Skip to main content

Exchange Checklist

Exchange is Microsoft's messaging platform. The latest version is Exchange 2007.
This follows on from the previous checklists that was more around network troubleshooting.
This is a checklist for Exchange.
  1. Jetstress testing should be performed before you install Exchange on the server. Download it here. There are some well-known risks associated with running Jetstress on a machine with Exchange installed. The first is that Jetstress could potentially delete some existing logfiles if it's configured to use the same log drives that Exchange is using. The second is that if you use a version of Jet (ESE.DLL and ESEPERF.*) different than the version installed with Exchange, the registration of the Jet database counters in the Jetstress install directory will break the database counters for Exchange after Jetstress is removed.
  2. Run the ExTrA tool. Download it here.
  3. Run the ExBPA tool. Download it here.
  4. Are your clients using desktop search engines that index Exchange mailboxes or public folders? Read the knowledge base article here.
  5. Check the mailbox message counts in the folders, especially Inbox, Sent Items and Deleted Items using the method documented here. IT customers need to keep the count in these folders low or the dreaded pop ups will occur. IT customers need to create a top level Archive Folder and start categorising mail into sub folders.
  6. Implement a monthly maintenance task to delete messages in the Deleted Items folder that have been there for longer than 30 days.
  7. Add the switches /3GB and /USERVA=3030 to boot.ini. The /3GB switch modifies the way virtual address space is created so that 3 gigabytes are available for user mode applications; Configure the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\HeapDeCommitFreeBlockThreshold registry value to 0x00040000. The HeapDecommitFreeBlockThreshold registry key specifies the number of contiguous bytes above which the memory is decomitted rather than retained for reuse, thus avoiding virtual memory fragmentation. Verify that the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\SystemPages registry value is set to 0. If you have a server with more than 2 GB of memory, it may help to increase the size of the Store Database Cache (aka ESE buffer).
  8. Keep Exchange transaction logs and databases stored on separate disk volumes to provide both data protection and efficiency (separation of sequential writes and random read/write access, respectively); Calculate the number of spindles needed to provide the necessary IOPS; Use Diskpar if your hardware vendor recommends it; If your RAID controller has a mirrored, battery-backed, write-back cache, set the ratio to 100 percent write. Also configure the page size to be 4 KB. When you format the hard disks stay away from quick format. Configure the partition to use NTFS and to use an allocation unit size of 4096 (4 KB).
  9. All Exchange servers and users should have fast access to a global catalog server. Address look ups will become much faster if you contact a local global catalog, as opposed to a remote one which, besides increasing network traffic, will also impair the user experience. Verify that the DSAccess list only contains local DC/GC servers. There should generally be a 4:1 ratio of Exchange processors to global catalog server processors, assuming the processors are similar models and speeds. However, depending on your situation, higher global catalog server usage, a large Active Directory, or large distribution lists can necessitate more global catalog servers. In addition, using multiple domain controllers within domains distributes the lookup traffic and provides redundancy if a domain controller fails. Use the/3GB switch on global catalogs. It will increase the JET cache from 512MB to 1GB, so you’ll have more AD objects in memory.
  10. Outlook 2003 has some great new features, most of them were designed to work together with Exchange Server 2003.
  11. Online Database Maintenance helps keeping mailbox and public stores in good health. It does that by performing three major tasks: Checks Active Directory for any deleted mailboxes. Permanently deletes messages and mailboxes older than the configured retention period. Performs online database defragmentation. By eliminating objects and rearranging them you get a much more efficient database, with data stored optimally, reducing disk I/O.
  12. Performance impact may occur if you configure connector restrictions to reject or accept messages based on distribution group, universal security group membership or even based on individual users. For example, on the SMTP Connector's Delivery Restrictions tab, you have configured "By default, messages from everyone are" Rejected and then you have added Distribution Groups or users under "Accept messages from" list. the solution is here.
  13. Rules of evidence
    • Rating
    • Authenticity
    • Usability as evidence
    • Completeness
    • Maintaining business value of the communication
  14. Compliance
    • Originals of communications
    • Immediate archival retrieval
    • Notification of use of electronic storage media
    • Non-rewritable, non-erasable storage & verification of write
    • Serialize units of storage media & record download to any medium
    • Easy image reproduction
    • Store & maintain duplicate copies
    • Audit of record input & changes
    • Availability of access information
    • Third-party access
  15. Storage
    Central storage on SAN (with caching)
    Store logs on separate volumes
    Use incremental backups
    Eliminate the use of PSTs
  16. Backup and restore
    • VSS supported
    • Test recoverability
    • Incremental backups of information store
    • System state backup
  17. Server infrastructure
    • 4GB per 100 users
    • Simplistic Active Directory structure
    • Mailbox servers transmit & receive via bridgehead servers
    • Automated maintenance tasks
    • Email application monitoring with knowledgebase
    • Email server monitoring with escalation
    • Servers updated to latest patch levels
    • Enable SMTP logging
    • Remove or disable unnecessary services & applications
  18. Industry standards
    • RFC2142 specified mailbox names for common services, roles & functions
    • RFC 822
    • RFCs 2045, 2046, 2047, 2048 & 2049
    • Create dead letter office mailboxes
  19. SMTP relaying
    • Outsource SMTP relaying to third party
    • Disable open relays
    • Perform Anti-virus scanning & blocking
    • Perform Anti-spam scanning & blocking
    • Perform content filtering
    • Prevent external emails being sent to internal fax gateways
    • Create white lists for executables & sound and video files
    • Add appropriate disclaimers
    • External relaying is performed exclusively via a DMZ
  20. Processes
    • Create custom recipients than forwarding mailboxes with rules
    • Don't rename recipients, delete and recreate them.
    • Configure all servers to use an internal DNS server
    • Park all messages from till 19h00 for delivery.
    • Limit incoming and outgoing message size to 10 MB
    • Use email cached mode if you are a laptop user with remote access
    • Use HTTP over RPC for regional offices
  21. Security
    • Correct configuration of Firewalls, routers & switches
    • Intrusion detection system
    • Email client secured
    • Email server secured
    • Vulnerability scanning
    • Regular review of logs
  22. Team resources
    • Types of team members required (system, administrators & security)
    • Skills & training required by assigned team members
    • Individual (level of effort required of specific overall level of effort) requirements
  23. System choice
    • Cost
    • Compatibility with existing infrastructure
    • Knowledge of existing team members
    • Existing vendor relationship
    • Past vulnerability history
    • Functionality
  24. Configuration
    • Plan the configuration & deployment of mail server
    • Identify functions of the mail server
    • Identify categories of information that will be stored, processed & transmitted
    • Identify network services that will be provided or supported by the mail server
    • Identify users and categories of users of the mail server and determine privilege for each category of user
    • Identify user authentication methods for the mail server


Popular posts from this blog

LDWin: Link Discovery for Windows

LDWin supports the following methods of link discovery: CDP - Cisco Discovery Protocol LLDP - Link Layer Discovery Protocol Download LDWin from here.

easywall - Web interface for easy use of the IPTables firewall on Linux systems written in Python3.

Firewalls are becoming increasingly important in today’s world. Hackers and automated scripts are constantly trying to invade your system and use it for Bitcoin mining, botnets or other things. To prevent these attacks, you can use a firewall on your system. IPTables is the strongest firewall in Linux because it can filter packets in the kernel before they reach the application. Using IPTables is not very easy for Linux beginners. We have created easywall - the simple IPTables web interface . The focus of the software is on easy installation and use. Access this neat software over on github: easywall

Using OpenSSL with Ed Harmoush 1/6 Generating Public & Private Keys