Misplaced Pages

Microsoft Exchange Server

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

Within the Internet email system, a message transfer agent ( MTA ), mail transfer agent , or mail relay is software that transfers electronic mail messages from one computer to another using the Simple Mail Transfer Protocol . In some contexts, the alternative names mail server , mail exchanger , or MX host are used to describe an MTA.

#5994

49-469: Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft . It runs exclusively on Windows Server operating systems. The first version was called Exchange Server 4.0, to position it as the successor to the related Microsoft Mail 3.5. Exchange initially used the X.400 directory service but switched to Active Directory later. Until version 5.0, it came bundled with an email client called Microsoft Exchange Client . This

98-499: A Received trace header field to the top of the header of the message, thereby building a sequential record of MTAs handling the message. The process of choosing a target MTA for the next hop is also described in SMTP, but can usually be overridden by configuring the MTA software with specific routes. [REDACTED] An MTA works in the background, while the user usually interacts directly with

147-498: A Mail User Agent (MUA), or email client . Common protocols for this are: Submission of new email from a mail client is via SMTP, typically on port 587 or 465, and is now generally restricted to servers the user has an account with-such as their ISP . This is for policy, not technical, reasons so that providers have some means of holding their users accountable for the generation of spam and other forms of email abuse. Client access license A client access license ( CAL )

196-602: A Windows cluster typically residing in the same datacenter, SCR can replicate data to a non-clustered server, located in a separate datacenter. With Exchange Server 2010, Microsoft introduced the concept of the Database Availability Group (DAG). A DAG contains Mailbox servers that become members of the DAG. Once a Mailbox server is a member of a DAG, the Mailbox Databases on that server can be copied to other members of

245-517: A hosted service. This has been possible from a number of providers for more than 10 years, but as of June 2018 is that many providers have been marketing the service as "cloud computing" or "Software-as-a-Service". Exchange hosting allows for Microsoft Exchange Server to be running in the Internet, also referred to as the Cloud, and managed by a "Hosted Exchange Server provider" instead of building and deploying

294-414: A license to connect in order to use their services. These special purpose licenses come in the form of a CAL. A CAL legally permits client computers to connect to commercial server software. They usually come in the form of a certificate of authenticity (CoA) and a license key, which is sometimes attached to the certificate itself. The various editions of most of Microsoft's server software usually include

343-459: A mail user agent. One may distinguish initial submission as first passing through an MSA—port 465 (or, for legacy reasons, optionally port 587) is used for communication between an MUA and an MSA, while port 25 is used for communication between MTAs, or from an MSA to an MTA. this distinction is clarified in RFC   8314 . For recipients hosted locally, the final delivery of email to a recipient mailbox

392-498: A monthly service fee instead. Microsoft had sold a number of simpler email products before, but the first release of Exchange (Exchange Server 4.0 in April 1996) was an entirely new X.400 -based client–server groupware system with a single database store, which also supported X.500 directory services. The directory used by Exchange Server eventually became Microsoft's Active Directory service, an LDAP -compliant directory service which

441-617: A multi-tenant version of Exchange Online as part of the Business Productivity Online Standard Suite in November 2008. In June 2011, as part of the commercial release of Microsoft Office 365 , Exchange Online was updated with the capabilities of Exchange Server 2010. Exchange Server 2010 was developed concurrently as a server product and for the Exchange Online service. In February 2020, an ASP.NET vulnerability

490-484: A small number of CALs, and this allows the software to be used by either a few users or a few computers, depending on the CAL licensing mode. If more clients need to access the server, then additional CALs must be purchased. Microsoft Server products require a CAL for each unique client regardless of how many will be connecting at any single point in time. Some of Microsoft's server software programs do not require CALs at all, as

539-455: Is a Service Provider License Agreement (SPLA) available whereby Microsoft receives a monthly service fee instead of traditional CALs. Two types of Exchange CAL are available: Exchange CAL Standard and Exchange CAL Enterprise. The Enterprise CAL is an add-on license to the Standard CAL. Microsoft Exchange Server uses a proprietary remote procedure call (RPC) protocol called MAPI/RPC , which

SECTION 10

#1733085787006

588-461: Is a commercial software license that allows client computers to use server software services. Most commercial desktop apps are licensed so that payment is required for each installation, but some server products can be licensed so that payment is required for each device or user that accesses the service provided by the software. For example, an instance of Windows Server 2016 for which ten User CALs are purchased allows 10 distinct users to access

637-469: Is from a logged-in user; in legitimate use, the view state should always be returned in a POST request , and never a GET request. This combination causes the server to decrypt and run this added code with its own privileges, allowing the server to be fully compromised as any command can therefore be run. In July 2020, Positive Technologies published research explaining how hackers can attack Microsoft Exchange Server without exploiting any vulnerabilities. It

