Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get-ORCAReport stalls at - Getting MX Reports for all domains #126

Closed
dcaddick opened this issue Dec 14, 2020 · 3 comments
Closed

Get-ORCAReport stalls at - Getting MX Reports for all domains #126

dcaddick opened this issue Dec 14, 2020 · 3 comments
Labels
wontfix This will not be worked on

Comments

@dcaddick
Copy link

Hi Cam,

Awesome tool BTW, but currently checking on large Edu tenant and getting stalled at:
Getting MX Reports for all domains - consistently stopping here for 30 - 50 mins plus

12/14/2020 15:23:50 Getting Anti-Spam Settings
12/14/2020 15:23:53 Getting Tenant Settings
12/14/2020 15:23:54 Getting Anti Phish Settings
12/14/2020 15:23:55 Getting Anti-Malware Settings
12/14/2020 15:23:56 Getting Transport Rules
12/14/2020 15:23:58 Getting ATP Policies
12/14/2020 15:23:59 Getting Accepted Domains
12/14/2020 15:24:00 Getting DKIM Configuration
12/14/2020 15:24:01 Getting Connectors
12/14/2020 15:24:01 Getting MX Reports for all domains

Tried running Get-ORCAReport -Collections Get-AcceptedDomain more or less to try "something" and it seemed to get past it - but now reporting that ATP is not installed in Tenant?

12/14/2020 15:50:17 Performing ORCA Version check...
12/14/2020 15:50:26 Analysis - Anti-Spam Policies - Anti-Spam Policy Rules
12/14/2020 15:50:26 Analysis - Anti-Spam Policies - Safety Tips
12/14/2020 15:50:26 Analysis - Anti-Spam Policies - Phish Action
12/14/2020 15:50:26 Analysis - Anti-Spam Policies - Bulk Complaint Level
12/14/2020 15:50:26 Analysis - Anti-Spam Policies - High Confidence Spam Action
12/14/2020 15:50:26 Analysis - Anti-Spam Policies - Allowed Senders
12/14/2020 15:50:26 Analysis - Anti-Spam Policies - Bulk Action
12/14/2020 15:50:27 Analysis - Anti-Spam Policies - IP Allow Lists
12/14/2020 15:50:27 Analysis - Anti-Spam Policies - Domain Whitelisting
12/14/2020 15:50:27 Analysis - Anti-Spam Policies - Quarantine retention period
12/14/2020 15:50:27 Analysis - Anti-Spam Policies - Outbound spam filter policy settings
12/14/2020 15:50:27 Analysis - Anti-Spam Policies - High Confidence Phish Action
12/14/2020 15:50:27 Analysis - Anti-Spam Policies - Mark Bulk as Spam
12/14/2020 15:50:27 Analysis - Anti-Spam Policies - Spam Action
12/14/2020 15:50:27 Analysis - Anti-Spam Policies - Advanced Spam Filter (ASF)
12/14/2020 15:50:27 Analysis - Anti-Spam Policies - End-user Spam notifications
12/14/2020 15:50:27 Analysis - Connectors - Domains
12/14/2020 15:50:27 Analysis - Connectors - Enhanced Filtering Configuration
12/14/2020 15:50:27 Analysis - DKIM - Signing Configuration
12/14/2020 15:50:27 Analysis - DKIM - DNS Records
12/14/2020 15:50:27 Analysis - Malware Filter Policy - Malware Filter Policy Policy Rules
12/14/2020 15:50:27 Analysis - Malware Filter Policy - Internal Sender Notifications
12/14/2020 15:50:27 Analysis - Malware Filter Policy - Common Attachment Type Filter
12/14/2020 15:50:27 Analysis - Malware Filter Policy - External Sender Notifications
12/14/2020 15:50:27 Analysis - Tenant Settings - Unified Audit Log
12/14/2020 15:50:27 Analysis - Transport Rules - Domain Whitelisting
12/14/2020 15:50:27 Analysis - Zero Hour Autopurge - Zero Hour Autopurge Enabled for Malware
12/14/2020 15:50:27 Analysis - Zero Hour Autopurge - Zero Hour Autopurge Enabled for Phish
12/14/2020 15:50:27 Analysis - Zero Hour Autopurge - Zero Hour Autopurge Enabled for Spam
12/14/2020 15:50:27 Analysis - Zero Hour Autopurge - Supported filter policy action
12/14/2020 15:50:27 Generating Output
12/14/2020 15:50:27 Output - HTML
12/14/2020 15:50:28 Complete! Output is in C:\Users......
ORCA--202012141550.zip
@dcaddick
Copy link
Author

Just checked in other parts of the Admin console - this customer has 149 different domains (Schools) - guessing this might be a limitation somewhere?

@cammurray
Copy link
Owner

Hey @dcaddick - yeh, the speed of ORCA for tenants with a large amount of domains went down drastically after the addition of the enhanced filtering/skip listing check. This is because that check needs to know if the MX is pointed to EOP or a third-party, and it uses the Get-MxRecordReport command to do that, which can take a minute or so per domain.

We could, either:

  1. Have an option to disable the check
  2. Instead of using the Get-MxRecordReport command, poll the MX records directly on the client. The issue here though is that quite a few customers have split DNS configured with an internal zone for their domains (so the MX record on the polling client may not be accurate). This is the least favorite option because it will generate false positives.

@cammurray cammurray added the enhancement New feature or request label Feb 5, 2021
@cammurray
Copy link
Owner

Closing this out, because it's expected that the Get-MXReport will take a long time when there are a large qty. of domains - and it's outside the control of ORCA (that's something to do with Exchange Online itself). The MX reports are required for SPF, DKIM, Enhanced Filtering checks, etc, so it's not something I think we want to bypass.

@cammurray cammurray added wontfix This will not be worked on and removed enhancement New feature or request labels May 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dcaddick @cammurray