FourTen Technologies, Inc.
Client Login | Toll-Free Sales & Support: +1 (877) 410-0410
Exchange 2010 - ActiveSync for Domain Admins
Category: Tech
Posted by Andre Chambers on April 21st, 2010
We recently field tested Exchange 2010. Most of our feedback is extremely positive: the new OWA (now "Outlook Web App" instead of "Outlook Web Access") is slick and cross-browser compatible, and installation should pose no issues for those comfortable with Exchange 2007.
One complication that we did have was syncing up with mobile devices, which has really been complicated since the advent of RPC over HTTP/s (now "Outlook Anywhere"). We were having mixed success, noting that some users in seemingly identical configurations were able to get their mail on their phone, and others not so well.
It turns out that Domain Admins have additional restrictions on the security of their accounts, and sparing the technical details, Domain Admins lack the security context required to use ActiveSync remotely. There's no (easy) way to get around this -- we spent a bit of time, and none of the options were good ones. The best option is to create a separate account for Domain Admins, one without admin privileges for day-to-day activities, including e-mail, and the other for administering the domain. This is a best practice for security anyway (using regular accounts for day-to-day activities so that privileged accounts aren't compromised by viruses, workstations left unlocked, etc.), despite it being the rare administrator that admits it.
Fun with Spammers
Category: Tech
Posted by Jonathan Corbett on October 2nd, 2009
At FourTen we use Postini, a third-party spam filtering service that takes your e-mail before it gets to your server, removes the spam, and forwards on the good stuff. Postini built itself a great reputation when it first arrived on the scene for being reliable and accurate, and luckily for its customers, its new owners (Google) have kept a hands-off approach, leaving well enough alone.
The way a spam filtering service like Postini gets set up is by setting DNS mail server (MX) records for your domain to the spam filtering service, which means that before any mail gets to you, it goes straight to them for filtering. You can set multiple MX records for a domain, each with a different priority, and to play it safe, we set Postini's mail server as the highest priority and then our own mail server as a lower one, so that in case Postini for some reason went down, our low-priority server wouldn't miss a beat and we wouldn't lose e-mail. It would take a pretty intelligent spammer to avoid the high-priority server and send to the lower priority one, right?
Well, fast forward to today and we've found that about 50% of spammers were smart enough to code their mail sending apps to avoid Postini's servers and send to the non-Postini server if one is listed in the MX record. That totally ruined our fun, until we realized that since only spammers were sending to the low-priority server (Postini goes down just about... never), we could indeed have some fun. We could set up a script to automatically report spam to the sender's ISP, we could send our mail server logs on to one of the many IP blacklists for known spam senders, or we could have forwarded all the mail to spam filtering services for analysis so that they would be better able to block the spam from getting to other recipients.
We opted for a much quicker to implement solution: set the low-priority mail server address in DNS to 127.0.0.1, the loopback address, essentially telling the spammers to deliver the mail to themselves. :) We now have less than 1 in 100 pieces of spam sent to us get through the filter, and the same quantity of legitimate mail blocked as spam (which we can manually deliver through Postini's Web interface). Nice.
Useful Scripts Collection: Rounded Corners with 2 Lines of JavaScript (No Images!)
Category: Tech
Posted by Jonathan Corbett on September 19th, 2009
The Web 2.0 rounded corner look is popular, and is a frequent request of our clients. Most solutions involve either images that you place in each corner of the containing "divs" to simulate the border being curved, or extremely long and complicated JavaScripts.
We don't like either approach: having to create images each time you want different look is a pain and a waste of bandwidth to download. We also don't like loading up pages with long and convoluted JavaScript; if we can't understand the JavaScript, we don't want to use it.
