Yahoo! broke your mailing lists!

Quick post…
After spending sometime the last couple of days checking and rechecking my SPF settings I figured out today it was a change Yahoo made that broke message delivery to external recipients. Yahoo made this change “over the weekend” per some news articles, I first noticed NDRs dues to this on Monday 4/7/2014

The issue is that Yahoo changed their DMARC, which is made up for SPF and/or DKIM settings/policies, to “p=reject” which tells receiving email servers to reject emails from yahoo.com addresses that don’t originate from its servers. So if a Yahoo users sends an e-mail to yourmailinglist@yourorg.com and it contains recipients at @yahoo, @gmail, @msn, @hotmail, @outlook.com, @comcast, and many other email providers that check the original sending severs (Yahoo in the case) policy they will reject the mail. This is because the sending server of the e-mail is yourorg.com and not yahoo.com.

Yahoo did this to help reduce spam that is being sent from accounts on their servers to mailing list that contains external recipients. But they basically “broke every mailing list in the world” to quote some of the many news articles I found today about this issue.

At this time there is no work around for Exchange that I know of. The suggestion is to tell users to stop using yahoo to send e-mail to mailing list. So this won’t work since as email admins we have no control over what users do externally.

I’m hoping Yahoo fixes this policy setting ASAP! I will update this post as I learn more!

Errors users\DL owners will see:
mta1386.mail.bf1.yahoo.com gave this error:
Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html
mx3.hotmail.com # #SMTP#

imta13.westchester.pa.mail.comcast.net gave this error:
oFxW1n00k0D7utr0DFxXU1 Message rejected due to DMARC. Please see http://postmaster.comcast.net/smtp-error-codes.php#DM000001

BAY0-MC3-F11.Bay0.hotmail.com gave this error:
(BAY0-MC3-F11) Unfortunately, messages from (63.227.36.10) on behalf of (yahoo.com) could not be delivered due to domain owner policy restrictions.

 

News articles about this issue:
http://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html
http://www.theregister.co.uk/2014/04/08/yahoo_breaks_every_mailing_list_in_the_world_says_email_guru/
http://thehackernews.com/2014/04/yahoos-new-dmarc-policy-destroys-every.html
http://www.circleid.com/posts/20140408_yahoo_addresses_a_security_problem_by_breaking_every_mailing_list/

Posted in Uncategorized | 1 Comment

Known Issues with Exchange 2013 SP1

This is an early draft of issues I’ve heard of so far.

Last updated: 4/14/14

  1. Important: 3/4 Transport server doesn’t start after upgrade and some products that use Transport Agents don’t work
  2. Important: When building a DAG cmdlet will fail if NetBIOS and AD short domain name don’t match – 4/14/2014
    • From this FB post: https://www.facebook.com/groups/MSEX2013/permalink/801310969898022/
      • In Exchange 2013 SP1, when building a DAG, you will see issues with Set-DAG and Add/Remove-DatabaseAvailabilityGroupServer cmdlets if your Domain NETBIOS name is not equal your AD short name, eg NETBIOS name is “FOO”, and your domain name is “bar.contoso.local”. Both cmdlets will terminate with a Dr Watson. The DAG will still build fine, except for the FSW resource – there will be no FSW assigned to the DAG. We already have a FIU you can request through PSS, or create the FSW manually as a temporary workaround.
    • Work around: Manually create the FSW, contact PSS for fix, wait for public fix
  3. Minor: “Ceres” Search Foundation install error
    • From Paul Robichaux’s blog post
      • “When deploying the RTM build of Exchange 2013 SP1, I found that one of my servers was throwing an error I hadn’t seen before during installation”
  4. Minor: Default apps in Outlook Web App do not work if Exchangeis installed in Window Server 2012R2
    • From KB2938292 posted on 3/19/2014
      • “When you install Microsoft Exchange Server 2013 on a Window Server 2012 R2-based computer, default”
      • This issue will be fixed in Exchange Server 2013 Cumulative Update 5
    • Work around: Edit the web.config and add the following line to the “<appSettings> section:
      UseLegacyRequestUrlGeneration” value=”true”/>

      • 3/25: A peer of mine is working on a blog post with more details and I will post a link to it when he post it.

