global Settings.
Select Internet Message Formats. In the right pane you should see a list of the currently defined SMTP policies.
Right-click the policy you want to edit, and then select Properties. Click the Advanced tab, as shown in Figure 13-3.
Exchange Rich Text Format is a preferred text format for older Exchange clients. By default, individual user settings are used to determine availability of Exchange Rich Text Format. If you want to override this setting, in the Exchange Rich-Text Format panel, select Always Use or Never Use. With Always Use, all outbound messages to which this policy applies are formatted in RTF, provided that you haven’t set MIME encoding to HTML on the Message Format tab. With Never Use, RTF support is disabled, and Exchange Server uses the format you set on the Message Format tab.
Text word wrap controls whether long lines of text are reformatted with line breaks. By default, individual user settings determine when text word wrapping occurs and the Never Use option is selected. If you want to enforce text word wrapping at a specific character position, select Use At Column and then enter a column number.
Use the options in the lower third of the dialog box to enable or disable autoresponses. Autoresponses are automatic messages sent in response to an inbound message. By default, all autoresponse messages are enabled. These messages are as follows:
Out Of Office Responses. Notifies the sender that the recipient is out of the office
Automatic Replies. Notifies the sender that the message was received
Automatic Forward. Allows Exchange Server to forward or deliver a duplicate message to a new recipient
Allow Delivery Reports. Allows Exchange Server to return delivery confirmation reports to the sender
Allow Non-Delivery Reports. Allows Exchange Server to return nondelivery confirmation reports to the sender
Preserve Sender’s Display Name On Message. Allows both the sender’s name and e-mail address to appear on outbound e-mail messages
The final option on the Advanced tab controls the use of display names. If you want Exchange Server to deliver messages with the display name shown in the Address Book, select Preserve Sender’s Display Name On Message. Otherwise, clear this check box, and Exchange Server delivers messages using the Exchange alias.
Click OK to apply the changes. Keep in mind that local settings override global settings.
When Exchange Server sends messages to clients outside the organization, message attachments are assigned a content type based on the attachment’s file extension. This content type tells the client about the contents of the attachment, such as whether it’s an HTML document, a Graphics Interchange Format (GIF) image, or a Portable Document Format (PDF) file.
You can associate multiple file extensions with a single content type. For example, the MIME type text/html has two file extension mappings by default. These mappings are for the file extensions .htm and .html.
To view current MIME type-to-file extension mappings, follow these steps:
Start System Manager, and then expand Global Settings.
Right-click Internet Message Formats, and then choose Properties. This displays the Properties dialog box shown in Figure 13-4.
To add a new MIME type-to-file extension mapping, follow these steps:
Start System Manager, and then expand Global Settings.
Right-click Internet Message Formats, and then choose Properties.
In the Type field, type the MIME content type, such as text/html.
In the Associated Extension field, type the file extension to associate with the content type, such as htm.
Click OK in the Add MIME Content Type dialog box. Repeat this procedure to add other MIME content type mappings.
To edit an existing MIME type-to-file extension mapping, follow these steps:
Start System Manager, and then expand Global Settings.
Right-click Internet Message Formats, and then choose Properties.
Double-click the MIME content type mapping that you want to change.
Make changes in the MIME Type Properties dialog box, and then click OK.
To remove a MIME type-to-file extension mapping, follow these steps:
Message delivery options allow you to set restrictions for messages sent within, and received by, the organization’s Exchange servers. A related option is the default SMTP postmaster account, which is used with nondelivery reports (NDRs). These global delivery options apply throughout the organization unless local settings override them.
Delivery restrictions control the maximum size of messages that can be sent and the maximum number of recipients to which a message can be addressed. These delivery restrictions are useful whenever you need to closely control the use of Exchange Server resources. By restricting message size, you prevent users from sending messages that might require excessive processing time when routing within the organization. By restricting the number of recipients, you prevent users from sending messages that could require hundreds or thousands of individual directory lookups and delivery connections.
To set delivery restrictions, follow these steps:
Start System Manager, and then expand Global Settings.
Right-click Message Delivery, and then choose Properties.
