Outlook/Exchange

From: brian (focus-ms@tracking.zerobelow.org)
Date: 03/20/02 

Date: Wed, 20 Mar 2002 14:21:19 -0800 (PST)
From: brian <focus-ms@tracking.zerobelow.org>
To: focus-ms@securityfocus.com

Hi all,

A company I work for uses outlook mail clients on w2k desktops to an ms
exchange 5.5 server on nt4. We are trying to implement a software package
which monitors e-mail policies on e-mail traffic inside the network, but
unfortunately, the filter only speaks smtp at the current time. I have
configured the desktops to have both exchange and pop mail services, and
then configured outlook to send primarily via the internet mail service,
but to only retrieve mail via the exchange service. The smtp server is the
mail policy monitor, and the pop server just gets set to 127.0.0.1 as it
is not used.

This configuration now works such that if an internal user sends mail to
'user@otherdomain.com' it goes through the policy manager first. If the
user sends mail to 'nonexistentuser@mydomain.com', then it also goes
through the policy manager. But, if the mail is sent to 'joe@mydomain.com'
(where joe is a valid mail account), the address book resolves this to the
name 'Joe Schmoe' and then resolves that to the Exchange address entry,
and sends the message directly to the exchange server, bypassing the smtp
configuration. The interesting thing is that this behaviour also happens
if i remove the exchange service from the client entirely, but leave the
address book function...(Also, I removed all but the SMTP addresses from a
user via the Exchange administrator, and still received the same result).

Does anyone have any ideas for:
1. How to force the exchange client to send via smtp to a host different
than the recieve mail.
2. How to force the exchange client address book to use the smtp address
rather than the exchange address?
3. Eventually, I will need to prevent the server from allowing internal
users to send mail directly bypassing the polciy manager.

--brian

Relevant Pages

  • [NT] Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (MS03-046)
    ... Get your security news from a reliable source. ... In Exchange Server 5.5, a security vulnerability exists in the Internet ... an unauthenticated attacker to connect to the SMTP port on an Exchange ...
    (Securiteam)
  • RE: SMTP error (only from Outlook)
    ... This issue appeared on specify user or all SMTP clients? ... If yes, in Exchange System ... Is there any local bridgehead server listed in "Local ... to over three dozen open relay block lists. ...
    (microsoft.public.windows.server.sbs)
  • RE: strange email errors
    ... you to check the relay configuration on the SBS server. ... please restart the SMTP virtue server and Exchange ... Please also refer to the following steps to create a new SMTP Connector to ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange issues
    ... Are you up to date on all your Service Packs, both Windows and Exchange? ... > all traffic on port 25 to the SBS Exhange server. ... I suspected SMTP relaying becuase ... > You should verify that the server really isn't an open relay: ...
    (microsoft.public.exchange2000.admin)
  • Filtering email on ISA
    ... Unless you choose to create a new IIS SMTP Virtual ... Server, ordinarily you will want to Server Publish ... directly to the Exchange SMTP, ...
    (microsoft.public.isa)