Re: The View Usage Report tool may report many e-mail messages in Windows Small Business Server 2003
- From: "MW" <Info at vytron com>
- Date: Mon, 5 Jun 2006 09:29:32 -0400
Just to satisfy my curiosity, does the Microsoft Baseline Security Analyzer
not
let you know that you are missing the SBS 2003 SP1 service pack? I thought
I would some kind of warning if all updates were not applied.
I will try to rerun the SBS 2003 SP1 update when I can come in over a
weekend
Since I did it one weekend and followed the *** you referenced maybe
doing it a second time will get it to work.
Thanks
"Crina Li" wrote:
Hi MW,
Thanks for your update.
I am sorry for the delayed response due to weekend. Please understand
that the newsgroups are staffed weekdays by Microsoft Support
professionals to answer your systems and applications questions. Your
understanding is greatly appreciated!
From the reply, it looks SBS 2003 SP1 has not been installed correctly
because the registry key does not exist. As I know, It is recommended
that you install SBS 2003 SP1 before Exchange 2003 SP2 installation.
Considering the current condition, please kindly refer to the steps
listed in the documents of SBS SP1 to reinstall SBS 203 SP1 and you
may need to skip install Exchange 2003 Service Pack 1. Reinstall SBS
SP1 does not uninstall Exchange SP2.
More information:
Exchange Server 2003 SP2 Overview
http://www.microsoft.com/exchange/downloads/2003/sp2/overview.mspx
Exchange Server 2003 Service Pack 2: Frequently Asked Questions
http://www.microsoft.com/exchange/downloads/2003/sp2/faq.mspx
System Requirements for Exchange Server 2003
http://www.microsoft.com/exchange/evaluation/sysreqs/2003.mspx
Exchange Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=535BEF85-3096-45F8-
AA43-60F1F58B3C40&displaylang=en
Microsoft Exchange Server 2003 Service Pack 2 Release Notes
http://download.microsoft.com/download/f/b/5/fb5c54af-fe5c-48e9-be97-f9e8207
325ab/Ex_2003_SP2_RelNotes.htm
Thanks for your time and I look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have
issues regarding other Microsoft products, you'd better post in the
corresponding newsgroups so that they can be resolved in an efficient
and timely manner. You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you
check the "Notify me of replies" box to receive e-mail notifications
when there are any updates in your thread. When responding to posts
via your newsreader, please "Reply to Group" so that others may learn
and benefit from your issue.
Microsoft engineers can only focus on one issue per thread. Although
we provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly.
Please check http://support.microsoft.com for regional support phone
numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights. --------------------
From: "MW" <Info at vytron com><#5#LXhIhGHA.2260@xxxxxxxxxxxxxxxxxxxxx>
References: <OZvj7p$gGHA.3996@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: The View Usage Report tool may report many e-mailin Windows Small Business Server 2003
messages
Date: Thu, 1 Jun 2006 09:30:27 -0400http://www.microsoft.com/downloads/details.aspx?FamilyId=022677CC-F5AC-4BFB-
Lines: 381
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Original
Message-ID: <e95JP#XhGHA.3756@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: host124-210.birch.net 216.212.124.210
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:272223 X-Tomcat-NG:
microsoft.public.windows.server.sbs
Thank you for your response.
I am somewhat confused since I spent part of a weekend here several
months ago doing all the updates to prepare for SBS 2003 SP1 and
then ran the SP1 update which seemed to go okay. Since then I have
frequently run the Baseline Security Analyzer which indicated I had
all updates but it seems that SP1 is not installed. Please see my
comments inside your message below. By the way after reading this
should I rerun the SBS 2003 SP1? Will it undo Exchange SP2 or cause
any problems with this since it wants Exchange SP1 to be installed?
Thank you.
""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%235%23LXhIhGHA.2260@xxxxxxxxxxxxxxxxxxxxxxxx
Hi MW,The email are not valid. The users did not send thousands of
Thank you for posting in SBS newsgroup.
According to your post, I understand the issue to be: The View Usage
Report
tool report many e-mail messages on your SBS server after you have
installed SBS 2003 SP1. If I have misunderstood your concerns,
please do not hesitate to let me know.
Note: the reply may be too long, thanks for your patient on the
issue.
As I know, there are two causes of this issue:
1. It is a known issue of the View Usage Report tool in Windows
Small Business Server 2003 which counts the copies of an e-mail
message incorrectly when you send an e-mail message to multiple
users with unique domain mail addresses. SBS 2003 SP1 has fixed
this issue.
2. The computer is infected by virus or spyware.
To narrow down the problem, would you please check the following
information?
Firstly, please check if users have send such many emails. And then
please check if you have followed the below to install SP1:
emails.