Related items

  1. 3/4 Outlook2013SP1 Issue: Fails to connect to Exchange in a multi-forest environment

Related Posts

Posted in Exchange, Microsoft, Technical | Tagged , , | 5 Comments

Quick post: Exchange 2013 SP1, Exchange 2010 SP3 RU5, & 2007 SP3 RU13 was just released

It’s been awhile since I’ve posted, been busy on projects, but wanted to at least let everyone know that Exchange 2013 SP1 (aka CU4), 2010 SP3 RU5, 2007 SP3 RU13, & Office 2013 Sp1 was just released.

EHLO Post on the Exchange 2013 SP1 update 

See Tony Redmond’s blog post here for more details for now: http://windowsitpro.com/blog/exchange-2013-sp1-mixture-new-and-completed-fixtures

Downloads: Exchange 2013 SP1 | Exchange 2010 SP3 RU5 | Exchange 2007 SP3 RU13 | Office 2013 SP1

I will also create a blog post for 2013 & 2010 to talk about what’s in each of these updates and to track ‘known’ issues with them.

Big new feature in Exchange 2013 SP1, which requires Outlook 2013 SP1, is MAPI/HTTP. More to come in a later post, but for now you can view a video of Joe Warren, Exchange developer, on it here: http://channel9.msdn.com/Events/Open-Specifications-Plugfests/Redmond-Interoperability-Protocols-Plugfest-2013/Exchange-2013-and-MapiHttp

Posted in Exchange, Technical | Tagged , | Leave a comment

Got an idea for something you would like to see in Exchange?

If so go here: http://exchange.ideascale.com/ and you can post your idea or vote on it if someone else already has one similar.

Tony Redmond blogged about this site also here: http://thoughtsofanidlemind.com/2013/12/09/exchange-improvements-site/. He is planning on having a Q&A session with Perry Clarke, Microsoft CVP for Exchange, on 12/13. For more on that see Tony’s post here: http://windowsitpro.com/blog/what-question-would-you-ask-microsofts-exchange-development-supremo

So we, the Exchange MVPs & others, have started to populate this idea list and could use your help on voting (up or down) and posting new ideas. We hope this site will be come a great place for sharing and voting on ideas and that the Microsoft Exchange team will start to look at it for ideas on what to do or fix in future releases.

Posted in Uncategorized | Tagged , | Leave a comment

New Exchange security updates (MS13-105) released as RUs for 2007, 2010, and SUs for 2013

Today Microsoft is releasing security updates for Exchange 2007 SP3, 2010 SP2, 2010 SP3, 21013 CU2, & 2013 CU3 for MS13-105. For Exchange 2007 SP3 & 2010 SP2 these are included in the latest Rollup Updates. For Exchange 2013 Microsoft is following the updates plan they documented in the EHLO blog post “Servicing Exchange 2013” and will provide a Security Update (SU) package to be installed on top of CU2 or CU3.

So the new RUs for 2007 will be 2007 SP3 RU12 (KB2903911 | Download), for 2010 SP2 RU8 (KB2903903 | Download), and 2010 SP3 RU4 (KB2905616 | Download). For Exchange 2013 this update will be installed on top of CU2 or CU3, 2013 CU2 (KB2880833 | Download) and 2013 CU3 (KB2880833 | Download). An update for Exchange 2013 CU1 is NOT being provided, per the Microsoft policy of only support the current version (CU3) and one version back (CU2).

  • To summarize it another way:
      1. 2007 SP3 RU12 = 2007 SP3 RU11 + new security fixes
      2. 2010 SP2 RU8 = 2010 SP2 RU7 + new security fixes
      3. 2010 SP3 RU4 = 2010 SP3 RU3 + new security fixes
      4. Exchange 2013 CU2 will get a SU package containing the new required security fixes and the previously released security fix so you only need to apply one SU if you never applied the original one
      5. Exchange 2013 CU3 will get a SU package containing only the new required security fixes since CU3 was released
  • Issues addressed
    1. Updates Oracle OutsideIn libraries (previously known as Stellant) to a non-vulnerable version
    2. Removes a XSS attack vector in OWA logon
    3. Removes a deserialization attack vector by setting EnableViewStateMac in OWA

Mostly from the EHLO Blog post: Released: Microsoft Security Bulletin MS13-105 for Exchange

For Exchange Server 2007 & 2010, the update is being delivered via an NEW Update Rollup. UR3 will ONLY contain this security fix for MS13-105 and the other changes that were in UR2.

