Announcement

Collapse
No announcement yet.

Outlook client configuration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Outlook client configuration

    Dear all,

    Recently I am facing the following issue, and I really need your technical expertise.

    I am supporting IT in a mid-size company and few months ago, I have created an email account for a corporate user, let' say [email protected].

    While configuring the email account of the user to his laptop - uses Outlook 2007 - and because I had some issues with the local ISP, possible port 25 blocking, I made the client configuration, as follows,

    - As POP server, I used the POP server provided by the email provider, and used credentials of the email user, (the one to whom I have created an email account), e.g. pop.domain.com, username: [email protected], password: xxxxxxxxx

    - As SMTP server, I couldn't use the SMTP provided by the email provider, and instead of this, and after some tests, I used another valid SMTP - from another provider - where for SMTP authentication I have passed my credentials, since the email user didnt remember his credentials, e.g. smtp.domain2.com, username: [email protected], password: zzzzzzzz, (userx is a valid email user of domain2).

    Now, the end user noticed this, and he claims that I have access to his email account, (incoming and outgoing)!!!!!

    I am quite shocked from this non-basis and non-provable claim. His only "proof" is a screenshot of the SMTP authentication data on the outlook client.

    Please tell me your technical opinions on this aspect.

    I know that such claims do not have any basis, but I need to have some official proof.

    So any suggestions are quite welcome.

    Thanks

    Sailman72

  • #2
    Re: Outlook client configuration

    Well, given you know the POP3 (incoming) usename and password you could use webmail to view emails before he picks them up and, in theory, you could set up something on the outgoing SMTP server to copy emails to another address....

    But why would you want to? What is he sending/receiving that he is concerned about?

    So basically, you cannot prove a negative and it comes down to trust.

    IMHO all IT staff are in a position that they could see almost anything, without leaving traces behind, and businesses have to trust them not to do that. If they do not trust you, they have only one option available, and if they do not take that option, you should consider your position and decide if this is a company you wish to work for.

    Sorry to sound a bit negative
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Outlook client configuration

      Ask the user to categorically prove that you have had access to his emails.

      If they cannot then its a matter for HR and some sort of meeting to get to the bottom of his/her concerns.

      Is there a policy in place where the user is aware that all email sent via the company email system is monitored? If not then there should be.

      Comment


      • #4
        Re: Outlook client configuration

        Originally posted by Ossian View Post
        Well, given you know the POP3 (incoming) usename and password you could use webmail to view emails before he picks them up and, in theory, you could set up something on the outgoing SMTP server to copy emails to another address....

        But why would you want to? What is he sending/receiving that he is concerned about?

        So basically, you cannot prove a negative and it comes down to trust.

        IMHO all IT staff are in a position that they could see almost anything, without leaving traces behind, and businesses have to trust them not to do that. If they do not trust you, they have only one option available, and if they do not take that option, you should consider your position and decide if this is a company you wish to work for.

        Sorry to sound a bit negative

        Hi and thanks for you comments,

        I do really understand what you are mentioning, but in my case I want to clarify the following, (which were not explicitely specified to the initial post),

        - user had access to change POP3 password settings, and

        - the SMTP that was used for sending emails wasn't any in-house custom SMTP, but it's an SMTP that belongs to a reputative ISP provider, so in any case the IT admin would be able to set sth intermediate to this SMTP.

        Additionally, the user never mentioned that IT admin might be aware of his POP3 password. What he claimed is that, as long as I notice other username (email) for SMTP authentication, then this email has access to my emails!!!!

        For me this case is quite straight forward and as you mentioned its a matter of trust to the IT Department. To me, I will clarify the case, and this company is considered part for me.

        Thx

        Comment


        • #5
          Re: Outlook client configuration

          I read your first post that YOU set up his POP3 email for him and (wrongly) assumed this meant you knew his password --if not, one more plus point for you and one less for him!

          How senior is this person? Enough to cause trouble, or can you ignore them?
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Outlook client configuration

            Originally posted by Ossian View Post
            I read your first post that YOU set up his POP3 email for him and (wrongly) assumed this meant you knew his password --if not, one more plus point for you and one less for him!

            How senior is this person? Enough to cause trouble, or can you ignore them?

            As I originally specified, I setup his email client, both POP3 and SMTP, but POP3 password had been changed from him; (at least, this is what I guess that he did). If he didnt changed it, this is up to the user. But I am not being told about this; his concerns came from user that authenticated the SMTP. From this and only, you can understand his expertise....

            This guy is from the ones that act "on the background", trying to cover their mistakes by throwing "mud" to others!

            The only trouble caused is that I will spent some of my less available time to prove the non-basis of his claims!

            I forgot to mention that I have verbally verified with ISP, (the owner of the used SMTP), that with the outlook configuration that I have specified, there is no chance to have access to email.

            Anyway, that's life!

            Thx for your feedback
            Last edited by sailman72; 5th June 2013, 21:47.

            Comment

            Working...
            X