Re: OWA and URLScan

From: Mike Brentlinger (mdbrentlinger@hotmail.com)
Date: 04/19/02 

From: "Mike Brentlinger" <mdbrentlinger@hotmail.com>
To: Thor@HammerofGod.com, FOCUS-MS@SECURITYFOCUS.COM
Date: Fri, 19 Apr 2002 13:56:30 -0400

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q309508

more specifically.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q309508#4

----Original Message Follows----
From: "Deus, Attonbitus" <Thor@HammerofGod.com>
To: Focus-MS <FOCUS-MS@SECURITYFOCUS.COM>
Subject: OWA and URLScan
Date: Fri, 19 Apr 2002 07:05:18 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings!

In Exchange2000, emails delivered to one's box are saved as the subject
text with a .EML extension. For instance, this email will be saved in
Exchange2000 folders as "OWA and URLScan.EML"

Outlook Web Access, when reading emails, simply points to this filename in
order to preview or open the message. This email would have a link like
"https://www.domain.com/exchange/UserName/InBox/OWA and URLScan.EML"

By default, the URLScan DenyUrlSequences tag filters stuff like "..", "%",
and "&." So, if I get a message with a subject of "Check this out..." or
"Server Activity up 65%" or "You & Magni" the resultant filenames will
contain the characters that URLScan will filter out, which keeps me from
previewing or opening these emails in OWA.
i.e: ""https://www.domain.com/exchange/UserName/InBox/Check this
out....EML" will filter the ".." as if it were a parent dir tag.

How are those of you running OWA with URLScan working with this? Have you
removed the DenyUrlSequences tags? Is there some method to change the
filename nomenclature on Exchange2000 so that something like a message ID
is used?

I am aware of Q247466 which talks about certain characters in the subject
not working, such as "#" or "?", but that is a different scenario. This is
a URLScan issue...

Comments appreciated.

Cheers,

AD

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPMAkHohsmyD15h5gEQIhrACg8WkTSiL1p7Rro+em8LaLym56xqMAn2oL
loxWrxcpQoorSmXUT44wxja/
=RzvY
-----END PGP SIGNATURE-----

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

Relevant Pages

  • RE: OWA and URLScan
    ... Subject: OWA and URLScan ... emails delivered to one's box are saved as the subject ... Exchange2000 folders as "OWA and URLScan.EML" ... How are those of you running OWA with URLScan working with this? ...
    (Focus-Microsoft)
  • OWA and URLScan
    ... emails delivered to one's box are saved as the subject ... Exchange2000 folders as "OWA and URLScan.EML" ... How are those of you running OWA with URLScan working with this? ...
    (Focus-Microsoft)
  • RE: OWA Access & SMTP
    ... Thank you for posting in SBS newsgroup. ... >From your description, I understand you lose the OWA, Companyweb and send ... emails externally after removing CRM. ...
    (microsoft.public.windows.server.sbs)
  • RE: Webmail does not show my emails
    ... is you can not see any email via OWA or the right pane of OWA is blank. ... As I know, if your Outlook uses POP3 to connect your mailbox, the Outlook ... will download all emails to your local computer, ... Select Microsoft Exchange Server, ...
    (microsoft.public.windows.server.sbs)
  • Re: Moving a domain.
    ... OWA would work all right but I assume the clients want to have access ... your server from the internet). ... "When they send emails though they are sorted by the local Exchange ... By this I mean that the SBS SMTP connector is set to use DNS to route ...
    (microsoft.public.exchange.admin)