Configuring Message Moderation for Email Delivery to DLs in Exchange 2010

We all know that we can set restrictions on distributions list so that the restrictions can stop unauthorized people from sending emails to a specific DL. For Exchange 2003 and Exchange 2007 we could only select these restrictions from a combination of “From authenticated users only”

Exchange 2010 offers an additional feature that can allow moderation of emails sent to a particular DL. This would be a useful feature to most of the managed DLs which are critical and emails sent to them should be authentic and scrutinized before they hit the DL member mailboxes. Let’s take a look at the configuration of this feature.

1. Open EMC and locate the DL to be set for moderation settings. Right click on the DL you wish to be moderated for email messages sent to it and click Properties. A dialog box pops up, then select Mail Flow Settings Tab on the properties dialog box. Select Message Moderation option. image

2. After selecting Message Moderation option from the properties dialog of DL you see another propertied dialog where you can specify the actual moderator of the messages sent to this DL. Here you can do 2 things,

First, you can assign a moderator to review all emails and then approve them to be delivered to DL members and then some exceptional senders who wont require an approval from moderator of the DL. One thing common between both these options is only a user having exchange mailbox can be added to these lists. and then, the last section is to specify the moderations notifications. If you want to let email senders know the status of their sent emails whether they were approved or declined you can configure it using “Notify all senders when their messages aren’t approved”. If you want the senders to know about the status only when the message was not approved then you can select the option to “Notify senders in your organization only when their message is not approved” and the last option can be chosen so that nobody gets an approval or denial notifications.

image

3. Once this is configured you can test it by sending an email to this DL. In my case I had the administrator as a moderator to the DL named “All Users” (The name of moderator isn’t visible on the dialog box above).

image

4. The moderator of this DL gets an email asking the approval. The moderator can preview the original message in the preview pane of OWA.

image

5. The moderator can open the original message which is sent as an attachment along with the approval request. Please see the mouse cursor in above screen shot. When the “View original message”

 imageoption is clicked the original message will open up in another window. Here in the original message window you get options to approve or reject the message delivery. You will notice that the sender of this message is not the original sender. The sender name appears “Microsoft Exchange Approval Assistant on behalf of AD RMS SVC

image

6. Now depending upon the settings you have chosen in step 2 the approval or rejection notices will be sent to original sender of the message.

image 

Here is something that you would like to know before you consider configuring message moderation for distribution lists, if you have your exchange 2010 servers installed in a mixed mode environment then message moderation may not work correctly sometimes. This may be because of the DL’s expansion server. Exchange 2010 Transport is also rewritten with many new components in it and message moderation is one of them. Exchange 2007 and 2003 transport wont understand this configuration as this is an Exchange 2010 specific feature. So, if you want to use this feature for any DLs in your organization  you must set your Exchange 2010 server as an expansion server for the DL or all of them.

.

Exchange 2010 High Availability – Best Copy Selection

Everyone who has started playing around the Exchange 2010 Beta must be knowing this concept by now. Compared to its predecessors Exchange 2007 and 2003, Exchange 2010 has been completely rewritten on this part. High availability is handled the way different than it was in any other version. Why companies spend so much of money out of their IT budgets to plan, deploy and configure high availability of services is because to make sure that their business critical applications wont go down and loss of money due to down services should not happen. Exchange being a messaging system has become one of the most critical applications for enterprises. Most of the communication happens via emails. Documents exchange, Voice mails on your phone, business communications, newsletters and much more is sent and received using messaging systems in every company. Consider a scenario where your company is a financial firm and needs continuous email communication to the customers, partners and other government authorities which should be available 24x7x365 days. In such a high demanding environment failure of even a single server for a long time may lead into loss of company revenue and company’s customer dissatisfaction. To overcome such scenarios Exchange have been providing the HA capabilities to administrator and architects. Right from Exchange 2003’s failover clustering to Exchange 2007’s CCR the Exchange HA has been evolving according to market needs and business requirements. This is one of the great features I ever liked in Exchange. Lets take a look at how the whole stuff is handled here.

Exchange 2003 and 2007 provided the HA based on Windows Clustering where the whole server as an object used to failover to another node of the cluster. However with the exchange server 2010, things have changed dramatically. Now the failover wont occur at the server level instead of that the store schema has been re-structured in such a way that the failover can occur at the database level only. This is possible with the help of Database Availability Group which is commonly known as DAG.