As shown in Figure 13-5, click the Defaults tab, and then use these options to set delivery restrictions:
Sending Message Size. Controls the size of the messages that users can send. By default, the limit is set to 10240 KB. To remove the limit, select No Limit. To change the limit, select Maximum (KB) and then type a new maximum outgoing message size.
Receiving Message Size. Controls the size of the messages that users can receive. By default, the limit is set to 10240 KB. To remove the limit, select No Limit. To change the limit, select Maximum (KB), and then type a new maximum incoming message size.
Recipient Limits. Controls the number of recipients to which a message can be addressed. By default, the limit is set to 5000. To remove the limit, select No Limit. To change the limit, select Maximum (Recipients), and then type a new recipient limit.
Click OK to apply the restrictions.
Real World
A reasonable limit for incoming and outgoing messages is 15 MB (15,360 KB). A 15-MB limit allows users to attach fairly large files to messages if necessary but doesn’t allow them to abuse the e-mail system. Most Microsoft PowerPoint presentations and even application executables could be sent with this restriction. Keep in mind, though, that the 15-MB limit applies to the total message size, which includes all the overhead needed by Exchange Server to format the message into sections for delivery.
When a message can’t be delivered in the organization, the sender receives an NDR. NDRs are always sent by the organization’s postmaster account. This means that the postmaster is listed in the From field of all nondelivery messages, and when users reply to a nondelivery message, the message is addressed to the postmaster by default.
The default postmaster is the Exchange Administrator account. To allow users to reach an actual person in case of problems, you should set up a separate mailbox or designate a postmaster for the organization.
To designate an existing account as the postmaster mail recipient, follow these steps:
Start Active Directory Users And Computers.
Right-click the mail-enabled user account that you would like to make the postmaster and then select Properties.
On the E-mail Addresses tab, click New. Afterward, in the New E-mail Address dialog box, click SMTP Address and then click OK.
In the E-mail Address field, type <postmaster@domain.com> where domain.com is the organization’s default domain name.
Click OK.
Every minute users spend dealing with unsolicited commercial e-mail (called spam) or other unwanted e-mail is a minute they cannot do their work and deal with other issues. To deter spammers and other senders from whom users don’t want to receive messages, you can use message filtering to block these people from sending messages to your organization. Not only can you filter messages that claim to be from a particular sender or are sent to a particular receiver, you can also establish connection filtering rules based on real-time block lists.
The sections that follow discuss sender, recipient, and connection filtering options. Configuring filtering is a two-step process:
Configure the sender, recipient, and connection filters that you want to use.
Enforce the filter rules by applying them to your organization’s SMTP virtual servers.
Real World
As you configure filtering, keep in mind that Exchange Server 2003 is designed to combat the most commonly used spammer techniques, not all of them. Like the techniques of those who create viruses, the techniques of those who send spam frequently change, and you won’t be able to prevent all unwanted e-mail from going through. You should, however, be able to substantially reduce the flow of spam into your organization.
Sometimes when you are filtering spam or other unwanted e-mail, you’ll know specific e-mail addresses or e-mail domains from which you don’t want to accept messages. In this case, you can block messages from these senders or e-mail domains by configuring sender filtering. Another sender that you probably don’t want to accept messages from is a blank sender. If the sender is blank, it means the From field of the e-mail message wasn’t filled in and the message is probably from a spammer.
To configure filtering according to the sender of the message, follow these steps:
Start System Manager, and then expand Global Settings.
Right-click Message Delivery, and then choose Properties. This displays the Message Delivery Properties dialog box.
Click the Sender Filtering tab, as shown in Figure 13-6. The Senders list box shows the current sender filters if there are any.
You can add a sender filter by clicking Add, typing the address you’d like to filter, and then clicking OK. Addresses can be of the following formats:
A specific e-mail address, such as <[email protected]>
A display name enclosed in quotes, such as "Walter"
A group of e-mail addresses designated with the wildcard character (*), such as *@microsoft.com, to filter all e-mail addresses from microsoft.com, or *@*.microsoft.com to filter all e-mail addresses from child domains of microsoft.com.