Before we install the SBS 2003 SP1 onto the server, we need to make
sure that the required components such as Windows server 2003 SP1,
Exchange 2003
SP1, WSS SP1 have been installed. Please refer to the release note
and double check the install procedure:
http://download.microsoft.com/download/2/e/9/2e902d14-da2e-43ba-8bd6-6d258f59AD0-454E89CB98BB&displaylang=en
Would you please help me confirm if you have strictly followed the
document
to install SBS SP1?
Yes I came in on a weekend to specifically follow this
document.
For SBS 2003 Standard:
http://download.microsoft.com/download/2/e/9/2e902d14-da2e-43ba-8bd6-6d258f5356b6/SP1Setup_std.htm
For SBS 2003 Premium:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\ServicePackNumber356b6/SP1Setup_prem.htm
If you have done so, please double check the following:
1. Have you received the prompt box which indicated the SBS 2003
SP1 has been finished successfully?
It has been several months ago now but I do not remember
any problems.
2. You can check if SBS 2003 SP1 is installed through taking a look
at this
registry key:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
This registry key does not exist.
It should be set to "1" if the server is at SP1.
In addition, you may check what SP level the following components
are at by
using the steps respectively:
- Windows Server 2003: Right-click on My Computer and choose
Properties; or
run "winver".
"winver" results - version 5.2 build 3790
srv03_sp1_rtm.060324-1447 service pack 1
- Exchange Server 2003: Click Start -> All Programs -> Microsoft
Exchange
-> System Manager, expand Servers, right-click on servername and
choose Properties.
version 6.5 7638.2 SP2
- SQL Server 2000: Click Start -> All Programs -> Microsoft SQL
Server -> Enterprise Manager, right-click servername under SQL
Server group and choose Properties.
Microsoft SQL Server option does not exist under "All
Programs"
3. Do you see "Microsoft Windows Server 2003 for Small Business
Server Service Pack 1" when you view properties of My Computer?
Yes
To check if your computer is infected, I suggest that you use your
anti-virus application and anti-spyware application to check the
affected client computer.
The computers do not have a virus.
You can download anti-spyware application from
<http://www.spychecker.com/software/antispy.html>
If you do not have anti-virus application, you may try the following
on-line free virus scanner.
http://housecall.antivirus.com/housecall/start_corp.asp#top
<http://housecall.antivirus.com/housecall/start_corp.asp%23top>
<http://security.symantec.com/ssc/home.asp>
<http://www.mcafee.com/myapps/mfs/default.asp>
<http://www.pandasoftware.com/activescan/com/activescan_principal.htm>
<http://www.ravantivirus.com/scan/>
Are these emails NDR emails? If so, please check the following:
No, they just appear to be multiple counts of email
(Do NOT use these steps unless you are under this kind of attack)
Nowadays spammers have a new means to avoid filters built into many
systems. They take advantage of a mail systems sending of a
non-delivery report (NDR) when a message cannot be delivered as
addressed and returns the original contents. Since this follows the
RFC standard, most all mail servers will function this way. This is
what is called a "Reverse NDR attack" (RNDR). This form of attack
is becoming increasingly widespread. Some users get it so badly
that over 33% of their Internet messages are attributed to this
type of spam. The end result is the spammer has attained a new form
of mail
relaying. Your server''s resources are being stolen to deliver spam.
How does a "Reverse NDR" attack work?
Step 1 Spam email is created with the intended spam victim''s
address in the sender field and a random, fictitious recipient, at
your domain, in the
To: field.
Step 2 Your mail server cannot deliver the message and sends an NDR
email back to what appears to be the sender of the original
message, the spam victim.
Step 3 The return email carries the non-delivery report and
possibly the original spam message. Thinking it is email they sent,
the spam victim reads the NDR and the included spam.
What are the symptoms of a RNDR attack?
1. Sluggish email delivery
Email is not sluggish
2. Outbound queues full of non-delivery notices
No problems with this
3. Excessive admin time to clear outbound queues
No problems with outbound queues
4. Badmail folder''s size grows quickly
Badmail folder is not a problem
If you are experiencing any of the above, chances are good your mail
server
is under attack.
To stop the RNDR from happening, follow the following steps:
To Configure Recipient Filtering
This has been done for quite a while
When you enable recipient filtering (if you are using SMTP for
incoming emails) on the SMTP virtual server, e-mail messages that
are received from anyone on the recipient filter are not accepted.
Recipient filtering is set globally, but you enable it on a
per-Virtual Server basis on each SMTP virtual server.
To create a recipient filter:
1. Click "Start", point to "Programs", point to "Microsoft
Exchange", and then click "System Manager".
