New-SendConnector -Name 'To Internet' -Usage 'Custom' -AddressSpaces 'SMTP:*;1' -IsScopedConnector $false -DNSRoutingEnabled $true -UseExternalDNSServersEnabled $false -SourceTransportServers 'domain.co.uk'
set-sendconnector “To Internet” –fqdn domain.co.uk
Get-ExchangeCertificate -DomainName domain.co.uk | Enable-ExchangeCertificate -Services SMTP
Set-ReceiveConnector -PermissionGroups 'AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers' -Identity 'WEBHOST\Default WEBHOST'
Get-ReceiveConnector "Default *" | Set-ReceiveConnector -PermissionGroups:AnonymousUsers,ExchangeUsers,ExchangeServers
Get-ReceiveConnector "Default *" | Format-list
Set-ReceiveConnector “WEBHOST\Default WEBHOST” -MaxMessageSize 40Mb
Set-ReceiveConnector “WEBHOST\Client WEBHOST” -MaxMessageSize 40Mb
Increase sending size to 100 MB for all send connectors
get-sendconnector "*" | Set-Sendconnector -MaxMessageSize 100mb
Add-RoleGroupMember "Organization Management" -Member administrator
New-AcceptedDomain -Name "MyDomain" -DomainName domain.com -DomainType InternalRelay
Set-AcceptedDomain -Identity "Domain\Org" -DomainType Authoritative
New-AcceptedDomain -Organization "organization" -Name "COmpany" -DomainName domain.co.uk -DomainType Authoritative
New-SendConnector -Name "domain.com Send Connector" -Internet -AddressSpace domain.com -DNSRoutingEnabled $false -SmartHosts 78.78.78.78 -SmartHostAuthMechanism "None" -MaxMessageSize 20MB
New-SendConnector -Name "organization Send Connector" -Internet -AddressSpace organization.co.uk -DNSRoutingEnabled $false -SmartHosts 78.129.227.77 -SmartHostAuthMechanism 'None' -MaxMessageSize 20MB
Relay
New-ReceiveConnector -Name "Webhosting" -Usage Custom -PermissionGroups AnonymousUsers -Bindings 79.79.79.79:25 -RemoteIpRanges 78.78.78.78
New-ReceiveConnector -Name Webhosting -usage Custom -Bindings '79.79.79.79:25' -fqdn domain.co.uk -RemoteIPRanges 79.79.79.79 -server WEBHOST -permissiongroups ExchangeServers -AuthMechanism 'TLS, ExternalAuthoritative'
New-ReceiveConnector -Name "Company" -usage Custom -Bindings '79.79.79.79:25' -fqdn domain.co.uk -RemoteIPRanges 78.129.227.142 -server WEBHOST -permissiongroups ExchangeServers -AuthMechanism 'TLS, ExternalAuthoritative'
Get-ReceiveConnector "WEBHOST\Company" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
Internal domains relay
New-SendConnector -Name "organization" -Usage "Custom" -AddressSpaces "SMTP:organization.co.uk;1" -IsScopedConnector $false -SmartHosts 79.79.79.79 -DNSRoutingEnabled $false -SmartHostAuthMechanism "None" -UseExternalDNSServersEnabled $false -SourceTransportServers "domain.co.uk"
(this above must be configured for every hosted domain on the server)
Set product key
Set-ExchangeServer -Identity WEBHOST -ProductKey X8JBR-24DFV-444OY-WX8H2-K2FCC
Working with Send connectors
Get-SendConnector "domain.com Send Connector" | Format-List
Set-SendConnector "domain.com Send Connector" -SmartHosts 78.78.78.78
Set-SendConnector "domain.com Send Connector" -MaxMessageSize 40Mb
Remove-SendConnector "domain.com Send Connector"
Add-MailboxPermission "John Doe" -User "Joe Public" -AccessRights FullAccess
(add permissions)
Anti Spam (copy paste should work)
Add-IPBlockListProvider -Name "BarracudaCentral" -LookupDomain "b.barracudacentral.org" -BitMaskMatch 127.0.0.2
Set-IPBlockListProvider "BarracudaCentral" -RejectionResponse "Message Rejected by Barracuda Central."
Add-IPBlockListProvider -Name bl.spamcop.net -LookupDomain bl.spamcop.net -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see http://www.spamcop.net/w3m?action=checkblock&ip={0} for further information. This organization has no control over this RBL (Realtime Block List)."
Add-IPBlockListProvider -Name dnsbl.sorbs.net -LookupDomain dnsbl.sorbs.net -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see http://www.au.sorbs.net/lookup.shtml for further information. This organization has no control over this RBL (Realtime Block List)."
Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see http://www.spamhaus.org/query/bl?ip={0} for further information. This organization has no control over this RBL (Realtime Block List)."
Add-IPBlockListProvider -Name cbl.abuseat.org -LookupDomain cbl.abuseat.org -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see http://cbl.abuseat.org/lookup.cgi?ip={0} for further information. This organization has no control over this RBL (Realtime Block List)."
Add-IPBlockListProvider -Name b.barracudacentral.org -LookupDomain b.barracudacentral.org -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see http://barracudacentral.org/lookups/ip-reputation for further information. This organization has no control over this RBL (Realtime Block List)."
Add-IPBlockListProvider -Name spam.dnsbl.sorbs.net -LookupDomain spam.dnsbl.sorbs.net -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see http://www.au.sorbs.net/lookup.shtml for further information. This organization has no control over this RBL (Realtime Block List)."
Add-IPBlockListProvider -Name spam.rbl.msrbl.net -LookupDomain spam.rbl.msrbl.net -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see http://www.msrbl.com/check?ip={0} for further information. This organization has no control over this RBL (Realtime Block List)."
Add-IPBlockListProvider -Name bl.spamcannibal.org -LookupDomain bl.spamcannibal.org -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see http://spamcannibal.org/cannibal.cgi for further information. This organization has no control over this RBL (Realtime Block List)."
Add-IPBlockListProvider -Name psbl.surriel.com -LookupDomain psbl.surriel.com -Enabled $True -RejectionResponse "{1} has blocked your IP address ({0}) using the list '{2}'. Please see http://psbl.surriel.com/listing?ip={0} for further information. This organization has no control over this RBL (Realtime Block List)."
Set-IPBlockListConfig -Enabled $true
set-transportserver "WEBHOST" -antispamagentsenabled $true
End of Antispam commands
Increase max message size
Set-TransportConfig -MaxReceiveSize 40MB -MaxSendSize 40MB
Enable SMTP logging
Set-ReceiveConnector “WEBHOST\Default WEBHOST” -ProtocolLoggingLevel verbose
Set-SenderReputationConfig -SenderBlockingEnabled $true -OpenProxyDetectionEnabled $true
(change default accepted domain)
Get-EmailAddressPolicy def* | Set-EmailAddressPolicy -EnabledEmailAddressTemplates 'SMTP:@organization.local'
(create new accepteddomain)
New-AcceptedDomain -Name "Local" -DomainName organization.local -DomainType InternalRelay
(make it default)
Set-AcceptedDomain -Identity "Local" -DomainType Authoritative -MakeDefault $true
Change default email address
New-AcceptedDomain -Name “organization”-DomainName organization.co.uk -DomainType Authoritative -Organization "organization"
Set-AcceptedDomain -Identity "organization\organization" -DomainType Authoritative -MakeDefault $true
New-EmailAddressPolicy -Name “@organization.co.uk”-IncludedRecipients MailboxUsers -Organization "organization" -Priority 1 -EnabledEmailAddressTemplates “SMTP:@organization.co.uk”
Update-EmailAddressPolicy -Identity “organization\@organization.co.uk”
Set-Mailbox john@organization.com –EmailAddresses SMTP:john@organization.co.uk
Set-Mailbox -identity "company\test@test.com" -emailaddresspolicyenabled $false –EmailAddresses SMTP:test1@test.com
SMTP via 587 remove sending delay
Set-ReceiveConnector "WEBHOST\Client WEBHOST" -MaxAcknowledgementDelay 0
Set-AcceptedDomain -Identity "organization\organization" -DomainType InternalRelay
New-AcceptedDomain -Organization "Company" -Name "Gmail" -DomainName gmail.com -DomainType Authoritative
Set-Mailbox user@domain.com –EmailAddresses SMTP:user@gmail.com
Set mailbox access permissions
Set-Mailbox "organization\Company Support" -EmailAddressPolicyEnabled $false
Set-Mailbox "organization\Company Support" –EmailAddresses SMTP:support@free-vps.co.uk
Add-MailboxPermission "organization\Company Support" -User "john Doe" -AccessRights FullAccess
