How does ESET Mail Security 6 for Microsoft Exchange Server count mailboxes?

Solution

A new version is available

ESET Mail Security for Microsoft Exchange Server (ESMX) version 7.x is available. We highly recommend that you upgrade to the latest version.


ESET Mail Security 6 for Microsoft Exchange Server (EMSX) checks the entire Active Directory of the host Exchange server to determine your total mailbox count. The Monitoring window in ESET Mail Security displays two types of mailbox counts: domain and local:
  • The domain mailbox count reflects the count of all mailboxes in a particular domain to which the Exchange server (on which ESET Mail Security is installed) belongs.
     
  • The local mailbox count reflects the count of mailboxes (if any) for the Exchange server where ESET Mail Security is installed.

Resource mailboxes (for example, a conference room mailbox), email aliases, system mailboxes (used only for internal purposes of Microsoft Exchange Server), and disabled mailboxes are not included in the mailbox count. In a clustered environment, nodes with the clustered mailbox role are not included in the mailbox count. General mailboxes such as "info@", "support@", or "mail@" are counted if they are related to existing physical mailboxes.

A mailbox is not counted if the address is an alias of another mailbox.

Example scenarios for counting domain and local mailboxes

  1. In this example, the abcd.com domain consists of five Exchange Servers (ES):


    Figure 1-1

    If EMSX was installed on the Exchange Server in the HUB role, we would see the following mailbox count in the backend of EMSX:
    domain: 410 (250 + 50 + 50 + 60)
    local: 0

    If EMSX was installed on the Exchange Server (2) in the MAILBOX role, we would see the following mailbox count in the backend of EMSX:
    domain: 410 (250 + 50 + 50 + 60)
    local: 250

    The active mailbox quantity reported for the license used for the EMSX installation(s) would be 410.

  2. In this example, we have two domains–abcd.com and efgh.com–within an active directory. There is a trust relationship between those domains, and the EMSX license is being used in both domains.


    Figure 1-2

    The number of domain mailboxes in domain abcd.com is 410; it is 150 in domain efgh.com.

    If EMSX was installed in domain abdc.com on an Exchange Server (2) occupying the MAILBOX role, we would see the following mailbox count in the backend of EMSX:
    domain: 560 (410 + 150)
    local: 250

    If EMSX was installed in domain efgh.com on an Exchange Server (3) occupying the MAILBOX role, we would see the following mailbox count in the backend of EMSX:
    domain: 560 (410 + 150)
    local: 40

    The active mailbox quantity reported for the license used for the EMSX installation(s) would be 560.

Updates to mailbox counts

The count of domain and local mailboxes displayed in ESET Mail Security is updated approximately every 15-30 minutes.
The active mailbox quantity is reported to ESET License Administrator every 24 hours, or whenever the ekrn service is started again in cases where a restart of the exchange server (on which EMSX is installed) is performed.

How do I determine the amount of Exchange-enabled mailboxes?
To determine how many Exchange-enabled mailboxes you have, you can either use:

  1. The EMSX Mailbox Count tool

    or

  2. Active Directory custom search

A. EMSX Mailbox Count tool

Download the EMSX Mailbox Count tool and run it through the command line (enter the command EMSX_VerifyMailboxCount.exe from the directory where you saved the tool) using one of the following parameters:

/count - displays the number of mailboxes
/names - displays the names of the users
/details - displays a detailed description of each mailbox
/multiline - (together with /details parameter) displays the multiline detailed description

Figure 1-3

B. Active Directory custom search

To determine the number of mailboxes using the Active Directory custom search, open Active Directory users and computers on the server. Right-click the domain and select Find from the context menu. In the Find drop-down menu, select Custom search and then click the Advanced tab. Paste in the following Lightweight Directory Access Protocol (LDAP) query and click Find Now (for Exchange 2013, the health mailboxes are not tallied in the count):

  • (&(objectClass=user)(objectCategory=person)(mailNickname=*)(|(homeMDB=*)(msExchHomeServerName=*))(!(name=SystemMailbox{*))(!(name=CAS_{*))(!(name=HealthMailbox*))(msExchUserAccountControl=0)(!userAccountControl:1.2.840.113556.1.4.803:=2))

Figure 1-4

Why are my resource mailboxes tallied in the Active Directory mailbox count and what can I do about it?

The license verification mechanism in ESET Mail Security retrieves the number of mailboxes from Active Directory and counts all physical mailboxes for Active Directory accounts. If an account with a physical mailbox exists within Active Directory but is disabled, it is not included in the count. If you have resource mailboxes such as a Room mailbox or Equipment mailbox that are not actually being used, but accounts for these are enabled, they will be counted.

Based on the general settings recommendations for managing resource mailboxes, these mailboxes should be configured as follows:

  • Room mailbox: This is a mailbox to be assigned specifically to Meeting Rooms; its associated user account will be disabled in Active Directory.
  • Equipment mailbox: This is a mailbox specific to equipment, (for example, televisions, projectors, etc.). As with a Resource mailbox, this kind of mailbox will create a disabled user in Active Directory.

The ESET Mail Security algorithm does not count mailboxes with disabled accounts.

If the Administrator account is enabled (meaning that a mailbox that can receive email messages is assigned to this account), it could potentially be compromised by malware or an infected email. For this reason EMSX is designed to protect such mailboxes. If this mailbox is not being used, it could be disabled, and thus not counted.

ESET license verification is built only to check valid mailboxes for which an antivirus and antispyware solution should be applied.

Additional resources