14. maj 2020

Slå Sophos Tamperprotection fra

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SavService\TamperProtection]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config]
"SAVEnabled"=dword:00000000
"SEDEnabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVService\TamperProtection]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection]
"Enabled"=dword:00000000

13. maj 2020

Easy DMARC

Stop Hackers From
Sending Emails From
Your Domain

Protect your business against phishing attacks today

SPF Flattening

100% free SPF flattening with alerting or automatic SPF

https://www.autospf.com/

DKIM på Office365 med Powershell

https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps
https://docs.microsoft.com/en-us/office365/securitycompliance/use-dkim-to-validate-outbound-email#SetUpDKIMO365

http://www.mail-tester.com/spf-dkim-check (Her kan du få navnet på DNS CNAME record - selector1._domainkey.contoso.dk + ***)
https://mxtoolbox.com (tjek dkim opsætning - dkim:contoso.dk:selector1)


Start powershell som administrator, log på og indlæs PS Exchange extensions

Set-ExecutionPolicy RemoteSigned
Log på (O365 tenant credentials)
$UserCredential = Get-Credential

Indlæs PS Exchange extensions
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking

Start dkim konfiguration
New-DkimSigningConfig -DomainName contoso.dk -Enabled $false (sætter dkim til Off - viser fejl hvis det allerede er off) 
Get-DkimSigningConfig -Identity contoso.dk | fl Selector1CNAME, Selector2CNAME           (*** den viser de records der skal oprettes)

Selector1CNAME : selector1-contoso-dk._domainkey.dkcontoso.onmicrosoft.com (navn selector1._domainkey.contoso.dk, FQDN selector1-contoso-dk._domainkey.dkcontoso.onmicrosoft.com)
Selector2CNAME : selector2-contoso-dk._domainkey.dkcontoso.onmicrosoft.com (navn selector2._domainkey.contoso.dk, FQDN selector2-contoso-dk._domainkey.dkcontoso.onmicrosoft.com)

Tilføj DNS records - tjek med http://www.mail-tester.com/spf-dkim-check  (bemærk at det kan tage lang tid før MS's DNS opdateres og brug output fra Get-DkimSigningConfig -Identity contoso.dk | fl Selector1CNAME, Selector2CNAME)

Set-DkimSigningConfig -Identity contoso.dk -Enabled $true
https://mxtoolbox.com (tjek dkim opsætning - dkim:contoso.dk:selector1)


Når færdig
Remove-PSSession $Session

Start DMARC opsætning

28. april 2020

Tjek TLS på mailserver

https://www.checktls.com/

Hvis der er problemer, vil man ofte se at certifikatet er udløbet eller er self-signed




24. april 2020

16. april 2020

Check DKIM Office365

Powershell som administrator

Set-ExecutionPolicy RemoteSigned

winrm get winrm/config/client/auth (skal være Basic = true)

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session -DisableNameChecking


Get-DkimSigningConfig -Identity CONTOSO.DK | Format-List (dit domæne navn)


Remove-PSSession $Session