O365 Password Expire Phishing Attempt

During a cloud migration from a on-premise Exchange server behind a commercial firewall to a full Office365 Exchange we noticed the amount of spam that was getting through. Here is an example of the email.

The phishing email looks very genuine, but isn’t. We hope you find this information prior to an incident at your facility and it helps you thwart any attempt at gaining access to your facilities network.

Let us know if this helped you…

Exchange 2016 – Grant Full Permissions Over A Mailbox

I recently had to remove permissions from a mailbox where another user had “Full Access” or “Full Permissions” over. The original setup was done on the old Exchange 2010 server that was upgraded to 2016.

  • Log into the web interface of the Exchange.
  • Locate the mailbox and double-click on the mailbox display name.
  • Click on “mailbox delegation“.
  • Scroll down to the last box “Full Access“.

Let us know if this helped you…

#550 4.4.7 QUEUE Exchange Unable To Send To Comcast

We recently had a customer get a ISP change and on the same day were moving their DNS to Godaddy.  A few weeks later they noticed a bunch of emails bouncing back with a lot of the email addresses being for Comcast. We weren’t sure if this was a Godaddy,DNS, Exchange, or ISP issue.

It turned out to be the ISP needed to a PTR (pointer record) to the IP address.

This link helped us know that the PTR record is set by the ISP.

https://community.spiceworks.com/topic/1212792-ptr-record-in-godaddy-not-working

Here are some of the other things we had tried.

  • Adding the static IP to their SPF record.
  • Adding a Reverse Zone Record in the exchange server.
  • Turned off Spam Filtering in their email account

Let us know if this helped you…

 

Not Receiving Emails In Office 365 – After My Mailbox Was Compromised.

We had a customer get their Office 365 email account compromised / attacked. The password was reset and the user could send email she just didn’t receive them.

I went into her online Office 365 account and verified the issue. This page lead me to the fix.

https://support.office.com/en-us/article/Find-and-fix-email-delivery-issues-as-an-Office-365-for-business-admin-e7758b99-1896-41db-bf39-51e2dba21de6

Their advice to check the mail flow helped me solve the issue.

You need to go into the individuals account and click on the setting gear icon in the upper-right:

Scroll down to “Your App Settings” and click on “Mail”.

On the left-hand side menu, in the “mail” section, click on “Inbox and sweep rules”.  Go through the rules to see if there is a rule that is causing your issue.

The attacker set up a rule for the emails to go to the “deleted” folder. A common practice.

Let us know if this helped you…

 

Install Godaddy SSL Certificate Into A 2010 Exchange

We got a notification from Godaddy that our SSL has been renewed and is ready to be downloaded and installed. This download will not work you will need to Re-key, wait for verification ( 30 minutes ), and install this new certificate.

  • Log into the Exchange Console and click on “New Exchange Certificate“.
  • Give the new cert a name. I prefer to match the domian the cert is for such as “mail.mydomain.com“. If the common name doesn’t match the certificate name you will get warnings when you visit the page.
  • We often don’t use the “wildcard” feature, so we leave it blank.
  • In the Exchange Configuration page we set the following settings.
    • Client Access Server ( Exchange Active Sync )
      Check “enable” and use “mail.mydomain.com“.
    • Client Access Server (Web Services, Outlook Anywhere, and Autodiscover)
      Check “Enable Web Services is enabled“.
      Check “Outlook Anywhere is enabled
      External host name for your organization
      remote.domain.com, mail.domain,com
      Check “Autodiscover used on the Internet
      Check “Short URL
      Autodiscover URL
      remote.domain.com
    • Client Access Server (POP/IMAP)
      Don’t check anything. We don’t use these anymore, but you can if you need it.
    • Unified Message Server
      Do not check this.
    • Hub Transport Server
      Leave these unchecked.
    • Legacy Exchange Server
      Leave unchecked.
  • Click Next
  • Certificate Domains
    Verify the Domains and click next.
  • Organization and Location – Just fill out the company information
  • In the Certificate Configuration verify the “CN” or “Common name” is “mail.mydomain.com” and click “New“.  The certificate will complete, but it will take up to an hour to be verified. After that you can download it from Godaddy.
  • Log into the Godaddy account and to the Certificates area. Find the Cert you are looking for, select the type, and hit download.
  • Unzip the download.
  • Go back to the Exchange server, select the “pending” cert, and click on the “Complete Pending Request”.
  • Hit browse to find the “.crt” file. You will need to change file type to “All Files(*.*)
  • Select your “.crt” file and hit the “open” button.
  • Hit the complete button.
  • You can now go back to the Exchange Server and assign Services such as IIS, SMTP to the cert.

Here is a great article from Godaddy explaining the Cert on an Exchange 2010

https://www.godaddy.com/help/exchange-server-2010-install-a-certificate-5863

Let us know if this helped you…

 

Solved – “Cannot start Microsoft Outlook.”

We had a rough time with a customers Outlook 2016. It wouldn’t start and would give us the “Cannot start Microsoft Outlook” error. We repaired the OST and reinstalled Office 2016, but this didn’t fix the issue. It would seem like the error was fixed, but after a restart the issue would come back.

We used the following link to lead us to the right resolution.
https://support.office.com/en-us/article/Fix-your-Outlook-email-connection-by-repairing-your-profile-4D5FEBF6-7623-486B-9A9F-D5CFC4264AF3

We then downloaded the repair tool from this page.

https://support.office.com/en-us/article/Fix-your-Outlook-email-connection-by-repairing-your-profile-4D5FEBF6-7623-486B-9A9F-D5CFC4264AF3

We ran the tool and got the following message.

Which lead us to turn off IPV6.

  • Go to Control Panel
  • Click on “Network and Sharing Center”.
  • Click on the given “Network Connection”.
  • Click “Properties”.
  • On the “Networking” tab, clear the “Internet Protocol Version 6 (TCP/IPv6) check box, and then click “OK”.

Let us know if this helped your issue…

 

Exchange – Your message can’t be delivered because delivery to this address is restricted.

We had a customer getting this bounce back error occasionally. Research lead me to an Exchange distribution group restriction.

I went into the exchanged and examined the Group Distribution List. I wasn’t able to just add the email address so I left it checked with “Accept messages from”  and checked “All senders”. I then unchecked “Require that all senders are authenticated.” I used the following article to help me with this call.

https://kb.intermedia.net/article/3278

My final screen looked like this.

Let us know if this helps you out….

 

Translate »