686-454: Is the ability to have only two nodes and the third node known as "voter node" or file share witness that prevents "split brain" scenarios, generally hosted as a file share on a Hub Transport Server. The second type of cluster is the traditional clustering that was available in previous versions, and is now being referred to as SCC (Single Copy Cluster). In Exchange Server 2007 deployment of both CCR and SCC clusters has been simplified and improved;

735-529: Is the case of Windows Server Web Edition . Microsoft SQL Server can be licensed for CALs, or alternatively by CPU cores. CALs apply to either a "device" (as defined in the license agreement) or a "user". A business is free to choose either mode. With user CALs, each CAL allows one user to connect to the server software whenever they need to. Once the CAL has been allocated to that user, another user cannot use it. Any number of CALs can be purchased to allow five, five hundred, or any number of users to connect to

784-535: Is the task of a message delivery agent (MDA). For this purpose the MTA transfers the message to the message handling service component of the message delivery agent (MDA). Upon final delivery, the Return-Path field is added to the envelope to record the return path . A relay or filtering server will typically store email only briefly, but other systems keep full mailboxes for email - in which case they usually support some means for end users to access their email via

833-399: Is then loaded, and by requesting both the session ID of the user login and the correct View State directly from the server, this correct View State can be deserialised and then modified to also include arbitrary code and then be falsely verified by the attacker. This modified View State is then serialised and passed back to the server in a GET request along with the session ID to show it

882-513: Is typically either by webmail or an email client . A message transfer agent receives mail from either another MTA, a mail submission agent (MSA), or a mail user agent (MUA). The transmission details are specified by the Simple Mail Transfer Protocol (SMTP). When a recipient mailbox of a message is not hosted locally, the message is relayed, that is, forwarded to another MTA. Every time an MTA receives an email message, it adds

931-643: The GRU , uses/used publicly known Exchange vulnerabilities, as well as already-obtained account credentials and other methods, to infiltrate networks and steal data. In September 2023, Microsoft was notified that Microsoft Exchange is vulnerable to remote code execution including data theft attacks. Microsoft has not fixed these issues yet. Mail server Messages exchanged across networks are passed between mail servers, including any attached data files (such as images, multimedia, or documents). These servers often keep mailboxes for email. Access to this email by end users

980-528: The Core CAL. Just like Windows Server and other server products from Microsoft, there is the choice to use User CALs or Device CALs. Device CALs are assigned to devices (workstation, laptop or PDA), which may be used by one or more users. User CALs, are assigned to users, allowing them to access Exchange from any device. User and Device CALs have the same price, however, they cannot be used interchangeably. For service providers looking to host Microsoft Exchange, there

1029-607: The Core CALs, Enterprise CALs are only available through Open, Enterprise or Select agreements. CALs usually enable connectivity to server software regardless of the edition of the software. For example, CALs purchased to enable client connectivity with Windows Server 2003 Enterprise Edition can be used with Windows Server 2003 Datacenter Edition. However, backwards compatibility is generally assured. For example, Windows Server 2012 CALs can not only be used to access servers running on Windows Server 2012, but they can be used to access one of

SECTION 20

#1733085787006

1078-546: The DAG. When a Mailbox server is added to a DAG, the Failover Clustering Windows role is installed on the server and all required clustering resources are created. Like Windows Server products, Exchange Server requires client access licenses , which are different from Windows CALs. Corporate license agreements, such as the Enterprise Agreement , or EA, include Exchange Server CALs. It also comes as part of

1127-650: The cluster are allowed to be active simultaneously. This is opposed to Exchange's more common active-passive mode in which the failover servers in any cluster node cannot be used at all while their corresponding home servers are active. They must wait, inactive, for the home servers in the node to fail. Subsequent performance issues with active-active mode have led Microsoft to recommend that it should no longer be used. In fact, support for active-active mode clustering has been discontinued with Exchange Server 2007. Exchange's clustering (active-active or active-passive mode) has been criticized because of its requirement for servers in

1176-626: The cluster nodes to share the same data. The clustering in Exchange Server provides redundancy for Exchange Server as an application , but not for Exchange data . In this scenario, the data can be regarded as a single point of failure , despite Microsoft's description of this set-up as a "Shared Nothing" model. This void has however been filled by ISVs and storage manufacturers, through "site resilience" solutions, such as geo-clustering and asynchronous data replication. Exchange Server 2007 introduces new cluster terminology and configurations that address

1225-413: The email systems of an estimated 250,000 global customers, including state and local governments, policy think tanks, academic institutions, infectious disease researchers and businesses such as law firms and defense contractors. In a separate incident, an ongoing brute-force campaign from mid-2019 to the present (July 2021), attributed by British and American ( NSA , FBI , CISA ) security agencies to

