Announcement

Collapse
No announcement yet.

Exchange 2003 Connection filter ... logging?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2003 Connection filter ... logging?

    Hi guys.

    We are running Exchange server 2003. I recently enabled connection filter and configured it with the spamhaus sbl-xbl list and applied it to our default smtp server. I don't know if its working, however. Which brings me to my question. Is there any logging that happens or can be enabled so I can see when/how many messages it is blocking?

    Thanks a lot.

  • #2
    Re: Exchange 2003 Connection filter ... logging?

    Natively, I don't know of a way to do it. I am sure that there is, but we don't use connection filters. I do know that there is an external monitoring system that you can setup, Cacti (http://www.cacti.net), and someone has written a script that will gather this information. It gathers a bunch of other data as well, so I am not sure exactly which portions are the connection filtering data. If you would like, i can post that script, and you could see what you can see.

    Let me know

    app

    Comment


    • #3
      Re: Exchange 2003 Connection filter ... logging?

      Sure, if you could post it that would be great.

      Thanks for the help.

      Comment


      • #4
        Re: Exchange 2003 Connection filter ... logging?

        Perfmon will show you how many messages are logged, but I don't think Exchange will log any more detail than that. If you want to know more you would need to use a third party tool such as Vamsoft ORF.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Exchange 2003 Connection filter ... logging?

          OK, this is a perl script that queries the WMI of the server.

          look it over and you should see what you are looking for. To get everything, you would save this as a .pl file and then from a computer that has perl installed run
          Code:
          perl.exe scriptname.pl SERVERNAME _Total
          and then you should see the requested data. I am not really a coder, but i would bet that someone over in the scripting forum would be able to help convert this to a VBScript that you could run.

          Code:
          #!/usr/bin/perl 
          
          use strict;
          use Win32::OLE;
          
          my $output_delimeter = " ";
          my $argCount = scalar(@ARGV);
          
          my $Win32_Class = "Win32_PerfFormattedData_TURFLIST_MSExchangeTransportFilterSink";
          
          
          #Display help if
          if ($argCount == 0) {
          
          my @script_name = split m!\\!, $0;
          
          print <<"END";
          Display information in the $Win32_Class class of a computer using Windows Management Instrumentation (WMI).
          
          (The user account running this script must have access to the WMI repository of the target host.)
          
          $script_name[((scalar(@script_name)) - 1)] computer action rvalue instance 
          
          Parameters:
          
             computer    - the name of the computer to query
             instance    - the instance you want the information about
                           (_Total)
          
          If a comma separated list of rvalues is passed to this script, the results will be returned space delimited.
          
          Consult the Microsoft WMI documentation for more information about Windows Management Instrumentation.
          http://msdn.microsoft.com/library/en-us/wmisdk/wmi/wmi_start_page.asp
          
          Example:
          
             $script_name[((scalar(@script_name)) - 1)] localhost _Total
          
          END
          
          	exit;
          }
          
          
          #Parse through the command-line arguments and display the WMI information.
          
           WMIMain(@ARGV);
          
          
          sub	WMIMain(\@) {
          
          	my $computer  = $_[0];
          	my $kvalue    = $_[1];
          	
          	my $WMI_Key     = "Name";
          
          	my $class = "WinMgmts://$computer";
          	my $wmi = Win32::OLE->GetObject($class);
          	
          	my $i = 0;
          
          	if ($wmi) {
          
          			my $properties = "BlockListDNSQueriesIssued,ConnectionsAcceptedbyAcceptList,ConnectionsRejectedbyBlockListProviders,ConnectionsRejectedbyDenyList,DirectoryLookupsIssued,FailedBlockListDNSQueries,FailedDirectoryLookups,MessagesFilteredbySenderFiltering,MessagesFilteredDuetoBlankSender,RecipientsinConnectionFilteringExceptionList,RecipientsRejectedbyDirectoryLookups,RecipientsRejectedbyRecipientFiltering";
          			my $computers = $wmi->ExecQuery("SELECT $properties FROM $Win32_Class Where $WMI_Key='$kvalue'");
          
          
          			if (scalar(Win32::OLE::in($computers)) lt "1") {
          				print "\n    Check the computer and class name.\n";
          				print   "    No information was found on the specified class!\n";
          				return;
          			}
          
          
          			foreach my $pc (Win32::OLE::in($computers)) {
          				properties($pc,$properties);
          