Add-ADPermission "Company Support" -User "john Doe" -Extendedrights "Send As"
(set global mailbox quotas)
Set-MailboxDatabase -Identity "Mailbox Database 1513447900" -IssueWarningQuota 4GB -ProhibitSendQuota 5GB -ProhibitSendReceiveQuota 5GB -QuotaNotificationSchedule "Sun.2:00-Sun.3:00","Wed.2:00-Wed.3:00"
get all mailbox sizes in a nice layout
Get-MailboxStatistics -database “Mailbox Database 1513447900” | Select DisplayName, LastLoggedOnUserAccount, ItemCount, TotalItemSize, LastLogonTime, LastLogoffTime | Sort-Object TotalItemSize –Descending | Format-Table
Set-ReceiveConnector "WEBHOST\Client WEBHOST" -MaxAcknowledgementDelay 0
Set-AcceptedDomain -Identity "organization\organization" -DomainType InternalRelay
New-AcceptedDomain -Organization "Company" -Name "Gmail" -DomainName gmail.com -DomainType Authoritative
Set-Mailbox user@domain.com –EmailAddresses SMTP:user@gmail.com
Enable IMAP and POP3
Set-service msExchangeIMAP4 -startuptype automatic
Start-service msExchangeIMAP4
Set-service msExchangePOP3 -startuptype automatic
Start-service -service msExchangePOP3
Publish settings to OWA
Set-POPSettings -ExternalConnectionSettings "domain.co.uk:110:tls"
Set-IMAPSettings -ExternalConnectionSettings "domain.co.uk:143:tls"
Set-ReceiveConnector -Identity "WEBHOST\Client WEBHOST" -AdvertiseClientSettings:$true
Enable RPC over HTTP
Enable-OutlookAnywhere -Server 'domain.co.uk' -ExternalHostname 'domain.co.uk' -DefaultAuthenticationMethod 'NTLM' -SSLOffloading $false
View/amend organization quotas
Get-RecipientEnforcementProvisioningPolicy -Organization Company| fl
Set-RecipientEnforcementProvisioningPolicy -Identity “Company\Recipient Quota Policy” -MailboxCountQuota 10 -MailUserCountQuota 10
List all accepted domains for all hosted organizations
get-accepteddomain *\*
Enable and assign SSL certificate to the following services. Usually IIS is also in the list
Enable-ExchangeCertificate -Server 'WEBHOST' -Services 'IMAP, POP, SMTP' -Thumbprint '8FB34D1B40EFF76A663BA3D0123EC41F1795D794'
Enable-ExchangeCertificate -Server 'WEBHOST' -Services 'IMAP, POP, SMTP' -Thumbprint '1CD841B8E6AD573A9CF607C0BB2E02C8E115C615'
Get-ExchangeCertificate [-Thumbprint ] [-DomainController ] [-DomainName ] [-Server ]
Restart POP and IMAP services after certificate application
net stop MSExchangePOP3
net start MSExchangePOP3
net stop MSExchangeIMAP4
net start MSExchangeIMAP4
Create new unathenticated relay via server
New-ReceiveConnector -Name Webserver -Usage Custom -PermissionGroups AnonymousUsers -Bindings 0.0.0.0:25 -RemoteIpRanges 78.78.78.78
Get-ReceiveConnector Webserver | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”
Set-ReceiveConnector Webserver -MaxMessageSize 40MB
if cannot logon to EMC due to red message. Usually iisreset helps.
set-transportconfig -MaxReceiveSize 100MB -MaxSendSize 100MB
Enable Out Of Office for external recipients
Set-RemoteDomain -AllowedOOFType 'External' -Identity 'Default'
Setting external URLs for various services
Set-OWAVirtualDirectory –Identity "WEBHOST\owa (Default Web Site)" -ExternalURL https://domain.co.uk/OWA
Set-OABVirtualDirectory –Identity "WEBHOST\OAB (Default Web Site)" -ExternalURL https://domain.co.uk/OAB
Set-WebServicesVirtualDirectory –Identity "WEBHOST\EWS (Default Web Site)" -ExternalURL https://domain.co.uk/ews/exchange.asmx
Set-ActiveSyncVirtualDirectory –Identity "WEBHOST\Microsoft-Server-ActiveSync (Default Web Site)" -ExternalURL https://domain.co.uk/Microsoft-Server-ActiveSync
Set-ECPVirtualDirectory –Identity "WEBHOST\ECP (Default Web Site)" -ExternalURL https://domain.co.uk/ECP
Useful links:
http://technet.microsoft.com/en-us/library/bb123545.aspx
http://www.allspammedup.com/2010/11/exchange-2010ip-blocklist-providers-in-exchange-2010/
http://jacobddixon.wordpress.com/2011/03/06/exchange-2010-sp1-multi-tenant-step-3-of-3/
http://mhlavaty.wordpress.com/2011/08/31/how-to-change-recipient-quota-policy-on-exchange-2010-hosted-mode/#comment-6
No comments:
Post a Comment