mattscott.org Here we go again!

20Nov/102

HP ePrint Address Alias Using Exchange 2010 Transport Rules

The other day my company put on a day of presentations for our customers to celebrate our 10th anniversary.  As one of the technology demos we showed off one of the new web-connected printers from HP.  One thing we didn't care for was the crazy HP ePrint email address.  If we wanted to make it easy for our customers to try printing from their mobile devices we couldn't very well make them type in <string of random chars>@hpeprint.com all the time.

So we decided that we'd just create a mailbox rule on our Exchange 2010 server that would forward the message to the ePrint email address generated by HP.  This didn't work at all.

Due to what are probably sensible anti-spam precautions the messages were rejected.  I suspect that when the message headers were analyzed the didn't pass muster bouncing through another mailbox like that.

I thought about it and decided this may be a place to try using Exchange Transport Rules.

We kept the Exchange mailbox, eprint@<domain>.com.  This may or may not not be strictly necessary but given the fact that our spam filtering service gets the list of accepted email addresses from Active Directory we did need it in our case.

In the Exchange Management Console I went to Hub Transport under Organization Configuration.  From there I went to the Transport Rules tab and I created a new rule.

In Step 1 I checked the "sent to people" box and entered the value eprint@<domain>.com address.  I wanted to make sure that rule was only applied to messages I intended to print.

In Step 2 I checked the "remove header" box and set it to remove the "To" header.  I also checked the "add a recipient to the To field addresses" and the "redirect the messages to addresses" box and entered the ePrint email address as the value in both of those fields.

It ended up looking like this:

Transport Rule

Transport Rule for ePrinting

I didn't enter any exceptions in the last window of the wizard.

At this point I sent a test message to the new address and the message printed perfectly.  It simplified things for the customers at our tech fair and they were able to very easily test what seems to be a very desirable printing feature for many of them.

Enjoy!

4Oct/090

AT&T Uverse vs. Aastra 55i

Several months ago we switched from AT&T DSL to AT&T Uverse at my home. It offered "cable" TV and quick Internet for a price that worked or us. Uverse also offers its own VoIP service but we declined that part of the service in favor of using a 3CX remote extension using a Sipura SPA3000 that I bought a few years back.In my experience so far, Uverse is not a Voip-friendly provider unless you use their service. For one, you are stuck with their gateway box. Yes, you can use the "DMZPlus" mode to add your own firewall into the mix but it's far from perfect. I did manage to get my SPA3000 to work. The Aastra 5xi series of phones doesn't have as many NAT traversal options however so it wasn't quite as easy.

First I went to the Global SIP screen and set things up in the usual way so that the phone had the information needed to register to the PBX, etc.

This would work great if the phone could route directly to the PBX and back again but with Network Address Translation occurring on my end throws a monkey wrench into the works when it comes to SIP and RTP.

So next I looked on the Network settings. This is where all of the NAT options live. With typical cable or DSL service, I'd just set a STUN server, maybe check the Rport box and go. In the case of the Uverse 2Wire Residential Gateway, however no combination of these options that I tried worked.

So in the end it seemed necessary to take a look at the available settings on the 2Wire device and see what my options were. There weren't many.

I ended up explicitly allowing the UDP ports that the phone uses. On the Uverse gateway. Here are the steps:

First I went to the Firewall tab and then Firewall Settings. I selected the phone from the Computer drop down and selected "Allow individual application(s)" like so.

Next, I clicked Add a new user-defined application and created a user-defined app as below.

The phone sends and receives RTP traffic on ports beginning with UDP 3000. I opened up ten ports allowing for five simultaneous calls. This seemed like more than enough for my purposes.

When I was done I clicked "Add Definition" and then the new user-defined app was ready to go. I Selected it on the following page, clicked Add, and then Done. After that the phone worked great.

What I did find odd is that I didn't need to define a stun server on this phone to get it to work in this situation. The 2Wire residential gateway must do some sort of manipulation of SIP packets because from what I could tell all of the fields looked correct with the appropriate public IPs in the right places.

It's unfortunate that the phone couldn't be made to work without making changes to the firewall. But something with the way that the 2Wire handles RTP seems to make it necessary.

Enjoy!

Matt

28May/081

Automatic Proxy Detection/wpad.dat

I recently had the opportunity to setup Automatic Proxy Detection for a customer. I'd never taken the time to figure it out before. It worked in both IE and Firefox and was kinda neat.

It turns out that when you start your web browser and you have automatic proxy detection enabled it attempts to find a file at the URL http://wpad.yourdomain.tld/wpad.dat. In my case it would try for http://wpad.mattscott.org/wpad.dat. If that file is found it runs the javascript in it and sets the proxy settings to however they are defined in the wpad.dat file. Here's what we did. I'm using example.com as my domain to protect the guilty.

Create a DNS Record

We created a CNAME for wpad.example.com that pointed to a web server. In this case a Microsoft Small Business Server 2003 running IIS. An A record would work okay too but given the fact that this will probably never be a server's primary name record a CNAME made sense to me.

Create wpad.dat

Now you need to create your wpad.dat file. We found several examples on the web. Here's an example. Google can help you find more:

function FindProxyForURL(url, host)

{

if (shExpMatch( host, "192.168.1.*" )

|| shExpMatch( host, "127.*" )

|| shExpMatch( host, "localhost" )

|| shExpMatch( host, "*.example.com" )

|| isPlainHostName( host )

|| dnsDomainIs( host, ".example.com" )) {

return "DIRECT";

}

return "PROXY proxy.example.org:8080;";

}
The first section inside the if block tells the browser to connect to the destination server directly if one of those conditions are met. You'd normally do this to bypass your proxy for a host on the local LAN. The second section is where you define the proxy for use with everything else. It's just a javascript function so you could probably go pretty crazy with the thing if you wanted to.

Once you've created your file copy it to the root of your web server. One thing that we noticed was that IIS wouldn't server the file initially because it didn't have a mime type for a .dat file. So we added a mime type of application/x-ns-proxy-autoconf for .dat files and we were good to go.

Create a DHCP Scope Option

The last thing we did was create an option in our DHCP scope to define where your wpad.dat file is. I don't believe his isn't strictly necessary since a machine should generally attempt to connect to a host called wpad in its own domain. I see it as a good idea though because you might run into issues if you ever have guest machines on your network or if you are using some sort of split DNS tunneling over a VPN client or something like that. It was a recommended step so we did it in DHCP on a Windows Small Business Server 2003.

Create an Option 252 Entry in DHCP

To create an Option 252 entry in DHCP, do the following.

1.

Click Start, point to Programs, point to Administrative Tools, and then click DHCP.

2.

In the console tree, right-click the applicable DHCP server, click Set Predefined Options, and then click Add.

3.

In Name, type WPAD.

4.

In Code, type 252.

5.

In Data type, select String, and then click OK.

6.

In String, type http://Computer_Name:Port/wpad.dat where:

Computer_Name is the fully qualified domain name of the web server computer.

Port is the port number on which automatic discovery

information is published. You can specify any port number. By default it uses port 80.

7.

To add the option to the scope right-click Scope options,under the scope you want to add it to and then click Configure options.

8.

Confirm that the Option 252 check box is selected.

Unless I left something out, that about does it. All you should have to do is to check the Automatic Proxy Detection box in your browser and you should be good to go. In Internet Explorer you can sort of push this setting down via GPO. Of course it's one of those whacked out policies that users can mess with if they know how. In Firefox I am not aware of a way to automate this but I'm sure somebody's written something.

Enjoy!