In short, DAG is a group of servers and databases which will provide the high availability. It still uses the Microsoft Clustering Services but do not rely on it completely. Instead of using the server level failover the clustering services are used to only group the nodes of a cluster. What will failover is the only a problematic database. Article Understanding Mailbox Database Availability provides an overview of how this whole stuff works. If you read the above linked article you will understand that a database will have multiple copies on one or more servers which will be passive copies and will not be used for production connectivity. However, these copies are continuously in-sync with production copy of them and are always updated. When a failure on  production copy of database is detected, one of the passive copies are activated and start working as a production copy for the clients. This is known as  failover.  On the other hand, if one of the passive copies are activated manually by an administrator the process is known as swithover.

As far as swithovers are concerned the administrator knows which copy to bring online. But, if the failure occurs and the administrator is not available to monitor or recover the situation then what? Don’t you worry about that. The failover is managed by the exchange store itself.

Exchange 2010’s Exchange Replication Service which monitors the databases time to time and determines their health if some sort of database failure is detected then the process of failover is started. To failover the databases in stead of the whole server a component called Active Manger is added as a part of Exchange Replication Service which replaces the cluster’s server level failover behavior. Now, when a failover occurs and you have more than one copies of a single database added to multiple servers; exchange has to decide and choose the best copy available to mount among all. This process is known as Best Copy Selection. How Best copy selection works is on a simple basis of choosing the best available copy among all database copies of a particular information store. But, hold on. This selection process includes 10 different criteria which are used to select a best of copy. Again, the one and only Active Manager manages all this stuff. Let’s see how does Active Manager decides which copy to pick up and activate.

So now as you already know that Active Manger will select the best copy and initiate the failover it looks for healthy database copy first of all, DisconnectedAndHealthy, DisconnectedAndResynchronizing, or SeedingSource, and that meets all of the following sets of criteria:

  • It has a content index with a status of Healthy
  • It has a copy queue length that is < 10 log files and
  • It has a replay queue length < 50 log files

If Active Manager finds no copy meeting any of the above criteria, then it will try to locate a database copy that meets the next set of criteria:

  • It has a content index with a status of Crawling
  • It has a copy queue length that is < 10 log files and
  • It has a replay queue length < 50 log files

If Active Manager finds no copy meeting any of the above criteria, then it will try to locate a database copy that meets the next set of criteria:

  • It has a content index with a status of Healthy and
  • It has a replay queue length of < 50 log files

If Active Manager finds no copy meeting any of the above criteria, then it will try to locate a database copy that meets the next set of criteria:

  • It has a content index with a status of Crawling and
  • It has a replay queue length of < 50 log files

If Active Manager finds no copy meeting any of the above criteria, then it will try to locate a database copy that meets the next set of criteria:

  • It has a replay queue length of < 50 log files

If Active Manager finds no copy meeting any of the above criteria, then it will try to locate a database copy that meets the next set of criteria:

  • It has a content index with a status of Healthy and
  • It has a copy queue length < 10 log files

If Active Manager finds no copy meeting any of the above criteria, then it will try to locate a database copy that meets the next set of criteria:

  • It has a content index with a status of Crawling and
  • It has a copy queue length < 10 log files

If Active Manager finds no copy meeting any of the above criteria, then it will try to locate a database copy that meets the next set of criteria:

  • It has a content index with a status of Healthy.

If Active Manager finds no copy meeting any of the above criteria, then it will try to locate a database copy that meets the next set of criteria:

  • It has a content index with a status of Crawling.

Even after doing so much of matching with defined criteria if Active Manager fails finding any copy meeting above criteria then it will try to activate any database copy with a status of Healthy, DisconnectedAndHealthy, SeedingSource, or DisconnectedAndResynchronizing. At the end if Active Manager does not find any copy that meeting any of the criteria the automatic activation (failover) will not occur.

Another good question may come up asking what if Active Manger find more than one copy which matches the above criteria? Answer would be, if more than one database copy meets all of the above criteria, then the configured value for ActivationPreference is consulted, and the database with the lowest value is activated and mounted.

 

I would like to thank Scott for presenting this information in his introductory video and my friend Amit for suggesting me to write up on it. Thanks both!

Exchange 2010 RC available for download.

Just saw an email from Microsoft Download which I got as a participant in the Microsoft Exchange Server 2010 Beta experience. Microsoft Exchange 2010 Release Candidate is available for download now. You can download from Here.

P.S.: The download seems to unavailable currently however you can expect it available in some time. Download link page will land you to Microsoft’s Download page at this moment where you cant find the downloadable file. Wait for a while more and you should be able to download the latest version of Exchange 2010. Keep rocking and enjoy testing.

 

.