For Exchange Server 2013, this security updates is being delivered as discrete update and contains no other changes.  Security updates for 2013 are cumulative in nature based upon a given Cumulative Update.  This means customers who are running CU2 who have not deployed MS13-061 can move straight to the Cu3 update because it will contain both updates.  Customers who are already running MS13-061 on CU2 may install MS13-105 on top of MS13-061 without removing the previous release.  If MS13-061 was previously deployed, Add/Remove Programs will indicate that both updates are installed.  If MS13-061 was not previously deployed, only MS13-105 will appear in Add/Remove Programs.

All of these fixes will be available immediately on the download center and through Windows Update per our standard security release practice.  Note that we will not be releasing Exchange Server 2010 Service Pack 3 Update Rollup 3 to Windows Update due to the closeness of these releases and to avoid the supersedence confusion created with Update Rollups that are labeled as security releases vs. those that are not.  Windows Update will indicate that Update Rollup 4 supersedes Update Rollup 2 avoiding the problem of Windows Update offering Update Rollup 3 to customers who have Update Rollup 4 installed already.

Posted in Exchange, Technical | Tagged , , | Leave a comment

Speaking at MEC 2014 in April on cross forest migrations

I just got my acceptance letter that my “Cross forest migrations: Free or 3rd party
tools?” session was accepted for MEC 2014. MEC will be in Austin, TX 3/31 – 4/2 and will have a near exclusive focus on Exchange and Office 365. Most of the speakers will be non-Microsoft, so you will get a lot of real world sessions with very little marketing spin. There will also be many of the Exchange product team people there from Microsoft also speaking.

So if you run Exchange in your environment or use Office 365 for your organization this is the conference to come to! Register now and get more details at: http://www.iammec.com/


Session Abstract:

This session will cover the tool and steps required to migrate from an Exchange 2003 or higher to Exchange 2013 in another forest. A high-level outline of the steps, scripts, Microsoft tools, and notes from the fields will be discussed. In addition, options for organizations still on Exchange 2003, which isn’t supported by built-in scripts
and tools with Exchange 2013, will be covered.

Discussion will cover the scripts included with Exchange 2013 to migrate mailboxes across forests and how to migrate contacts, groups, policies, Public Folders, and other settings that aren’t migrated by those scripts. The main focus will be the many additional steps, solutions, and scripts required to do a full fidelity migration.

This session will mainly focus on the needs of small to medium companies (< 1,000s of mailboxes). Information discussed will be helpful to any size organization that needs to do a cross forest migration.

Tags: Deployment & Migration | Public Folders | Coexistence
Audience: IT Manager/Executive | Messaging Administrator | Messaging Architect | IT Professional
Technical Level:300 – Advanced level
Product: Exchange Server 2013 | Exchange Server 2010 | Exchange Server 2007

In 2012 I also spoke at MEC, see my post here: http://blog.jasonsherry.net/2012/08/17/speaking-at-mec-2012/ and for links to my content (PPT & Word doc) goto: http://blog.jasonsherry.net/2012/09/28/mymec2012content/

Posted in Exchange, Microsoft, Technical | Tagged , , | Leave a comment

Exchange 2010 SP3 RU3 and 2013 CU3 Released & Known Issues

3/4/14: Blog Post: Known Issues with 2013 SP1
12/4 Update:
Added Known Issues list at the end

Today, after a few delays, both Exchange 2010 SP3 RU3 and Exchange 2013 RTM CU3 have been release! For more details on CU3 and a bit of a backstory on this release and the general quality issues Microsoft has had with Exchange recently see Tony Redmon’s post here: http://windowsitpro.com/blog/seeking-quality-exchange-2013-cu3

Exchange 2010 SP3 RU3: Download | KB2891587 | EHLO Blog Post
Exchange 2013 RTM CU3: Download | KB2892464 | EHLO Blog Post

I haven’t seen much about what updates are in 2010 SP3 RU3, but when I do find them I will update this blog.

For Exchange 2013 RU3 there are several key updates:

  • AD schema updates (so plan accordingly)
  • Addresses issues with 3rd party backup software, see KB2888315 for more details
  • Windows 8.1/IE11 no longer require the use of OWA Light
  • Usability improvements when adding members to new and existing groups in the Exchange Administration Console
  • Online RMS available for use by non-cloud based Exchange deployments
  • Improved admin audit log experience

The What’s New in Exchange Server 2013 and Release Notes should also be updated shortly to reflect changes in 2013 RTM CU3.