You can remove a filter by selecting it, and then clicking Remove.
To edit a filter, double-click the filter entry, enter a new value, and then click OK.
You can also filter messages that don’t have an e-mail address in the From field. To do this, select the Filter Messages With Blank Sender check box.
If you want to ensure Exchange doesn’t waste processing power and other resources dealing with messages from filtered senders, select the Drop Connection If Address Matches Filter check box. With this check box selected, Exchange breaks the connection with the mail server attempting to deliver the message and doesn’t archive the message or return an NDR to the sender. Click OK and skip the remaining steps.
If you want Exchange to archive filtered messages or return NDRs to the senders, clear the Drop Connection If Address Matches Filter check box.
Filtered messages are automatically deleted unless you archive them by selecting the Archive Filtered Messages check box. The filtered message archive is created in the Exchange Mailroot directory for the SMTP virtual server (which is normally located at C:ExchsrvrMailrootvsiN where N is the number of the SMTP virtual server).
An NDR is automatically generated for filtered messages and sent to the sender. To prevent filter notification, select the Accept Messages Without Notifying Sender Of Filtering check box.
Click OK.
In any organization, you’ll have users whose e-mail addresses change, perhaps because they requested it, left the company, or changed office locations. Although you might be able to forward e-mail to these users for a time, you probably won’t want to forward e-mail indefinitely. At some point, you or someone else in the organization will decide it’s time to delete the user’s account, mailbox, or both. If the user is subscribed to mailing lists or other services that deliver automated e-mail, the automated messages continue to come in unless you manually unsubscribe the user or reply to each e-mail that you don’t want to receive the messages any more. That’s a measure that wastes time, but Exchange administrators often find themselves doing this. It’s much easier to add the old or invalid e-mail address to a recipient filter list and specify that Exchange shouldn’t accept messages for users who aren’t in the Exchange Directory. Once you do this, Exchange won’t attempt to deliver messages for filtered or invalid recipients, and you won’t see related NDRs, either.
To configure filtering according to the message recipient, follow these steps:
Start System Manager, and then expand Global Settings.
Right-click Message Delivery, and then choose Properties. This displays the Message Delivery Properties dialog box.
Click the Recipient Filtering tab as shown in Figure 13-7. The Recipients list box shows the current recipient filters if there are any.
You can add a recipient filter by clicking Add, typing the address you’d like to filter, and then clicking OK. Addresses can refer to a specific e-mail address, such as <[email protected]>, or a group of e-mail addresses designated with the wildcard character (*), such as *@microsoft.com to filter all e-mail addresses from microsoft.com, or *@*.microsoft.com, to filter all e-mail addresses from child domains of microsoft.com.
You can remove a filter by selecting it and then clicking Remove.
To edit a filter, double-click the filter entry, enter a new value, and then click OK.
You can also filter messages that are sent to invalid recipients who don’t have e-mail addresses and aren’t listed in the Exchange Directory. To do this, select the Filter Recipients Who Are Not In The Directory check box.
Click OK.
If you find that sender and recipient filtering isn’t enough to stem the flow of spam into your organization, you might want to consider subscribing to a realtime block list service. Here’s how this works:
You subscribe to a real-time block list service. Typically, you’ll have to pay a monthly service fee. In return, the service lets you query their servers for known sources of unsolicited e-mail and known relay servers.
The service provides you with domains you can use for validation and a list of status codes to watch for. You configure Exchange to use the specified domains and enter connection filtering rules to match the return codes. Then you configure any exceptions for recipient e-mail addresses or sender Internet Protocol (IP) addresses.
Each time an incoming connection is made, Exchange performs a lookup of the source IP address in the block list domain. A "host not found" error is returned to indicate the IP address is not on the block list and that there is no match. If there is a match, the block list service returns a status code that indicates the suspected activity. For example, a status code of 127.0.0.3 might mean the IP address is from a known source of unsolicited e-mail.
If there is a match between the status code returned and the filtering rules you’ve configured, Exchange returns an error message to the user or server attempting to make the connection. The default error message says the IP address has been blocked by a connection filter rule, but you can specify a custom error message to return instead.
