Everybody with an Internet-faced Microsoft Exchange server, Outlook Web Access (OWA) or Exchange Active Sync (EAS) can consider his or her system as compromised since January. This is reported by security experts like Chris Krebs1 and news magazines like Golem2 or Heise3. In Germany, the BSI has contacted more than 9,000 companies4. The scope of the current security vulnerabilities are comparable to the previous Microsoft major Incidents regarding Eternal-Blue5 and Wannacry6 4 years ago. Read more

Within just a few days, the German EU Representation warns people about phishing emails.1 This is the 4th warning regarding data theft since July 20202 by Reinhard Hönighaus, press spokesman and head of the press and media office. Obviously there is an urgent need for action. In his current warning dated 26.11.2020, only two days after the previous one, he identifies T-Online users as targeted by phishing mails and also provides the explanation: Read more

This weekend I was very active in improving my own security. I have also found two neat tools for quality testing which are Hardenize1 and DNSViz2 - both added to my Micro-Blog post “Measuring website quality”. On my own mailserver I have implemented MTA-STA according to RFC 84613 incl. reporting. This standard is quite new (2018) and is particularly suitable for servers without DANE4. However, even without DANE I believe that I have the best and most complete server by standards (DKIM, SPF, DMARC, MTA-SRA, TLS-RPT, TLS1.3) in the entire Sieger- and Sauerland. Read more

40.000 Companies in Germany affected The BSI (German Federal Authority for Informationsecurity) warns with the second highest level “orange” (= the IT threat situation is mission critical. massive disruption of regular operations) in the public media1. Around 40,000 companies in Germany alone are affected by several critical vulnerabilities because security updates have not yet been installed2. In fact, Heise speaks of playing Russian roulette3. It’s not without reason that I have been warning for several years now about interlocking internal AD and internet functions like Microsoft does deliberatly. Unfortunately many hang their Exchange server directly “in the Internet” including OWA and EAS without any firewalls, mail gateways or reverse proxies. The normal case is totally negligent: Via port forwarding! Read more

One more SME customer (approx. 250 users spread over several nationwide locations) is migrating away from Exchange to free and Open Source solution. With the ready-to-use installation of a new Linux mail server I have provided my very modest contribution. The rest of the user and the data transfer will be done by the customer’s own IT department. Users can continue to work in their familiar Outlook and mobile client environment when the new EAS accounts are rolled out “side-by-side” to the existing onces. From one second to another, the switch can be carried out without hassle or downtime just by reconfiguring the reverse proxy and the mail gateway. Time-consuming, cost-intensive and above all “hard” migration paths are no longer necessary. Read more

I really just wanted to show you this Fnord, which is a very Microsoft-like thing: Well however, you might ask why I am tackling with Outlook 2019, let me please explain. A company with 40 mailboxes has decided to abandon its Exchange server. The following sentence is for all accountants and auditors: We are talking about cost-savings of 15-25% per year! Now everything runs with common internet standards on a Debian 10 with all the comfort and convenience as before: Starting with EAS-ActiveSync for Outlook (sigh if it has to be), a great webmailer, public folders, calendars, contacts and even resources. Here are some more screenshots: Read more