Exch2007: Server-side mailbox rules still run with account disabled

  • Thread starter Peter Venkman
  • Start date Views 2,476
Status
Not open for further replies.
P

Peter Venkman

Hi,

It looks like this may be alarming be an alarming flaw in Exchange

security at least for my company's processes in regards to term'ed

employee mailboxes. If somebody sets up a server-side rule that

forwards all their incoming to an external address, that rule stays

active even after disabling the mailbox. Is there a way to prevent

this globally, or are we going to need to manually go into every

single mailbox of people who leave the company and clear rules?

Thanks.

PVD
 
M

M

Hello:

You can disallow automatic forwarding of e-mails to external addresses

globally, but I'm not aware of anything to automatically delete or disable

rules when an account is disabled.

There's a legitimate reason for allowing rules on disabled

accounts/mailboxes. If you set up a resource mailbox (which has a disabled

AD account), you might need to set up some rules on that.

Regards,

M

MCTS, MCSA

http://SysAdmin-E.com

"Peter Venkman" <pauldi@iona.com> wrote in message

news:0130ecc4-d662-4222-b3ef-4becfa00d715@b35g2000yqi.googlegroups.com...
> Hi,

> It looks like this may be alarming be an alarming flaw in Exchange
> security at least for my company's processes in regards to term'ed
> employee mailboxes. If somebody sets up a server-side rule that
> forwards all their incoming to an external address, that rule stays
> active even after disabling the mailbox. Is there a way to prevent
> this globally, or are we going to need to manually go into every
> single mailbox of people who leave the company and clear rules?
> Thanks.

> PVD
 
R

Rich Matheisen [MVP]

On Fri, 25 Jun 2010 11:16:08 -0700 (PDT), Peter Venkman

<pauldi@iona.com> wrote:


> It looks like this may be alarming be an alarming flaw in Exchange
> security at least for my company's processes in regards to term'ed
> employee mailboxes. If somebody sets up a server-side rule that
> forwards all their incoming to an external address, that rule stays
> active even after disabling the mailbox. Is there a way to prevent
> this globally, or are we going to need to manually go into every
> single mailbox of people who leave the company and clear rules?
> Thanks.


Delete the mailbox. Done!

-
Rich Matheisen

 
M

mikee

Re: Exch2007: Server-side mailbox rules still run with account di

What if you set the send/receive mail settings to zero on the users profile,

would that prevent emails from being forwarded via a rule?

"Rich Matheisen [MVP]" wrote:


> On Fri, 25 Jun 2010 11:16:08 -0700 (PDT), Peter Venkman
> <pauldi@iona.com> wrote:
>
> >It looks like this may be alarming be an alarming flaw in Exchange
> >security at least for my company's processes in regards to term'ed
> >employee mailboxes. If somebody sets up a server-side rule that
> >forwards all their incoming to an external address, that rule stays
> >active even after disabling the mailbox. Is there a way to prevent
> >this globally, or are we going to need to manually go into every
> >single mailbox of people who leave the company and clear rules?
> >Thanks.


> Delete the mailbox. Done!
> -> Rich Matheisen
>
> .
>
 
J

John

Re: Exch2007: Server-side mailbox rules still run with account di

enable teh user account. Change teh password. log in as that

user....delete rules.

Disable teh account.

"mikee" <mikee> wrote in message

news:32024EE8-D142-4248-8C2A-1568F321375A@microsoft.com...
> What if you set the send/receive mail settings to zero on the users
> profile,
> would that prevent emails from being forwarded via a rule?

> "Rich Matheisen [MVP]" wrote:
>
> > On Fri, 25 Jun 2010 11:16:08 -0700 (PDT), Peter Venkman
> > <pauldi@iona.com> wrote:
> >
> > >It looks like this may be alarming be an alarming flaw in Exchange
> > >security at least for my company's processes in regards to term'ed
> > >employee mailboxes. If somebody sets up a server-side rule that
> > >forwards all their incoming to an external address, that rule stays
> > >active even after disabling the mailbox. Is there a way to prevent
> > >this globally, or are we going to need to manually go into every
> > >single mailbox of people who leave the company and clear rules?
> > >Thanks.

>

>> Delete the mailbox. Done!
> > -> > Rich Matheisen
> >
> > .
> >
 
P

Peter Venkman

Re: Exch2007: Server-side mailbox rules still run with account di

Thanks all.

As for the legitimate reason for allowing rules on mailboxes, I'd

agree. Resource mailboxes should certainly allow rules to be run

while disabled. User mailboxes... I don't agree with. Since

Exchange 2007 differentiates between the two, I see it as a flaw.

Thanks for the rest of suggestions. We have Forefront, so we can

filter outgoing mail through a blocked sender list. It just adds an

extra step to the term process. Unfortunately, we have to keep them

disabled but not deleted per company policy for 30 days and some have

server-side forwarding in place to managers/replacements.

PVD
 
P

Peter Venkman

Re: Exch2007: Server-side mailbox rules still run with account di

Thanks all.

As for the legitimate reason for allowing rules on mailboxes, I'd

agree. Resource mailboxes should certainly allow rules to be run

while disabled. User mailboxes... I don't agree with. Since

Exchange 2007 differentiates between the two, I see it as a flaw.

Thanks for the rest of suggestions. We have Forefront, so we can

filter outgoing mail through a blocked sender list. It just adds an

extra step to the term process. Unfortunately, we have to keep them

disabled but not deleted per company policy for 30 days and some have

server-side forwarding in place to managers/replacements.

PVD
 
P

Peter Venkman

Re: Exch2007: Server-side mailbox rules still run with account di

Thanks all.

As for the legitimate reason for allowing rules on mailboxes, I'd

agree. Resource mailboxes should certainly allow rules to be run

while disabled. User mailboxes... I don't agree with. Since

Exchange 2007 differentiates between the two, I see it as a flaw.

Thanks for the rest of suggestions. We have Forefront, so we can

filter outgoing mail through a blocked sender list. It just adds an

extra step to the term process. Unfortunately, we have to keep them

disabled but not deleted per company policy for 30 days and some have

server-side forwarding in place to managers/replacements.

PVD
 
Status
Not open for further replies.
Top