The sections that follow discuss creating connection filter rules, setting filter priority, defining custom error messages to return, and configuring connection filter exceptions. These are all tasks you’ll perform when you work with connection filters.
Before you get started, you’ll need to know the domain of the block list service provider and you should also consider how you want to handle the status codes the provider returns. Exchange allows you to specify that any return status code is a match, that only a specific code matched to a bit mask is a match, or that any of several status codes that you designate can match.
Table 13-1 shows a list of typical status codes that might be returned by a provider service. Rather than filter all return codes, in most cases, you’ll want to be as specific as possible about the types of status codes that match. This ensures that you don’t accidentally filter valid e-mail. For example, based on the list of status codes of the provider, you might decide that you want to filter known sources of unsolicited e-mail and known relay servers, but not filter known sources of dial-up user accounts, which might or might not be sources of unsolicited e-mail.
Table 13-1. Typical Status Codes Returned by Block List Provider Services
Return Status Code | Code Description | Code Bit Mask | ReturnStatus Code |
|---|---|---|---|
127.0.0.2 | Dial-up user account | 0.0.0.2 | 127.0.0.2 |
127.0.0.3 | Known source of unsolicited e-mail | 0.0.0.3 | 127.0.0.3 |
127.0.0.4 | Known relay server | 0.0.0.4 | 127.0.0.4 |
127.0.0.5 | Dial-up user account using a known source of unsolicited e-mail | 0.0.0.5 | 127.0.0.5 |
127.0.0.6 | Dial-up user account using a known relay server | 0.0.0.6 | 127.0.0.6 |
127.0.0.7 | Known source of unsolicited e-mail and a known relay server | 0.0.0.7 | 127.0.0.7 |
127.0.0.9 | Dial-up user, known source of unsolicited e-mail and known relay server | 0.0.0.9 | 127.0.0.9 |
You can create connection filter rules by completing the following steps:
Start System Manager, and then expand Global Settings.
Right-click Message Delivery, and then choose Properties. This displays the Message Delivery Properties dialog box.
Click the Connection Filter tab. The Rule list box on the Connection Filter tab shows the current filters (if any).
Click Add to display the Connection Filtering Rule dialog box shown in Figure 13-8.
Type the name of the rule in the Display Name field, such as Current Block List Rule or Relay Server Filter Rule.
In the DNS Suffix Of Provider field, type the domain name of the block list provider service, such as proseware.com.
Click Return Status Code to display the dialog box shown in Figure 13-9. Select one of the following options and then click OK:
Match Filter Rule To Any Return Code. Select this option to match any return code (other than an error) received from the provider service.
Match Filter Rule To The Following Mask. Select this option to match a specific return code and no others received from the provider service. For example, if the return code for known relay server is 127.0.0.4 and you want to match only on this specific code, you would enter the mask 0.0.0.4.
Match Filter Rule To Any Of The Following Responses. Select this option to match specific values in the return status codes. Click Add, type a return status code to match, and then click OK. Repeat as necessary for each return code you want to add.
Click OK to create the connection filter rule.
You can configure multiple connection filter rules. Each rule is listed in priority order and if Exchange makes a match using a particular rule, the other rules are not checked for possible matches. In addition to priority, rules also have a status as either enabled or disabled. If you disable a rule, it is ignored when looking for possible status code matches.
You can set connection filter priority and enable or disable rules by completing the following steps:
Start System Manager, and then expand Global Settings.
Right-click Message Delivery, and then choose Properties. This displays the Message Delivery Properties dialog box.
Select the Connection Filter tab shown in Figure 13-10. The Block List Service Configuration list box shows the current filters in priority order.
To change the priority of a rule, select it and then click the Up or Down arrow to change its order in the rule list.
To disable a rule, select it, and then click Edit. Next, in the Connection Filtering Rule dialog box, select Disable This Rule and then click OK.
Click OK to close the Message Delivery Properties dialog box.