1274-640: The entire cluster install process takes place during Exchange Server installation. LCR or Local Continuous Replication has been referred to as the "poor man's cluster". It is designed to allow for data replication to an alternative drive attached to the same system and is intended to provide protection against local storage failures. It does not protect against the case where the server itself fails. In November 2007, Microsoft released SP1 for Exchange Server 2007. This service pack includes an additional high-availability feature called SCR (Standby Continuous Replication). Unlike CCR, which requires that both servers belong to

1323-674: The key features of the new release is that Exchange Server can be deployed onto Windows Server Core for the first time. Additionally, Microsoft has retired the Unified Messaging feature of Exchange, meaning that Skype for Business on-premises customers will have to use alternative solutions for voicemail, such as Azure cloud voicemail. Exchange Server Enterprise Edition supports clustering of up to 4 nodes when using Windows 2000 Server, and up to 8 nodes with Windows Server 2003. Exchange Server 2003 also introduced active-active clustering, but for two-node clusters only. In this setup, both servers in

1372-442: The latest version of Microsoft Entourage for Mac and Microsoft Outlook for Mac - since the release of Mac OS X Snow Leopard Mac computers running OS X include some support for this technology via Apple's Mail application. E-mail hosted on an Exchange Server can also be accessed using POP3 , and IMAP4 protocols, using clients such as Windows Live Mail , Mozilla Thunderbird , and Lotus Notes . These protocols must be enabled on

1421-509: The licensee to use the software on one computer, subject to the usual terms and conditions. For businesses, Microsoft offers several types of licensing schemes for a range of their products, which are designed to be cost effective, flexible, or both. Commercial server software, such as Windows Server 2003 and SQL Server 2005 require licenses that are more expensive than those which are purchased for desktop software like Windows Vista . All clients that connect to these server products must have

1470-448: The need or urgency to do a full transition to Exchange Online, and also allows for staggered email migration . Hybrid tools can cover the main stack of Microsoft Exchange, Lync , SharePoint, Windows, and Active Directory servers, in addition to using replica data to report cloud user experience. Exchange Online was first provided as a hosted service in dedicated customer environments in 2005 to select pilot customers. Microsoft launched

1519-452: The same or lower version of the operating system are allowed access automatically. For example, Windows NT 4.0 clients may connect to Windows NT 4.0 terminal servers but not Windows 2000 or later; Windows 2000 or Windows XP clients may connect to Windows NT 4.0 or Windows 2000 terminal servers. This is called the equivalency license. The system for enforcing the number of TS CALs ("Microsoft Enforced Licensing") used on versions later than NT

Microsoft Exchange Server - Misplaced Pages Continue

1568-656: The same price, they may not be used interchangeably, and cannot be switched without buying new CALs. The price of User CALs has increased since December 2012 (in the UK), although the device CAL remains the same. The Core CAL is a special CAL offered by Microsoft through corporate license agreements such as Enterprise , Select or Open Value . The Core CAL is a combination of CALs for Windows Server, Exchange Server, SharePoint Server, System Center Configuration Client Management License, Lync Server, and Forefront Endpoint Subscription License. Core CALs are approximately 30 percent cheaper than

1617-474: The server. Commercial apps are licensed to end users or businesses: in a legally binding agreement between the proprietor of the software (the "licensor") and the end user or business (the "licensee"), the licensor gives permission to the licensee to use the app under certain limitations, which are set forth in the license agreement. In the case of Microsoft , the consumer retail or "off-the-shelf" products generally use very similar licence agreements, allowing

1666-460: The server. Exchange Server mailboxes can also be accessed through a web browser, using Outlook Web App (OWA). Exchange Server 2003 also featured a version of OWA for mobile devices , called Outlook Mobile Access (OMA). Microsoft Exchange Server up to version 5.0 came bundled with Microsoft Exchange Client as the email client. After version 5.0, this was replaced by Microsoft Outlook, bundled as part of Microsoft Office 97 and later. When Outlook 97

1715-489: The server. With user CALs, each user can connect to the server software from any number of devices. The devices are not counted, but only a set number of users can connect. Per-device mode operates in much the same way, but limits the number of devices which can connect, rather than the number of users. One CAL enables one device to connect to and use the server software, regardless of how many users connect from that particular device. Although User and Device CALs are currently

1764-418: The servers running Windows Server 2008, Windows Server 2008 R2, Windows Server 2003, and any previous versions at any given time. Terminal Services is a function of Microsoft Windows that allows several types of connections to the server components of the system. Windows Server versions prior to 2003 do not necessarily require the use of specialized Terminal Services CALs; rather, clients which are of at least

1813-589: The shortcomings of the previous "shared data model". Exchange Server 2007 provides built-in support for asynchronous replication modeled on SQL Server's " Log shipping " in CCR (Cluster Continuous Replication) clusters, which are built on MSCS MNS (Microsoft Cluster Service—Majority Node Set) clusters, which do not require shared storage. This type of cluster can be inexpensive and deployed in one, or "stretched" across two data centers for protection against site-wide failures such as natural disasters. The limitation of CCR clusters

1862-470: The software and all versions of it, where the View State is used to temporarily preserve changes to an individual page as information is sent to the server. The default validation key used is therefore public knowledge, and so when this is used the validation key can be used to decrypt and falsely verify a modified View State containing commands added by an attacker. When logged in as any user, any .ASPX page

1911-468: The sum of the aforementioned licenses. With the release of the 2007 products, Microsoft started offering the Enterprise CAL Suite. The Enterprise CAL Suite combines 15 CALs, including the Core CAL combination, Enterprise functionality of Exchange, Lync, and SharePoint Servers, as well as System Center Data Protection Manager, Operation Manager, and Service Manager Client Management Licences. As for

1960-460: The system in-house. Exchange Online is Exchange Server delivered as a cloud service hosted by Microsoft itself. It is built on the same technologies as on-premises Exchange Server, and offers essentially the same services as third-party providers which host Exchange Server instances. Customers can also choose to combine both on-premises and online options in a hybrid deployment. Hybrid implementations are popular for organizations that are unsure of

2009-415: Was added to Microsoft Exchange Server 2003. It allows a compliant device such as a Windows Mobile device or smartphone to securely synchronize mail, contacts and other data directly with an Exchange server and has become a popular mobile access standard for businesses due to support from companies like Nokia and Apple Inc. as well as its device security and compliance features. Support for push email

Microsoft Exchange Server - Misplaced Pages Continue

2058-569: Was added to it with Exchange Server 2003 Service Pack 2 and is supported by Windows Phone 7, the iPhone and Android phones, but notably not for Apple 's native Mail app on macOS . Exchange ActiveSync Policies allow administrators to control which devices can connect to the organization, remotely deactivate features, and remotely wipe lost or stolen devices. The complexities of managing Exchange Server—namely running both one or more Exchange Servers, plus Active Directory synchronization servers—make it attractive for organisations to purchase it as

2107-516: Was called "Microsoft Exchange". A stripped-down version of the Exchange Client that does not have support for Exchange Server was released as Windows Messaging to avoid confusion; it was included with Windows 95 OSR2 , Windows 98 , and Windows NT 4 . It was discontinued because of the move to email standards such as SMTP, IMAP, and POP3, all of which Outlook Express supports better than Windows Messaging. Support for Exchange ActiveSync (EAS)

2156-505: Was designed to be used by Microsoft Outlook . Clients capable of using the proprietary features of Exchange Server include Evolution , Hiri and Microsoft Outlook. Thunderbird can access Exchange server via the Owl Plugin. Exchange Web Services (EWS), an alternative to the MAPI protocol, is a documented SOAP -based protocol introduced with Exchange Server 2007. Exchange Web Services is used by

2205-494: Was discontinued in favor of Microsoft Outlook . Exchange Server primarily uses a proprietary protocol called MAPI to talk to email clients , but subsequently added support for POP3 , IMAP , and EAS . The standard SMTP protocol is used to communicate to other Internet mail servers. Exchange Server is licensed both as on-premises software and software as a service (SaaS). In the on-premises form, customers purchase client access licenses (CALs); as SaaS, Microsoft charges

2254-443: Was discovered and exploited relying on a default setting allowing attackers to run arbitrary code with system privileges, only requiring a connection to the server as well as being logged into any user account which can be done through credential stuffing . The exploit relied on all versions of Microsoft Exchange using the same static validation key to decrypt, encrypt, and validate the 'View State' by default on all installations of

2303-519: Was integrated into Windows 2000 as the foundation of Windows Server domains . As of 2020, there have been ten releases. The current version, Exchange Server 2019, was released in October 2018. Unlike other Office Server 2019 products such as SharePoint and Skype for Business, Exchange Server 2019 could only be deployed on Windows Server 2019 when it was released. Since Cumulative Update 2022 H1 Exchange 2019 has been supported on Windows Server 2022. One of

2352-415: Was released, Exchange Client 5.0 was still in development and to be later released as part of Exchange Server 5.0, primarily because Outlook was only available for Windows. Later, in Exchange Server 5.5, Exchange Client was removed and Outlook was made the only Exchange client. As part of Exchange Server 5.5, Outlook was released for other platforms. The original Windows 95 "Inbox" client also used MAPI and

2401-517: Was voted into Top 10 web hacking techniques of 2020 according to PortSwigger Ltd . In 2021, critical zero-day exploits were discovered in Microsoft Exchange Server. Thousands of organizations have been affected by hackers using these techniques to steal information and install malicious code. Microsoft revealed that these vulnerabilities had existed for around 10 years, but were exploited only from January 2021 onwards. The attack affected

#5994