Group Won’t Accept Mail From ‘Outside’

KB ID 0001771

Problem

Exchange has been this way for a long time here’s me explaining this very problem with older versions of Exchange. If you create a ‘Group’, be that a Distribution Group, or a ‘Microsoft 365’ Group, the default setting is to NOT ALLOW mail from anyone outside your organisation. If you attempt to send mail to that group you will see errors like these;

Errors;

550 5.7.133 RESOLVER.RST.SenderNotAuthenticatedForGroup; authentication required; Delivery restriction check failed because the sender was not authenticated when sending to this group

550 5.7.133 RESOLVER.RST.SenderNotAuthenticatedForGroup; authentication required; Delivery restriction check failed because the sender not authenticated when sending to the group’

550 5.7.193 UnifiedGroupAgent; Delivery failed because the sender isn’t a group member or external senders aren’t permitted to send to this group.

Allow External Senders (On Premises & Hybrid Exchange)

If you have your own on premises Exchange server, this includes those of you that have migrated to Exchange online, but are in Hybrid Mode and are syncing your domain objects into Microsoft/Office 365 (Azure). Then you should change this setting in the on premises Exchange Admin Centre.

Recipients > Groups > Select the group in question  > Edit > Delivery Management > Change to ‘Senders inside and outside of my organisation’ > Save.

Note: Remember in hybrid mode this will need to sync to Microsoft online, so apply the ‘cup of coffee rule’ before testing it.

Allow External Senders Office/Microsoft 365 (Exchange Online)

Classic Exchange Admin Center

Recipients > Groups > Select the group in question  > Edit > Delivery Management > Change to ‘Senders inside and outside of my organisation’ > Save.

 

New Exchange Admin Center

Microsoft 365 Groups: Recipients > Groups > Microsoft 365 > ‘Double Click’ the group in question > Settings  > Allow external senders to email this group > Save.

Distribution Groups: Recipients > Groups > Distribution List > ‘Double Click’ the group in question > Settings  > Edit Delivery Management.

Allow messages from people inside and outside my organisation > Save changes.

Related Articles, References, Credits, or External Links

NA

Exchange: PowerShell Commands

KB ID 0001405

Problem

This might seem like an odd title for an article here at PNL? But I’m going to use this page as a place to put all the commands I’m sick of Googling for, and/or working out every time I do an Exchange job.

So as with all the posts here, it’s here for my benefit, and if anyone else gets something from it great!

Exchange General

Change Exchange Licence Code

[box]Set-ExchangeServer -Identity Server-Name -ProductKey 12345-12345-12345-12345-12345[/box]

Exchange Mailboxes

How Many Mailboxes Per Database?

[box]Get-Mailbox | Group-Object -Property:Database | Select-Object Name,Count | Sort-Object Name | Format-Table -Auto[/box]

 

Exchange Mailbox Migrations

Migrate a Single Mailbox

[box]New-MoveRequest -Identity “Fred Bloggs” -TargetDatabase “Destination-DB” -BatchName “Fred Bloggs” -BadItemLimit “200” -AcceptLargeDataLoss[/box]

Migrate ALL Mailboxes in one Database to Another

[box]Get-Mailbox -Database “Source-DB” ” -ResultSize Unlimited | New-MoveRequest -TargetDatabase “Destination-DB”[/box]

Display Mailbox Migration Progress

[box]Get-moverequest | get-moverequeststatistics

OR

Get-moverequest -MoveStatus InProgress

Get-moverequest -MoveStatus Failed

Get-moverequest -MoveStatus Queued

[/box]

Remove Mailbox Move Requests

[box]Get-MoveRequest -MoveStatus Completed | Remove-MoveRequest[/box]

Exchange Databases

List All Mailboxes in a Database

[box]Get-Mailbox -Database “Database Name“[/box]

Create a Mailbox Database 

[box]New-MailboxDatabase -Name Database-Name -EdbFilePath X:\Folder\Database\Database-Name.edb -LogFolderPath X:\Folder\Log-Folder\[/box]

Show Database (and Log File) Locations

[box]Get-MailboxDatabase -Status | select EdbFilePath
Get-MailboxDatabase -Status | select LogFolderPath[/box]

Move a Database (and Log Files)

[box]Move-DatabasePath -Identity Database-Name -EdbFilePath X:\Folder\Database\Database-Name.edb
Move-DatabasePath -Identity Database-Name -LogFolderPath X:\Folder\Log-Folder\[/box]

Show Mailbox Database ‘Whitespace’

[box]Get-MailboxDatabase -Status | select Name,DatabaseSize,AvailableNewMailboxSpace[/box]

Users and Groups

Exchange Create a Distribution Group

[box]New-DistributionGroup -Name “DG-All-Users” -Type “Security”[/box]

Exchange Add All Users (In an OU) to a Distribution Group

[box]Get-Mailbox -OrganizationalUnit “cn=users,dc=petenetlive,dc=com” -resultsize unlimited|ForEach-Object { Add-DistributionGroupMember -Identity “DG-All-Users” -Member $_ }[/box]

 

Related Articles, References, Credits, or External Links

NA

CentOS – Setup the iptables Firewall

KB ID 0000938

Problem

I was a little perturbed to find out the firewall on my CentOS web server was wide open today. My server setup notes yielded no clues, so it was time to put my ‘Linux Head’ on and fix it.

Solution

1. Connect to the server via console or SSH. As I’m going to change the iptables config file lets back it up (always assume you are going to smash something!)

[box] cp /etc/sysconfig/iptables iptables.bak[/box]

2. I have a VPS so I’m usually logged on via SSH, so to avoid locking myself out I’m going to change the default policy to allow (yes in my current scenario that’s a moot point, but it’s good practice). Then I can flush the current rules, without kicking myself out.

[box]iptables -P INPUT ACCEPT
iptables -F[/box]

3. Then allow packets destined to Loopback (127.0.0.1), some processes on the server rely on this, and expect it to be open.

[box] iptables -A INPUT -i lo -j ACCEPT [/box]

4. Allow packets that were not initiated by the server, but are already established or related to an established connection.

[box] iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT[/box]

5. Allow in the ports you require (your requirements may differ).

[box]iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp –dport 443 -j ACCEPT
iptables -A INPUT -p tcp –dport 25 -j ACCEPT
iptables -A INPUT -p tcp –dport 110 -j ACCEPT
iptables -A INPUT -p tcp –dport 53 -j ACCEPT
iptables -A INPUT -p tcp –dport 993 -j ACCEPT
iptables -A INPUT -p udp –dport 53 -j ACCEPT
iptables -A INPUT -p tcp –dport 12345 -j ACCEPT[/box]

6. To allow your server to respond to pings (if required);

[box]iptables -A INPUT -p icmp -j ACCEPT
[/box]

7. Drop all other traffic, and set the forwarding table to also drop all traffic. Then I’m going to allow all outbound ports from the server.

[box]iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT[/box]

8. TEST EVERYTHING! Then save the changes, to make them persistent.

[box] /sbin/service iptables save[/box]

Show iptables Settings

[box] iptables -L -v[/box]

Start/Stop and Restart the iptables Service

[box]service iptables stop
service iptables start
service iptables restart[/box]

 

Related Articles, References, Credits, or External Links

NA