When a match is made between the status code returned and the filtering rules you’ve configured, Exchange returns an error message to the user or server attempting to make the connection. The default error message says the IP address has been blocked by a connection filter rule. If you want to override the default error message, you can specify a custom error message to return on a per rule basis. The error message can contain the following substitution values:
%0 to insert the connecting IP address
%1 to insert the name of the connection filter rule
%2 to insert the domain name of the block list provider service
Some examples of custom error messages include the following:
The IP address (%1) was blocked and not allowed to connect.
%1 was rejected by %2 as a potential source of unsolicited e-mail.
Using the substitution values, you can create a custom error message by following these steps:
Start System Manager, and then expand Global Settings.
Right-click Message Delivery, and then choose Properties. This displays the Message Delivery Properties dialog box.
Click the Connection Filter tab and then select the filter you want to work with.
Click Edit. In the Custom Error Message To Return field, type the error message to return.
Click OK twice.
Sometimes you’ll find that an IP address, a network, or an e-mail address shows up incorrectly on a block list. The easiest way to correct this problem is to create a block list exception that specifies that the specific IP address, network, or e-mail address shouldn’t be filtered.
You can create connection filter exceptions for e-mail addresses by completing the following steps:
Start System Manager, and then expand Global Settings.
Right-click Message Delivery, and then choose Properties. This displays the Message Delivery Properties dialog box.
On the Connection Filter tab, click Exception to display the Block List Service Configuration Settings dialog box shown in Figure 13-11. Any current exceptions are listed in the SMTP Address list.
Click Add to add a filter exception. In the Add Recipient dialog box, type the e-mail address, such as <[email protected]>, and then click OK.
Select an existing e-mail address and then click Remove to delete a filter exception.
Note
Be sure that an e-mail address specified as an exception doesn’t match an address on the Recipient Filtering tab. If it does, a conflict occurs, and in most cases, the e-mail address is matched against the recipient filter, meaning Exchange won’t attempt to deliver messages for that e-mail address.
Click OK twice.
Exchange will accept e-mail from any IP address or network on the global accept list. To define accept-list entries for IP addresses and networks, complete the following steps:
Start System Manager, and then expand Global Settings.
Right-click Message Delivery, and then choose Properties. This displays the Message Delivery Properties dialog box.
Click Accept on the Connection Filtering tab. This displays the Accept List dialog box. You’ll find a list of current IP addresses and networks that are configured on the accept list in the IP Address (Mask) List.
Click Add to add an IP address or network to the accept list.
For a single IP address, select Single IP Address and then type the IP address in the field provided, such as 192.168.10.45.
For groups of computers, select Group Of IP Addresses and then type the subnet address, such as 192.168.0.0, and subnet mask, such as 255.255.0.0.
Select an existing entry and then click Remove to remove it from the accept list.
Click OK twice.
Exchange will reject e-mail from any IP address or network on the deny list. To define deny list entries for IP addresses and networks, complete the following steps:
Start System Manager, and then expand Global Settings.
Right-click Message Delivery, and then choose Properties. This displays the Message Delivery Properties dialog box.
Click Deny on the Connection Filtering tab. This displays the Deny List dialog box. You’ll find a list of current IP addresses and networks that are configured on the deny list in the IP Address (Mask) List.
Click Add to add an IP address or network to the deny list.
For a single IP address, select Single IP Address and then type the IP address in the field provided, such as 192.168.10.45.
For groups of computers, select Group Of IP Addresses and then type the subnet address, such as 192.168.0.0, and subnet mask, such as 255.255.0.0.
Select an existing entry and then click Remove to remove it from the deny list.
Click OK twice.
Each SMTP virtual server in your organization has a different set of rules for message filters. If you want to enforce message filter rules, you must enable the sender, recipient, and connection filters you’ve configured separately on each SMTP virtual server.
To apply message filters on a virtual server, follow these steps:
Start System Manager. Double-click Servers or, if administrative groups are enabled, double-click the administrative group that contains the server you want to work with and then double-click Servers.
Expand the entry for the server you want to work with and then expand Protocols, SMTP.
Right-click the SMTP virtual server on which you want to filter messages, and then choose Properties.
