-
February 22nd, 2006, 12:20 AM
#11
Hijacked? I can see enabling email forwarding opening the door for overloading the server depending on how irresponsible/clueless users are, but how could a server be totally hijacked due to only that being enabled?
-
February 22nd, 2006, 12:24 AM
#12
Road:
OWA is "slick"...
It's also proved itself to me to be pretty darned secure, reliable and easy for about 18 months to 2 years now.... I really like it... Yes, it's a "hole" through to the exchange server... and therefore on inwards... and I was very leary over implementing it... But it has proved itself to be pretty solid... So I'll recommend it...
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
February 22nd, 2006, 12:25 AM
#13
If this is a corporate environment, you've gotta wonder that maybe that functionality was disabled because of policy...
Personally, I would never forward corporate email to external addresses... esp not hotmail/yahoo. Give the guy remote access or use the exchange web client.
Well thats my thoughts anyway... Sorry I can't help with the actual problem...
---
My bad... had this thread open from 1 hour ago only just answered... please disregard!
-
February 22nd, 2006, 12:36 AM
#14
Hijacked? I can see enabling email forwarding opening the door for overloading the server depending on how irresponsible/clueless users are, but how could a server be totally hijacked due to only that being enabled?
SMTP server is a full service running on the mail server. You can use internal mailboxes and just manipulate the SMTP commands to take multiple mail boxes say 10, and forward them to literally millions of mailboxes all over the world. Without EVER making it to the outlook client. This will hijack your server because legitimate corporate mail will not get sent. Not to mention it could eat all the network bandwidth so that legitimate users cannot get to the internet. And with that will come thousands if not millions of non delivery reports which will fill up the server hard drive to the point that exchange will not start, the server may not boot and if there isn't a decent backup the entire mail store could be lost through a corrupted exchange log. That is the definition of "hi-jack". In this way someone else tells your mail box to forward mail and controls the mail going through it. Just wait some spam bot will find it.
OWA... Someday. I wouldn't house it off my core though. I would have to segregate the network to feel safe and sleep at night.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
February 22nd, 2006, 12:43 AM
#15
I would have to segregate the network to feel safe and sleep at night.
But in order to segregate _and_ allow the functionality you have to open almost a dozen ports from the DMZ to the trusted to allow it to work. I'll take the single port, (SSL - 443), direct to the trusted and not have to bother about monitoring so many ports and so many transactions per day... I just feel a little safer having that smaller "choke point"....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
February 22nd, 2006, 03:52 AM
#16
I have been thinking of a cheap DSL line to house OWA. To segregate it a little. Or co-locate a mail server outside my core and connect remotely with only outgoing connections initiated on a new domain.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|