Hijacked? I can see enabling email forwarding opening the door for overloading the server depending on how irresponsible/clueless users are, but how could a server be totally hijacked due to only that being enabled?
Printable View
Hijacked? I can see enabling email forwarding opening the door for overloading the server depending on how irresponsible/clueless users are, but how could a server be totally hijacked due to only that being enabled?
Road:
OWA is "slick"...
It's also proved itself to me to be pretty darned secure, reliable and easy for about 18 months to 2 years now.... I really like it... Yes, it's a "hole" through to the exchange server... and therefore on inwards... and I was very leary over implementing it... But it has proved itself to be pretty solid... So I'll recommend it...
If this is a corporate environment, you've gotta wonder that maybe that functionality was disabled because of policy...
Personally, I would never forward corporate email to external addresses... esp not hotmail/yahoo. Give the guy remote access or use the exchange web client.
Well thats my thoughts anyway... Sorry I can't help with the actual problem...
---
My bad... had this thread open from 1 hour ago only just answered... please disregard!
SMTP server is a full service running on the mail server. You can use internal mailboxes and just manipulate the SMTP commands to take multiple mail boxes say 10, and forward them to literally millions of mailboxes all over the world. Without EVER making it to the outlook client. This will hijack your server because legitimate corporate mail will not get sent. Not to mention it could eat all the network bandwidth so that legitimate users cannot get to the internet. And with that will come thousands if not millions of non delivery reports which will fill up the server hard drive to the point that exchange will not start, the server may not boot and if there isn't a decent backup the entire mail store could be lost through a corrupted exchange log. That is the definition of "hi-jack". ;) In this way someone else tells your mail box to forward mail and controls the mail going through it. Just wait some spam bot will find it.Quote:
Hijacked? I can see enabling email forwarding opening the door for overloading the server depending on how irresponsible/clueless users are, but how could a server be totally hijacked due to only that being enabled?
OWA... Someday. I wouldn't house it off my core though. I would have to segregate the network to feel safe and sleep at night. ;)
But in order to segregate _and_ allow the functionality you have to open almost a dozen ports from the DMZ to the trusted to allow it to work. I'll take the single port, (SSL - 443), direct to the trusted and not have to bother about monitoring so many ports and so many transactions per day... I just feel a little safer having that smaller "choke point".... :)Quote:
I would have to segregate the network to feel safe and sleep at night.
I have been thinking of a cheap DSL line to house OWA. To segregate it a little. Or co-locate a mail server outside my core and connect remotely with only outgoing connections initiated on a new domain.