Wednesday, December 12, 2007

Adding Domains to Exchange Hosting

This article explains how to add multiple domain to exchange hosting. Exchange server can be used for hosting the email account for different domains irrespective of the current domain.

For example, suppose i have implemented exchange server for domain called and user account will be After multiple domains for exchange hosting enables to have the virtual domain email accounts such as,, etc.

1. Create a OU called

2. Create a group with the scope as Universal and type as Distribution, name it as domain1-all. Also, create an exchange email address with the same name as that of the group name(By default will have the same name).

3. Edit the domain1-all group property - edit the default smtp address from to

4. Create new recipient policy - name the policy as, create new SMTP address as and make it as primary , leave as secondary.

5. Create the filter rules for policy as below in the advanced LDAP query

The analogy behind the above LDAP query is to query the object stored inside the OU.

6. Create the GAL(Global address list) for this domain. Name the new GAL as and in the filter rule option use advanded menu to find the Email address ends with option.

7. Open the ADSIEdit.msc, Choose Domain-->DC=domain,DC=com-->>right click property-->In attribute editor section, edit uPNSuffixes to

8. Try to create new user, check the drop down box near the logon name button will have and in the drop down list.

So we conclued that in the email server, email domain is hosted successfully.


PIX Firewall - Basic configuration

Hi friends,

This article gives the basic configuration steps of Cisco PIX firewall series.The pix firewall is the hardware device known for delivering robust user and application policy enforcement, multivector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions.

Setting hostname:
hostname pixfirewall

Setting Domainname:

setting the interface speed:
interface ethernet0 100full
interface ethernet1 100full

Naming the interface:
nameif ethernet0 outside security0
nameif ethernet1 inside security100

Setting the logging:
logging on

configuring interface:
ip address outside
ip address inside

configuring NAT:
nat (inside) 1 0 0
global (outside) 1 netmask
global (outside) 1 netmask

enabling telnet :
telnet inside
telnet outside
telnet timeout 15

Setting the Telnet password:

Configuring access-list:
access-list 100 permit icmp any any
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq ftp-data
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any
access-list 100 permit tcp host any
access-group 100 in interface outside

Setting the Route for packet transfer:
route outside 1

saving the changes to the flash memory:
write memory

configuring the PDM:
setup - enter the related details.


Hardening Exchange server

This articles list of steps that needs to be followed in the exchange server environment for hardening.

1. Basic security best practise like antivirus,secure password,correct privillage for the users,latest service packs and patches,stopping unnessary services,event logging,monitoring,basic firewall policies,good backup and restore plan,etc.

2. Full Knowledge of your infrastructure and network layouts.

3. Status of the ports that are open in the front end.

4. Aware of different types of attacks like data theft,tampering,forgery,Denial of services,Trojon horse,Virus,Spoofing,Mail-relaying,etc,.

5. Assigning proper administrative roles and delagation policy.

6. Enabling all possible logging like audit logs,security logs,SMTP, logs,http logs,etc.

7. Use of Security configuration wizard availbale server 2003 SP1.

8. Effective usage of exchnage security template based on server roles.

9. Updating the Exchange server with related updates,patches,hotfixes,service packs.

10. Maintaining strong firewall in the front end.

11. Strong SMTP settings.

12. Intelligent spam filter or other third party spam solution products.

13. Restricting the distribution list properties.

14. Securing the client.

15. ExBPA(Exchange Best Practice Analysis tool).



POP3 (Post Office Protocol) and IMAP (Internet Message Access Protocol) are two different email protocols. Both allow you to access your emails offline from your preferred email client.Both POP3 and IMAP4 has some functional difference.

POP3 vs. IMAP: Technology

* POP3 always downloads all new emails locally to your computer(by default, also can store the copy of emails in the server).
* IMAP downloads message summaries and doesn't download the entire message until you explicitly select it.

POP3 vs. IMAP: Email Inbox Display

* POP3 downloads all emails into 1 mail folder called "Inbox".
* IMAP preserves your folder structure in a main folder called "".Using the IMAP protocol, all your mail stays on the server in multiple folders, some of which you have created. This enables you to connect to any computer and see all your mail and mail folders.

POP3 vs. IMAP: Multi-Computer Access

* POP3 is useful if you only access your email from one computer, since the email is typically downloaded locally (this is the default and can be changed).When you open your mailbox, new mail is moved from the host server and saved on your computer. If you want to be able to see your old mail messages, you have to go back to the computer where you last opened your mail.
* IMAP allows email to be manipulated from a desktop computer at home, a workstation at the office, and a notebook computer while traveling, without the need to transfer messages or files back and forth between these computers.

POP3 vs. IMAP: Email Storage

* With POP3, your emails can be automatically erased from the server after they are downloaded freeing up space in your account.
* IMAP keeps all emails on the server until you erase them.

POP3 vs. IMAP: Internet Connectivity

* In general, IMAP is great if you have a dedicated connection to the Internet or you like to check your mail from various locations.

* With this type of account you do not have to stay logged on to the Internet. You can log on when you want to receive and send new messages. Once your new messages have been downloaded to your computer you can log off to read them. This option is good when you connect with your modem to DAS and are charged for your connection or you have an older computer.