2. Expand "Global Settings", right-click "Message Delivery", and
then click
"Properties".
3. Click the "Recipient Filtering" tab, and then click the checkbox
at the bottom (Filter recipients who are not in the directory).
4. Specify any additional filter options that you want to configure,
Select Apply, and then click "OK".
Already done
To enable recipient filtering on the SMTP virtual server:
1. Click "Start", point to "Programs", point to "Microsoft
Exchange", and then click "System Manager".
2. Expand "Servers", expand "<ServerName>", and then expand
"Protocols".
3. Expand "SMTP", right-click "Default SMTP Virtual Server", and
then click
"Properties".
4. Click the "General" tab, and then click "Advanced".
5. In the "Address" list, click the IP address where you want to
apply the recipient filter, and then click "Edit".
6. Click to select the "Apply Recipient Filter" check box, click
"OK", and then click "OK".
Already done
Note: Recipient filter rules apply only to anonymous connections.
Authenticated users and Exchange servers bypass these validations.
Also I provide the following methods of protecting Exchange:
1. Disable the Guest account in your SBS 2003 server and enable
Stronge Password Protection. Everytime when you run CEICW you will
be asked for enabling password policies after it ends. I suggest
you enable it. You can also do that in Server
Management\Users->Configure Password Policies. For more
information, see:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C1B08F7B-8CAF-4147-security/bpactlck.mspx
Already Done
2. We can block unsafe attachments in emails by running through
CEICW and enable Internet Email on the wizard. You should see a
page named "Remove E-mail Attachments" where you can choose to
block all or some of the unsafe
attachments. For more information, you can search "Remove E-mail
Attachments" (without the quotes) in SBS 2003 Help and Support
Center.
Already Done
3. If you are using SMTP for incoming emails, you can install IMF
(Intelligent Message Filter):
Already Done
According to the "Exchange Best Practices Analyzer" exchange is
configured properly.
http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/imfdeployB074-8C9C8F277071&displaylang=en
http://www.microsoft.com/downloads/details.aspx?familyid=B5846A14-F306-41F0-mspx
Useful Articles about installing SP1:
What's New for Windows SBS 2003 with Service Pack 1
http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=483b9D1F-97F615E62ADF&displaylang=en
Windows Small Business Server 2003 with Service Pack 1 Getting
Started Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=D56A7675-27C1-445B-6e22-8ed2-420b-915e-96d469347fb2
Installation Instructions for Service Pack 1 for Windows Small
Business Server 2003
A61F-007A30852AC6&displaylang=en
<Note>: This response contains a reference to a third party World
Wide Web site. Microsoft can make no representation concerning the
content of these sites. Microsoft is providing this information
only as a convenience to you: this is to inform you that Microsoft
has not tested any software or information found on these sites and
therefore cannot make any representations regarding the quality,
safety, or suitability of any software or information found there.
There are inherent dangers in the use
of any software found on the Internet, and Microsoft cautions you
to make sure that you completely understand the risk before
retrieving any software
on the Internet.
Please feel free to let me know if you have any further questions or
concerns.
I appreciate your time and look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have
issues regarding other Microsoft products, you'd better post in the
corresponding newsgroups so that they can be resolved in an
efficient and timely manner. You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you
check the
"Notify me of replies" box to receive e-mail notifications when
there are any updates in your thread. When responding to posts via
your newsreader, please "Reply to Group" so that others may learn
and benefit from your issue.
Microsoft engineers can only focus on one issue per thread.
Although we provide other information for your reference, we
recommend you post different incidents in different threads to keep
the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly.
Please check http://support.microsoft.com for regional support
phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
From: "MW" <Info at vytron com>Windows Small Business Server 2003
Subject: The View Usage Report tool may report many e-mail
messages in
Date: Tue, 30 May 2006 11:05:24 -0400
Lines: 7
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-ID: <OZvj7p$gGHA.3996@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: host124-210.birch.net 216.212.124.210
Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:271730 X-Tomcat-NG:
microsoft.public.windows.server.sbs
In Article ID:867457 titled "The View Usage Report tool may
report many e-mail messages in Windows Small Business Server 2003"
it mentions that this was fixed in SBS 2003 service pack 1. I am
on SP1 and still have this problem. Was it fixed or does this
problem still exist? Is there something I can do to get the Usage
Report working correctly?
.
- Follow-Ups:
- References:
- Prev by Date: Re: raid 5 configuration
- Next by Date: Re: Transition pack and licensing
- Previous by thread: Re: The View Usage Report tool may report many e-mail messages in Windows Small Business Server 2003
- Next by thread: Re: The View Usage Report tool may report many e-mail messages in Windows Small Business Server 2003
- Index(es):
