User List Export

Program file:

ExpEmail.BAT
 

Purpose:

To export the list of local users email addresses from Domino, Exchange 5.5 and Active Directory (for Exchange 2000 and 2003).  This list of valid local addresses can then be imported into Praetor using the MODLIST tool to protect your site's vulnerable Exchange, Domino, or GroupWise mail server from spammers' Reverse NDR attacks.  

The primary method is to use query the LDAP server, though an alternative method exists for Exchange 5.5 sites.

Usage:

ExpEmail <server-type>  <IP-address>

where:

<server-type>

ACTIVEDIR, DOMINO, or EXCH55 (all same case)

 <IP-address>

IP for the Active Directory, Domino or Exchange server.

Example:

ExpEmail activedir 192.168.0.71
ExpEmail EXCH55 192.168.0.10

This batch file calls upon one of three Visual Basic Script files that query the Active Directory, Domino or Exchange server:

  1. GetActDir.VBS

  2. GetDomino.VBS

  3. GetExch55.VBS

The query is performed using the Lightweight Directory Access Protocol (LDAP) and will extract the list of local SMTP addresses.  These exported email addresses are placed into a file AUTO.TXT along with appropriate  MODLIST commands to clear the existing Approved_Local_Addresses list, import, and sort the list.  MODLIST is invoked by specifying this file as a parameter:

MODLISTG2 AUTO.TXT

Once imported by MODLIST Praetor can effectively neutralize the Reverse NDR attack.  Please note that you must enable the Reverse NDR rule and press to put these changes into effect.  Other than saving the rules, Praetor does not need to be stopped and restarted.

Note:

For Exchange Server 200x sites, if the VB script is unable to extract the email addresses associated with your public folders, this is probably because you have them hidden from the Global Address List..

To expose the public folders, use the Exchange System Administrator and view the Public Folder properties and go to the Advanced tab.  From here you can turn off the option to Hide from Global Address List.

 

Recommendations for automating update

Using Control Panel's Scheduled Tasks found in Windows 2000 on the Praetor machine, you can create an automatic task to update the Approved_Local_Addresses list.  CMS suggests that you create edit the G2-Daily.BAT file containing to add the following command invocations:

  1. Invoke cscript with one of the three VBS files as the command parameter, choosing the one appropriate for your server type.  Example:

    cscript GetExch55.VBS     <IP-address>

  2. Invoke MODLISTG2 to update the Approved_Local_Addresses list:

    MODLISTG2 AUTO.TXT

As long as the Reverse NDR rule is enabled, the update will take effect with the very next message received.

 

Non-script alternative for Exchange 5.5 sites

The non-script method involves invoking the Exchange 5.5 administration program with command-line parameters.  The resulting comma-separated value (CSV) file will then be converted using the utility program called MODPREP.EXE..

Here are the steps for this method, assuming Praetor is co-resident with the Exchange server.  If they are not co-resident, then follow the note below.

  1. Create a file called EXPORT.CSV in the Praetor directory which has one line containing the following:

    Obj-Class,E-mail Addresses,Secondary-Proxy-Addresses

    This selects only the relevant items for each recipient in the Exchange Global Address List.

  2. Create an options file called OPTIONS.INI in the Praetor directory which contains:

    [export]
    exportobject=recipients
    informationlevel=full
    subcontainers=yes

    This will cause email addresses associated with distribution lists, local mailboxes, and remote custom recipients to be exported.

  3. From the Praetor directory, invoke the Exchange Administration program (ADMIN.EXE) using the correct path and supply the following parameters:

    <path>\ADMIN /e export.csv /o options.ini

    The path is normally \ExchSrvr\Bin.  The export.csv file will contain the various email addresses and the original empty export.csv will be renamed to export.c## with ## starting at "01".

  4. Invoke ModPrep export.csv , specifying export.csv as the input file.

    This ModPrep program is a special utility that is used specifically to process the exported file from the Exchange v5.5 administration program using the OPTIONS.INI file specified in step 2.  It will generate a resulting output file that contains only the local users' email addresses, one per line, that can be used as input to the ModList Praetor import/export utility program.

  5. Invoke MODLISTG2 AUTO.TXT to update the Approved_Local_Addresses list.

Note:

Since Praetor is not likely to be on the same machine as the Exchange 5.5 server, simply:

  • Copy the two files created in steps 1 & 2 to the location where the Exchange administration program is located.

  • Invoke the ADMIN.EXE in step 3 from its own directory.

  • Copy the output export.csv file to the Praetor machine and directory.

Proceed with the remaining steps 4 and 5 as described above.

 

Full details on the command-line parameters and invocation of the Exchange administration program can be found in various Microsoft KnowledgeBase articles:

 

Overview