Announcement

Collapse
No announcement yet.

Any domain user is able to send email to any other on behalf of any other

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Any domain user is able to send email to any other on behalf of any other

    Hi,


    I just discovered that any user in our exchange 2003 SP2 environment can send an email on behalf of any other user to any other user.

    i.e. he opens outlook2007 and then goes to the "from" and then type the name of any other student or teacher or employeee and sends email.

    Could anyone please tell me how to stop this?

    soemthing to do with esmtp, EHLO ?

  • #2
    Re: Any domain user is able to send email to any other on behalf of any other

    Hi,

    I'm fairly new at administrating Exchange - about a year and a half, but at a first glance it sounds like a permission issue to me. Have you checked the Send As permissions?

    Comment


    • #3
      Re: Any domain user is able to send email to any other on behalf of any other

      Spot on flipper. Depending on the revision of Exchange it could be in two places. If Exchange is up to date then the send as permissions can be viewed through the security tab of ADUC, seems likely someone has granted domain users or another group send as rights.
      If the server is unpatched then granting full mailbox access can also give these rights.

      The above of course could mean you have a password exposed somewhere so I would go through changing them all as well.
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: Any domain user is able to send email to any other on behalf of any other

        I have a similar issue - all domain admins (almoste veryone, don't ask...) can send-as other users.

        I tried to apply a deny permission for send-as and receive-as for domain users at th etop of esm, but it doesn't seem to work..
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Any domain user is able to send email to any other on behalf of any other

          Likely because the permission is only applying to that object not to that object + children. Having said that be very careful with setting denys. A good option is to build a VM of Exchange in a test environment and compare it to your live.
          Let's also be careful not to hijack this thread. Amir4u - have you progressed?
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment

          Working...
          X