          			}
          
          	} # if wmi
          
          
          	else {
          		print "Unable to talk to WMI for $computer.\n";
          	}
          	
          }
          
          #Loop through an object's properties.
          #Parameters:
          #	0 - a reference to the object
          #	1 - a single property to lookup
          
          sub	properties($$) {
          	my $node = $_[0];
          	my $properties = $_[1];
          	my $i = 0;
          
          	if ($properties eq '*') {
          		foreach ( Win32::OLE::in($node->{Properties_}) ) {
          			viewPropertyBrowse($_);
          			print "\n";
          
          		}
          	}
          
          	else {
          
          
          	my @properties = split(',', $properties);
          
          	foreach (@properties) {
          
          		$i++;
          
          		if (scalar(@properties) eq "1") {
          			viewProperty($node->{Properties_}->{$_});
          
          		}
          
                          elsif (scalar(@properties) gt "1") {
          			if ($i gt "1") {
          				print "$output_delimeter";
          			}
          
          			viewPropertyMulti($node->{Properties_}->{$_});
          
          		}
          	}
          	}	
          
          }
          
          
          #Display an object's property.
          #Parameters:
          #	0 - a reference to the property object
          
          sub viewProperty($$) {
          	my $object = $_[0];
          
          		chomp ($object->{Value});
          		print "$object->{Value}";
          
          }
          
          
          sub viewPropertyMulti($$) { 
             my $object = $_[0]; 
          
                chomp ($object->{Value}); 
                print "$object->{Name}:$object->{Value}";
          #      print "$object->{Name}:".1024*$object->{Value}.""; 
          
          } 
          
          sub viewPropertyBrowse($$) { 
             my $object = $_[0]; 
          
                chomp ($object->{Value}); 
                print "$object->{Name}:$object->{Value}";
          #      print "$object->{Name}:".1024*$object->{Value}.""; 
          
          } 
          
          #sub viewPropertyMulti($$) {
          #	my $object = $_[0];
          #
          #		chomp ($object->{Value});
          #		print "$object->{Name}:$object->{Value}";
          #}
          
          #sub viewPropertyBrowse($$) {
          #	my $object = $_[0];
          #
          #		chomp ($object->{Value});
          #		print "$object->{Name}:$object->{Value}";
          #}
          Let me know if you have problems, or questions. I may be able to answer a couple.

          app

          Comment


          • #6
            Re: Exchange 2003 Connection filter ... logging?

            does this need to be run with activeperl? I'm running it on a linux box and not finding this win32 ole library.

            Comment


            • #7
              Re: Exchange 2003 Connection filter ... logging?

              It makes WMI calls, and i was just talking about this with someone in the Cacti forum about a similar script, and running this from a linux box will not work, unless you have nsclient installed on the Windows box you are querying. It does run from a windows box with Active Perl installed, as long as the account you are running it from has the necessary permissions.

              app

              Comment


              • #8
                Re: Exchange 2003 Connection filter ... logging?

                Ok, its talking to WMI, but its not finding the "_Total" class. Any ideas?

                Comment


                • #9
                  Re: Exchange 2003 Connection filter ... logging?

                  Just looking at some posts in the cacti forums, and not really having any idea what i'm talking about, it looks like maybe

                  Win32_PerfFormattedData_TURFLIST_MSExchangeTranspo rtFilterSink_Total
                  is what we're looking for?

                  It doesn't seem to work, but maybe its closer?

                  I dont know what the space in "transport" is if you can see it, but I cant get it to go away, so ignore it if you will.

                  Comment


                  • #10
                    Re: Exchange 2003 Connection filter ... logging?

                    hmmmm, that is going to take a bit for me to look into. what happens when you try and run it with the _Total, does it error?

                    can you try running this command on the Windows box.
                    Code:
                    wmiadap /f
                    from a command prompt, and then restart the Windows Management Instrumentation service.

                    I had to do that on all of my servers to get it to work.

                    Otherwise, i will have to try and do some digging through the script and the values to see what it gives back.

                    app

                    Comment


                    • #11
                      Re: Exchange 2003 Connection filter ... logging?

                      awesome. wmiadap /f & restarting the service worked. Before i did that, it was giving me a class not found error.

                      I'm showing BlockListDNSQueriesIssued: 5634, ConnectionsRejectedbyBlockListProviders: 2689 ... I take it that means 5634 messages have been processed and about half were on spamhaus' RBL?

                      Thanks very much for all your help. I really appreciate it.

                      Comment

                      Working...
                      X