Therefore, we took an hour and a Red Bull and came up with a JavaScript function to round corners in just 2 lines of code (one is a bit long, but not as complex as it looks):
function FourTenCorners(theDiv, theWidth, howRound, bgColor){
theDiv.style.backgroundColor = 'transparent';
for(var x = 0; x <= howRound; x++) theDiv.innerHTML = '<div style="width:' + ((theWidth - (2 * howRound)) + (2 * (Math.sqrt((howRound * howRound) - (x * x))))) + 'px;height:' + (x == 0 ? '100%;padding:' + theDiv.style.padding.replace('px', '') : '1px') + ';background-color:' + bgColor + ';margin-left:auto;margin-right:auto;">' + (x == 0 ? '' : '</div>') + theDiv.innerHTML + (x == 0 ? '</div>' : '<div style="width:' + ((theWidth - (2 * howRound)) + (2 * (Math.sqrt((howRound * howRound) - (x * x))))) + 'px;height:' + (x == 0 ? '100%' : '1px') + ';background-color:' + bgColor + ';margin-left:auto;margin-right:auto;">');
}
The premise is that by creating smaller divs of 1 pixel in height centered on the top and bottom of the original div, rounded corners appear. Visually, let's use a little ASCII-art and say your original div looked like this:
XXXXXXXXXXXXXX X X XXXXXXXXXXXXXX
YYYYYYYYYYYY X X X X X X YYYYYYYYYYYY
This is done repeatedly -- the number of times specified in the howRound property, which is essentally the radius of the circle that would fit in your corner. Using that radius, we can calculate the exact width between the border at each pixel by thinking of the circle as having an inscribed right triangle in the visible quadrant (the quarter of the circle that makes up the corner), and use the pythagoream theorum with known hypotenuse and leg.The image to the right illustrates how the script would calculate the appropriate div width for a radius of 4 on the top left corner of an affected div. The bottom leg of each triangle is the distance sought; the left leg has the known height of 1, 2, and 3 in each respective triangle, and the hypotenuse is the radius, which must always be, in this case, 4.
The function takes 4 parameters: a reference to the div to be modified, the width of the div (in pixels only), the radius of the circle of the corner (integer values only), and the background color of the div (the script doesn't support background images, but if you're going to use a background image rather than a color, you may as well draw your corners in rather than using JavaScript).
Complications With Setting Custom Port for OWA, Exchange 2007
Category: Tech
Posted by Jonathan Corbett on July 15th, 2009
With the number of IP addresses on the Internet currently fixed at about 4 billion, the goal of IP address conservation to make that number last has been around for almost 10 years now. As such, the common practice is to run multiple applications on 1 IP address, which can be done by using different ports. You can also run multiple HTTP Web sites on the same port, and indeed this solution works well.
...just don't do it with Outlook Web Access for Exchange 2007.
Here's just two of the reasons you'll likely encounter if you try:
-
Port Address Translation, the art of taking incoming traffic on a public IP address and a certain port number and then forwarding it to a private IP address with a potentially different port number, isn't allowed for by OWA 2007. When configuring OWA 2007, you must tell it the hostname that you plan on using to access your webmail, and that hostname is used to build URLs inside of the Web application. That is, some links within OWA are coded to use an "absolute" URL based on the hostname provided, rather than a relative URL.
The problem is that Exchange will allow you to give it a hostname followed by a port number ("mail.yourname.com:12345"), but in practice, Exchange secretly strips your port number and replaces it with the local port that your request came in on. So, if your external URL is https://mail.yourname.com:12345/owa/ and you set port 12345 of your external IP address to forward to 10.1.2.3:6789, your first request will get to 10.1.2.3:6789 successfully, but as you continue to use OWA, you'll secretly end up at https://mail.yourname.com:6789/owa/, departing from your intended external port of 12345.
- Windows Mobile phones and iPhones have a built-in e-mail client that supports Exchange, but for all versions we could try at the time of writing, finding OWA on any port other than 443 (or 80, if you're brave enough to go cleartext, which later versions will allow) is unsupported. Similar to above, you're allowed to type in a port number after the URL, but it is stripped and always replaced with 443. So, if you want your Touch Pro, iPhone 3G, and likely countless other devices to function with your server using the built-in client, keep OWA at 443.
Blog Posts by Month
- April 2010 (1)
- March 2010 (1)
- December 2009 (1)
- October 2009 (3)
- September 2009 (2)
- August 2009 (1)
- July 2009 (3)
Disclaimer: Blog posts are opinion and do not represent service offerings nor technical certainties, and FourTen will not be liable for their accuracy.