On the General tab, click Advanced.
In the Advanced dialog box, select the IP address you want to filter, and then click Edit. This displays the Identification dialog box shown in Figure 13-12.
You can now enable filter options selectively by selecting Apply Sender Filter, Apply Recipient Filter, or Apply Connection Filter. You can also enable any combination or all of the filters by selecting the filters you want to use.
Click OK to close the Identification dialog box. If you want to apply filters to another IP address configured on the SMTP virtual server, repeat Steps 5 and 6.
Click OK twice.
Administrative groups define the logical structure of an Exchange organization, and you use them to help you organize and manage Exchange resources. Administrative groups are also useful in managing permissions. When you first install Exchange Server, administrative group support is disabled. However, if you followed the techniques discussed in Chapter 4, you probably enabled administrative group support. You can confirm this by looking in System Manager for an Administrative Groups node.
Administrative groups are best suited to large organizations or organizations with offices in several locations. With these types of organizations, you might want to create administrative groups for each department or office location and then use the administrative group structure to help organize related servers, routing groups, system policies, chat communities, and public folder trees—all of which you can configure on a per-administrative-group basis.
When you enable administrative group support, as described in the section of Chapter 4 entitled "Using and Enabling Administrative Groups," a default administrative group called First Administrative Group is created. You can create additional administrative groups by completing the following steps:
In System Manager, right-click Administrative Groups, point to New, and then select Administrative Group.
On the General tab, type a descriptive name for the group, and then click OK.
Exchange Server creates the new administrative group but doesn’t assign any servers to the group or create any other containers. You’ll need to add these, as we’ll describe in the next section.
Administrative groups have containers for the following:
Servers
Routing groups
System policies
Public folder trees
Containers for servers are added to an administrative group the first time you install an Exchange server and make it a member of the group. Other containers can be added to an administrative group manually. To do this, right-click the administrative group in System Manager, point to New, and then select the container you want to create.
Each administrative group can have only one container of each type.
One of the key reasons for creating administrative groups is to aid in permission management. Each administrative group can have its own security permissions, and this enables you to control who accesses a particular administrative group and the actions users can perform. You manage permissions by granting or denying access as described in the section of Chapter 8, entitled "Setting Exchange Server Permissions" or by delegating control at the administrative group level as described in the section of Chapter 8 entitled "Delegating Exchange Server Permissions."
You can manage administrative groups much like any other Exchange element. To rename an administrative group, complete the following steps:
Start System Manager and then expand Administrative Groups.
Right-click the administrative group, choose Rename from the shortcut menu, and then type a new name for the administrative group.
Keep in mind that when you change the name of an administrative group, you change the namespace for all objects in the administrative group.
Deleting an administrative group removes the group and all its contents. Before deleting an administrative group, you should either make sure that the items it contains are no longer needed or move the items to a new administrative group. You move objects in an administrative group as described in the section of this chapter entitled "Moving and Copying Among Administrative Groups."
Once you’ve moved items that you might need, you can delete the administrative group by completing the following steps:
You can move or copy some types of objects, such as policies and public folder trees, between administrative groups. You can copy or move objects only between containers of the same type, however.
To move an object between administrative groups, follow these steps:
Start System Manager, and then expand Administrative Groups. As necessary, expand the administrative groups and containers you want to work with.
Right-click the object you want to move, and then select Cut.
Right-click the target container, and then select Paste.
To copy an object between administrative groups, follow these steps:
You use routing groups when you need to control the connectivity between geographically separated Exchange servers or when you have unreliable connections between Exchange servers in any location. For example, if your company has branch offices in Seattle and San Francisco, each office might have a separate routing group. To connect the routing groups, you must install a connector. The available connectors for communications among routing groups are the Exchange Routing Group connector, the SMTP connector, and the X.400 connector. Each has its advantages and disadvantages, which you’ll learn more about in Chapter 14.