Note: Make sure you set PowerShell execution policy to “Unrestricted” before installing 2013 RU3, see KB981474 for details and steps.

Microsoft has also publicly stated that the next update to Exchange 2013 will be SP1 in early 2014 (aka as CU4). SP1 will provide Windows 2012 R2 support, S/MIME support in OWA, Edge Transport Server Role, and the various fixes and improvements expected in a SP. The Exchange Team also posted this EHLO blog: Exchange Server: The Road Ahead to dispel any myths that there won’t be an E16 or higher on-premise version.

  •  CU are basically a Service Pack that may include new features, but those features may not be documented. CU & SPs for Exchange 2013 are FULL installs, or in-place upgrades, with no un-install support. So make sure you test the CU2 BEFORE installing them in production. Microsoft is calling CU4 a “Service Pack” because this is the first time they are documenting new features and changes that were in the previous CUs. In addition, there are lifecycle requirements tied to “Service Pack” updates.

Reminder:  Customers in hybrid deployments where Exchange is deployed in-house and in the cloud, or who are using Exchange Online Archiving with their in-house Exchange deployment are required to maintain currency on Cumulative Update releases

Known Issues
Like before this is the list of issue I AM aware of, not an official list from  Microsoft. For my previous known issues with Exchange 2013 CU2 see: http://blog.jasonsherry.net/2013/07/09/exchange-2013-rtm-cu2-released/. I’ll add more details and linked to Technet Forums and KBs later this week. Comment on any issues you have come across that you are pretty sure is a bug based on others having the same issue, please include a link to TechNet forums post on the topic.

  • I need to review my CU2 issues list and check which of these issues CU3 resolves. On my to-do list :)
  1. Critical: 12/4 Outlook (all version) on Windows XP cannot access Exchange 2013 CU3 modern Public Folders, when their mailbox is on 2013 CU3 server
    • Only critical if you have Windows XP clients, which many organizations still do
    • Workaround: Have users use OWA or W7+ workstation
  2. Important: 12/4 Availability (Free/Busy) and OOF not working after installing KB2837618 or KB2825677 for mailboxes on Exchange 2007 in Outlook 2013
    •  The November Outlook 2013 KB2837618 security update, also in OL13 Oct update KB2825677 breaks Outlook 2013 if the user’s mailbox is on Exchange 2007
      • This issue is new to CU3
      • KB2825677 is now in Windows Update, so if you have Exchange 2007 you need to remove this update!
      • Users will see “Your automatic reply settings cannot be displayed because the server is currently unavailable. Try again later” error message when they click on their Automatic Replies (Out of Office) button.
    • Workaround: Remove updates and recreate Outlook profile, just removing the update doesn’t fix the issue
  3. Important: 12/4 Severe performance problems with IE8 and FF24 on Windows XP
  4. Important: 12/4 EAS proxy breaks after EAS App Pool crashes repeatedly
    • This is an issue with Exchange 2013 (RTM – CU3) when it is proxying EAS traffic to Exchange 2007 or 2010 based mailboxes
    • You will see Event ID 4999 | Error | MSExchange Common | With “Watson reported…” in the details
    • I’ve seen this issue at two clients, who were migrating from 2007 to 2013. In both cases users weren’t noticing any issues.
      • After migrating the last mailboxes to 2013 these errors went away
  5. Moderate: 12/4 EAS ExternalURL & InternalURLs for EAS are cleaned after installing CU3
    • This has been an issue since 2010 when doing a recovery operation and when installing 2013 CU1 and higher. I don’t recall which URLs are wiped but as a standard policy I create a “Set-URLs.ps1″ script that I run after installing the CUs, and on initial setup
      • See Jeff Guillet’s post for more details on the history of this issue: bit.ly/1jmOg4l
    • Workaround: Reset them
      • CU1 & CU2 also cleared the OWA & ECP URLs, so at least those were fixed in CU3
  6. Minor: 12/4 Certificate based authentication not working
  7. Minor: 4/2/13 Exchange XML application configuration files are overwritten during cumulative update installation
    • Any customized per-server settings you make in Exchange XML application configuration files, for example, web.config files on Client Access servers or the EdgeTransport.exe.config file on Mailbox servers, will be overwritten when you install an Exchange Cumulative Update (CU). Make sure that you save this information so you can easily re-configure your server after the install. You must re-configure these settings after you install an Exchange CU.
    • From Release notes page
Posted in Exchange, Microsoft | Tagged , | 10 Comments