Mine messages in exchange server - exchange-server

I am trying to find out if there is way to inspect all messages that are flowing through an exchange server for mining purposes. I came across exchange server web services, but not sure how to use them. Is there anyway I can get a copy of all the email messages that are flowing though an exchange server?

EWS has several mechanisms to subscribe to mail events on the server, i.e. 3 types of notifications plus a synchronization mechanism. However, I don't think this would scale well to trapping everything flowing through the server. For one thing, subscriptions target individual folders within the Exchange store, not the entire store. For another, EWS requires authorization for each mailbox you want access to. Lastly, the volume of events generated by an enterprise-size Exchange server would overwhelm any single process, and thus your app would have to scale out as needed.
Assuming proper authorization, you might be able to browse through each mailbox on the server at a particular interval, however this would need to be done with restraint so as not to hit the EWS's throttling limits. And this could potentially miss things that came and went in between browses.

If you only need to get a copy of all messages, there are various ways to do this.
Recommended would be to create either a transport rule, or a journal rule to direct mail to another mailbox.
EWS scripting can be complex and is certainly not needed on Exchange server to receive a copy of all in and outbound messages.
Additionally, if you need to get a copy of all messages in User mailboxes as well (to archive for prep to move forward with a journalling service, say), then there also are Powershell commands you can use with ExMerge creds to export to pst. (New-MailboxExportRequest is scriptable, say)

Related

Is there a way to connect to Exchange Online using Logic Apps? Do I need to use a REST-api or EWS?

i'm quite new to Logic Apps. I got the task to make an auto reply function within Logic Apps that integrates with Exchange Online. Now I already performed this task using Outlook, but I have to be able to apply it to multiple mailboxes or even the entire company using Exchange. I'm about to get access to the Exchange Admin Center soon, but I don't really know how to start due to the fact that there is no simple way to make a connection to Exchange using Logic Apps. After some research, I think it's necessary for me to somehow make use of a REST API (I also read about the use of Exchange Web Services) to get the information I need, but my knowledge about this is quite small. I guess I'm gonna have to use a program like Postman to request information, so that I can start creating Custom Connectors to Exchange. If anybody has some understanding about this, feel free to reply and help me out! I will forever be gratefull!
There are several different approaches you could take to this if you (or probably they in your case) want your logic app to do all the work then you should use the Graph API rather then EWS (while its possible because its older API you'll loose marks on your assignment) have a look at http://martink.me/articles/using-microsoft-graph-in-logic-apps which covers the basics of what to do. To Get access to mailboxes tenant wide then you need to assigned Application Permission and get certificate (and store that in the KeyVault on Azure etc).
You can do this using Inbox Rules https://learn.microsoft.com/en-us/graph/api/mailfolder-post-messagerules?view=graph-rest-1.0&tabs=http and the Exchange Server will do all the work when it comes to doing the Auto-response (and has loop detection logic already) and your logic app then just need to do the Creation and management of the Rules.
But I would suggest you clarify with the person who assigned you the task whether they want the logic app to do the response (eg using the Graph API) or if its okay for the Exchange Server to do this for then (which should be more reliable).
You can also create Rules via the Exchange Admin Center and you could probably also through in Power Automate into the mix to do Autoresponse's so I'd clarify what they want so you don't waste time building something they don't want.

Exchange Server Global Events

I'm looking to mirror contacts added to exchange in a separate system. I'd like to do this as contacts are added if possible.
I've seen some listeners available in the API I can use, but those look like they're on a user basis. To use them I think I'd have to have an instance open for every user and I believe they also only remain open for 30 minutes.
Is there anyway to get a notification whenever any user adds a contact to exchange?
No there is no such thing as global events in Exchange (not since 2007 anyway) the closest would be Transport agents but these are only useful for items that are traversing the Transport Pipeline. The application your developing will need to deal with things on a Mailbox by Mailbox basis.
Cheers
Glen

Server/Client legals

So I want to create some sort of anonymous chat application. The model includes a single server (centralized) and multiple clients.
The server takes no records of the chat and also no records of who has connected amd such to maximise privacy the messages are also encrypted. You get the idea.
Now, my question was: say someone sent a link to a warez site or something deemed somewhat questionable or outright illegal. Who would get into trouble? The server owner or the client? Take into account that the server only provides a means to communicate between clients and holds no information other than the brief time it needs to receive and send.
Same thing with bots connecting to the server and using it for a communication portal for a botnet.
Thanks in advance.

Implications of allowing users to email content and attachments to a server

I have implemented a feature in my application that allows registered users to send an email to a gmail account, which my server polls using Spring Integration, and then if it recognises the sender, stores the subject and body content in a database (via JPA).
I also want to allow users to be able to send files as attachments to these emails which I plan to store on AWS.
I'm sure there must be security implications with both of these features, but I'm not aware of what they might be.
So my question is, what are the security implications of allowing users to store email content in my DB and attached files on AWS?
TIA
You could have some problems when you will have many emails to process using a single email account (probably not a problem at the beginning). Also making yourself dependent on an external email provider may sound for you clients really unreliable (depending on your clients/business). Also someone could eat up all your space on gmail by sending too many emails that don't get deleted on time. Also when storing the files in AWS you must store the files with random filenames. Probably you will have to read some tutorials for that.

SMS alerting to respond to error situations faster

What is the easiest way to set up an SMS alerting system so that I will receive notification if my server doesn't respond or a GET query doesn't return correct content?
You can completely outsource the monitoring and alerting, for example by subscribing to Pingdom. The most basic Pingdom plan will monitor up to 5 services (including using HTTP GETs with optional content pattern matching) and send an SMS after a configurable amount of downtime.
If you want to roll your own solution, the first thing to get right is the monitoring software. Many, many third party solutions exist for this, from the free to the outrageously expensive. Of course, rolling your own "try a GET and do something if it doesn't work" script is always an option, but as with all software, feature creep may mean that you're just re-implementing existing solutions soon...
For the SMS notification, using an e-mail-to-SMS gateway might work for you, if you're in a territory well-served by such services. Most US providers, for example, provide free gateways, whereas in Europe they tend to be run by third parties and pay-only. As already suggested, Google is your friend here. Also, your monitoring tool may support sending notifications directly using a cellphone/GSM modem attached to the monitoring server.
Often I've found that what you need is a SMS modem attached directly to your monitoring server. What if the problem is the network connection?
What you want is an SMS gateway. There are surely some service providers local to you. Unfortunately, they are a bit hard to find. Try asking Google...
You can get a service like http://www.serviceuptime.com/ and the send an email to your-number#a-domain-your-provider-gives They usually have the exact domains for the providers on their respective websites but you could just try #t-mobile.com if your provider is t-mobile for example.
If you want to write your own tool should be pretty straightforward - send GET request if you dont get the expected response send email. You should run it from 2 different locations from 2 different ISPs tho because if there are routing problems and the request doesnt go through you'll get smsed

Resources