If you have a single geographic location or have reliable, permanent connections between servers, you don’t need to create additional routing groups and you don’t have to install routing group connectors. Instead, you can let Exchange Server handle the necessary connections, which are configured automatically whenever you install a new Exchange server in your organization. That said, in special circumstances you might want to create multiple routing groups. For example, if you want to manage message tracking or control replication of public folders between locations, you might want to set up separate routing groups.
Routing groups aren’t enabled by default in Exchange Server. Before you can create a routing group, you must enable routing group support and create a routing group container. To do this, follow these steps:
Right-click the organization node in System Manager, and then select Properties.
On the General tab of the Properties dialog box, select Display Routing Groups.
When you click OK, Exchange Server enables routing groups and configures them for the current operations mode.
Note
Routing groups behave differently when Exchange is in mixed mode operations. For details, see the section of Chapter 4 entitled "Understanding Exchange Server Organizations."
Routing group configuration is a three-part process. First, you create a routing group, then you add member servers to the routing group, and finally you connect the routing group using a messaging connector.
You create a routing group by completing the following steps:
Start System Manager.
Expand Administrative Groups and then select the administrative group in which you want to create the routing group.
Right-click Routing Groups, point to New, and then choose Routing Group. If the administrative group doesn’t have a Routing Groups node, create it by right-clicking the administrative group, pointing to New, and selecting Routing Groups Container.
On the General tab, type a descriptive name for the group, and then click OK.
Exchange Server creates the new routing group but doesn’t assign any servers to the group or create connector links. You’ll need to add these.
By default, every Exchange server in your organization is a member of a routing group. The routing group assignment is normally made during the installation of Exchange Server 2003. After installation, you can move servers among routing groups to place servers with reliable connections within the same routing group. However, the servers must be in the same administrative group. You can’t move servers among routing groups in different administrative groups.
You can move a server to a different routing group by completing the following steps:
Start System Manager. Expand Administrative Groups, and then select the administrative group that contains the routing groups you want to work with.
Expand Routing Groups, and then expand the routing groups you want to work with.
Right-click the server in the Members folder of the source routing group, and then select Cut.
Right-click the Members folder in the target routing group, and then select Paste.
You must configure and actively manage connections between routing groups using Routing Group, SMTP, or X.400 connectors. These connectors are discussed in Chapter 14.
Each Exchange routing group has a routing group master. The master server is responsible for distributing link state information among the routing group’s member servers. Only two states exist for any link: the link is either up or down. If a link is up, Exchange Server can establish a connection over the link and then use the connection to deliver mail. If a link is down, Exchange Server 2003 can’t use the link and routing group servers must find an alternate route to the destination.
When a link is down, the server that identified the outage notifies the master server of the condition. The master server in turn notifies the other member servers within the routing group. The master server checks the link every 60 seconds until the link can be reestablished. Once the link is reestablished, the master server notifies the member servers that the link is up.
Normally, the routing group master is the first server installed in the routing group, but you can designate any server in the group as the master. To do this, follow these steps:
Start System Manager. Expand Administrative Groups, and then select the administrative group that contains the routing group you want to work with.
Expand Routing Groups, and then expand the routing group you want to work with.
In the Members folder, right-click the server you want to designate as the master server, and then select Set As Master.
Link state information helps Exchange Server 2003 determine the best route to take to deliver messages. In a well-connected Exchange organization, there should be redundant communication paths to ensure that messages can be delivered. One way to create redundant communication paths is to install multiple connectors between routing groups.
Caution
If the routing group master is unavailable, the link state information can’t be updated and servers in the routing group continue using old routing information unless they discover the problem on their own through failed mail transfers. Typically, you’ll see poor performance until you restore the routing group master.
You can change the name of a routing group at any time in System Manager. To do that, follow these steps:
Start System Manager. Expand Administrative Groups, and then select the administrative group that contains the routing group you want to work with.
Expand Routing Groups, right-click the routing group you want to rename, and then select Rename.
Type a new name for the routing group, and then press Enter.
Deleting a routing group removes the group and all its contents. Before deleting an administrative group, you must move its member servers to another routing group as described in the section of this chapter entitled "Moving Exchange Servers Among Routing Groups." Once you’ve moved the member servers, you can delete the routing group by completing the following steps: