Exchange security problems

Exchange security problems

Post by Little Bea » Sat, 13 Sep 1997 04:00:00



 Recently a user on my system sent some mail to a user on America Online.
Somehow that User was able to get personal information from the exchange
profile by going thru the switchboard. I do not have AOL and do not know how
this was done. Is the global address book for exchange this wide open? How
do I prevent this from happening?

 
 
 

Exchange security problems

Post by Morrison, Philip J » Sat, 13 Sep 1997 04:00:00


 You need to review what LDAP is publishing for anonymous users.  Open
Exchange Administrator and go tp Site/Configuration/Protocols/LDAP.  here
you can turn off anonymous if you don't want it.  If you want anonymous
access but just not that much, you can go to Site/Configuration/DS Site
Configuration and click the attributes tab.  This will allow you to turn off
the things you don't want visible.

--Philip J. Morrison, Jr. MCP


Quote:> Recently a user on my system sent some mail to a user on America Online.
>Somehow that User was able to get personal information from the exchange
>profile by going thru the switchboard. I do not have AOL and do not know
how
>this was done. Is the global address book for exchange this wide open? How
>do I prevent this from happening?


 
 
 

Exchange security problems

Post by Anthon » Tue, 16 Sep 1997 04:00:00


Can you provide more detail on exactly what happened?
--
Anthony



Quote:>  Recently a user on my system sent some mail to a user on America Online.
> Somehow that User was able to get personal information from the exchange
> profile by going thru the switchboard. I do not have AOL and do not know
how
> this was done. Is the global address book for exchange this wide open?
How
> do I prevent this from happening?

 
 
 

Exchange security problems

Post by Ed Woodric » Tue, 16 Sep 1997 04:00:00


Little,

If the server is protected from the outside world, there is no way that
the information is available. If the server sits on the Internet, then
some information is available via LDAP. But if you mention that they
"went through the switchboard" are you saying that the front desk
operator gave out the information?

More than likely, a lot of the information on the user is available from
other sources, 411 and other directories are available as well as
numerous other types of sources.

Just what type of "personal" information was giving out? If it is
something that is indeed personal, then why is it in your system?

Ed Woodrick
EDCOM

> -----Original Message-----

> Posted At: Friday, September 12, 1997 5:23 AM
> Posted To: exchange.admin
> Conversation:      Exchange security problems
> Subject:   Exchange security problems

>  Recently a user on my system sent some mail to a user on America
> Online.
> Somehow that User was able to get personal information from the
> exchange
> profile by going thru the switchboard. I do not have AOL and do not
> know how
> this was done. Is the global address book for exchange this wide open?
> How
> do I prevent this from happening?

 
 
 

1. Exchange security problem

Hi,

Our organisation has two exchange sites, one located in
France and the other located in London. In our France
office, we HAD two exchange servers, lets call them ML01
and ML02. ML01 was installed as the first exchange server
in the organisation and ML02 followed. In London, we have
ML03 as the 3rd server.

A few months ago, ML01 started doing something that
appeared to be a hardware fault. The admin located in
France moved all the mailboxes from ML01 to ML02 and
unmounted the stores on ML01.

All the services, incomming mail etc. was manually change
to ML02 and the entire mail system runs fine.

While I was away, the admin in FR decieded to "uninstall"
the ML01 server without due care and this can caused a
number of problems that I cannot find any resolution to.
Although the initial apperance is that the mail system is
still functioning 100%, there is a problem that concerns
me greatly.

I receive the following event messages, on ML02, with
Diagnostic logging is set to MAX on "Resources" under
ExchangeMTA.

1.) Only logged due to diag logging.
Source: MSExchangeMTA
Category: Resource
Event ID: 9267
Type: Information

Description:
(BASE IL INCOMMING RPC(26) Proc 505) LTAB allocated at
index 111(4)

2.) This is the message received every 10 minutes exactly
Source: MSExchangeMTA
Category: Security
Event ID: 9297
Type: Warning

Description:
The user /o=First Organistation/ou=First Administrative
Group/cn=Configuration/cn=servers/cn=ML03 has caused a
security violation. Locality table (LTAB) index: 205.
Windows 2000 error code:0x80070005. [BASE IL MAIN BASE 1
237] (14)

3.)Only logged due to diag logging.
Source: MSExchangeMTA
Category: Resource
Event ID: 9265
Type: Information

Description:
(BASE IL MAIN BASE(1) Proc 514) LTAB index 111 released(4)

All the systems are running Exchange 2000 STD with SP 3.
Besides killing a French man, what can I do to resolve
this problem? I have looked everywhere and the only
reference I can find to this is relating to EX5.5 and does
not help very much.

Thanks

Dean (remove the "AT" to send me an e-mail)

2. Store.exe possible memory leak?

3. Outlook and Exchange security problem

4. Help - Uregent - Can not send message out

5. Exchange security problem

6. Resource booking and moderation

7. Exchange security problem ?

8. Can Exchange be setup as an e-mail server for others on a LAN?

9. exchange security problems

10. Exchange security problems

11. Help!! Outlook and Exchange security problems!

12. Help!! Outlook 97 & Exchange security problems!

13. Help!! Outlook and Exchange security problems!