Nova Scotia Flag

SCOTIA SYSTEMS BLOG




Exchange Error 1159 During Mailbox Move Causes Information Store to Dismount

December 6th, 2010 admin

During the migration of a large Exchange store from one machine to another, the information store was suddenly unavailable!    Checking the event logs, the first error reported was Event 1159:

 

Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 1159
Description: Database error 0xfffffd9a occurred in function JTAB_BASE::EcUpdate while accessing the database "<DatabaseName>".

 

The store was manually remounted ok and everything was back to normal, but why did it dismount in the first place?

It turns out this can happen if you’re moving mailboxes when a Backup is taking place!   Unfortunately moving mailboxes and backups are both processes performed out of hours, so are likely to coincide.

What happens is that there is a limit of 1008 ESE (Extensible Storage Engine) transaction log files.   When the number of uncommitted ESE log files reaches 1008, Exchange dismounts all of the information stores in the storage group!

The suggested solution – don’t run backups and large mailbox transfers at the same time!

 

There’s a knowledge base article here explaining the problem:

http://support.microsoft.com/kb/905801





UCEProtect Strike Again! Backscatterer.org Blacklisting

March 23rd, 2010 admin

A while ago I wrote about UCEProtect and how they were blocking a mail server due to an IP on a nearby segment being classed as a spam sender.

Well today, I’ve hit another problem with UCEProtect – and this time it’s worse!

It started when the client started getting bounce messages on emails sent to AT&T’s network:

#5.3.0 smtp;553 5.3.0 flpd124 – o2N8qxwF027519, DNSBL:ATTRBL 521< *.*.*.* > _is_blocked.__For_information_see_http://att.net/blocks

Following the link to AT&T, there’s a form to request a de-listing, however no mention of why you’re getting blocked?

Now I’ve seen similar to this before, so knew to check out the following site which searches all the popular blacklists for listings:

http://www.mxtoolbox.com/blacklists.aspx

All came back clear, apart from one – backscatterer.org which was a new one to me?     So here’s the background on backscatterer.org.

 

Non-Delivery Reports and Backscatter

When you send an email to an organization, but spell the persons name wrongly, you get a bounce message.   This bounce message is generated in one of two ways.

1) The recipient server receives the email and then attempts to route it to the destination mailbox.   When it finds the mailbox doesn’t exist – it generates the bounce message.

2) The recipient server looks up the recipient name when the sending server starts the conversation.   When it finds the mailbox doesn’t exist – it terminates the connection, leaving the sending server to generate the NDR (non-delivery report)

If your server is configured using method (1) above (which is a valid method and withing the guidelines of the SMTP protocol) then backscatterer.org will blacklist you!!!

Now there are valid reasons for this – spammers are using the NDRs as a way to get your mail server to send spam NDRs by using fake email addresses.

However form them to then charge you 50 Euros to be removed from the list is a joke!   If you don’t pay to be removed – they’ll blacklist you for 4 weeks!

50 Euros to be delisted because your mail server is working correctly…   Hmmm…

Anyway, first here’s how to test your mailserver to see if it it vulnerable:

Telnet to your server on port 25, so : “telnet <serverip> 25”

You should receive a response similar to :

220 MAILSERVER.MYDOMAIN.COM Microsoft ESMTP MAIL Service, Version 6.0.3790.3959 ready at Tue, 23 Mar 2010 11:33:16 +0000

Type : “Helo sample.domain.com”Response : “MAILSERVER.MYDOMAIN.COM Hello”

Type : “mail from: [email protected]
Response : “250 2.1.0 [email protected]….Sender”[email protected]….Sender Ok”

Type : “RCPT TO:  [email protected]

At this point you should receive “555 User unknown”

If you receive “250 .2.1.5 [email protected] – then you have a problem.

 

The Fix (for Exchange 2003)

1) In System Manager, go to Global Settings, right click Message Delivery and select properties

2) Check the box “Filter recipients who are not in the directory”

3) Go To Administrative Group, Servers, Protocols, SMTP, right click and select properties. 

4) Under Advanced, select Edit and Check the box that says “Apply Recipient Filter”.

5) Restart the SMTP Service for the change to take effect.

If I were you I’d check my mailserver and apply the above fix before you get blacklisted and have to pay the 50 euros…

Oh – and if you’re blacklisted by AT&T – here’s the form to request delisting : http://worldnet.att.net/general-info/block_admin.html





Name change in Active Directory – not appearing in Outlook

September 10th, 2009 admin

Just had to change a user account name in Active Directory due to a user getting married.   All pretty straightforward, however after several hours, the change hadn’t appeared in the global address list in Outlook, so I thought I’d look into it.

Here are the steps necessary to prompt the change to happen sooner:

1) In Exchange System Manager, go to the offline address list, right click and select Rebuild

2) In Outlook – go to send/receive and select Download Address Book

You should now see the new name appear in the contact list.