Navigation-Menus (Do Not Edit Here!)

Saturday, January 25, 2014

WatchGuard | Email attachments sent through the SMTP-proxy appear as Winmail.dat attachments | Microsoft Outlook

We recently ran in to this issue with a client running watch-guard SMTP proxy with an exchange server sitting behind it.


Attachments on emails get stripped and the notification text file reads as follows

 Watchguard that protects your network has detected a message that may not be safe.   
 Cause : The file type may not be safe.  
 Content type : application/ms-tnef  
 File name    : winmail.dat  
 Virus status : No information.  
 Action: The Firebox deleted winmail.dat.  
 Your network administrator can not restore this attachment.  

As you can imagine affected users were quite pissed off about this and i don't blame them.

What is Winmail.dat

When users of Microsoft Outlook send email in Rich Text format, Rich Text format email messagess are TNEF encoded. This encoding type stores all attachments and formatting information in a file named winmail.dat.


The SMTP-proxy on your XTM device strips some of the headers out of the email that identify it as a Rich Text formatted email. If the email client does not have the header information needed to interpret the winmail.dat attachment, the email client cannot display the proper formatting of the email, and incorrectly displays the attachment as a winmail.dat file.


Start Policy Manager for your XTM device.

Edit the SMTP proxy

Edit The SMTP Proxy Action

From the Categories tree, select Headers.

In the Pattern text box, type each of these patterns and click Add to add them to the Rules list.

  • X-MS-Has-Attach:*
  • X-MS-TNEF-Correlator:*
  • X-MimeOLE:*

From the If matched drop-down list, select Allow.

From the Categories tree, select Content Types.

In the Pattern text box, type application/ms-tnef and click set the action to “allow” (This is important)

From the Categories tree, select Filenames.

In the Pattern text box, type winmail.dat and Set action to allow or AV scan.

Save configuration

Source -

Thursday, January 9, 2014

Exchange 2010 Mailbox PST export - New-MailboxExportRequest

Remember the Export-Mailbox command on exchange 2007??? The main problem I personally had was the annoying outlook requirement. 

With the exchange server 2010 service pack 1 release, M$ introduced a new Cmdlet to export mailboxes on the server. And it does not require outlook.


Step 01 - Mailbox Import Export Role Assignment

Grant the user account permissions to export mailboxes (By default no account has the privileges to export mailboxes)
New-ManagementRoleAssignment -Role "Mailbox Import Export" -User administrator

Step 02 - Setup the Export File Location

We need a network share to export files. (Eg - \\Exch01\PST_export)

The Cmdlet gives an error if you point to a directory directly on the Hardisk (Eg - F:\PST_export)

Create a Shared folder on a server\NAS and grant Exchange Trusted Subsystem user account read/write permissions to the folder

Exporting Mailbox Items with "New-MailboxExportRequest"

Supporting Cmdlets that can be used with MailboxExportRequest

Start the process of exporting a mailbox or personal archive to a .pst file. You can create more than one export request per mailbox. Each request must have a unique name.
Change export request options after the request is created or recover from a failed request.
Suspend an export request any time after the request is created but before the request reaches the status of Completed.
Resume an export request that’s suspended or failed.
Remove fully or partially completed export requests. Completed export requests aren’t automatically cleared. You must use this cmdlet to remove them.
View general information about an export request.
View detailed information about an export request.

In this example

Shared folder name-  PST_export

server name- EXCH01

Share Path -  \\Exch01\PST_export

Mailbox - amy.webber

Folder permissions

For this example we are going to use New-MailboxExportRequest cmdlet with the following parameters :

-baditemlimit 200 -AcceptLargeDataLoss
The AcceptLargeDataLoss parameter specifies that a large amount of data loss is acceptable if the BadItemLimit is set to 51 or higher. Items are considered corrupted if the item can't be read from the source database or can't be written to the target database. Corrupted items won't be available in the destination mailbox or .pst file.

The BadItemLimit parameter specifies the number of bad items to skip if the request encounters corruption in the mailbox. Use 0 to not skip bad items. The valid input range for this parameter is from 0 through 2147483647. The default value is 0.

Exporting the Whole Mailbox

Run the following Cmdlet to initiate the mailbox move request:  New-MailboxExportRequest

New-MailboxExportRequest -baditemlimit 200 -AcceptLargeDataLoss -Mailbox amy.webber -FilePath \\Exch01\PST_export\amy.webber.pst

Exporting the User's Online Archive

If you want to export the user’s online archive to .pst, use the –IsArchive parameter.

New-MailboxExportRequest -baditemlimit 200 -AcceptLargeDataLoss -Mailbox amy.webber  -IsArchive -FilePath \\Exch01\PST_export\amy.webber-Archive.pst

Exporting a Specific Folder

You can export a folder from the users mailbox using the -IncludeFolders parameter

Eg: inbox folder layout-

To export the inbox folder

New-MailboxExportRequest -baditemlimit 200 -AcceptLargeDataLoss -Mailbox amy.webber -IncludeFolders #Inbox# -FilePath \\Exch01\PST_export\amy.webber.pst

Checking the Progress of the Mailbox Export Request

To check the current statues of the mailbox export request use the following cmdlet:

Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

People do crazy stuff scripting with this Cmdlet. Look around in the interwebs for some scripts.

Useful links:

Until next time…