RE: ISAPI dlls for EX2000 WebMail

  • From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 27 Oct 2003 10:00:35 -0500

Best bet would be to gather the information from Microsoft's security
website.  The information you want, should be contained in the how to secure
Excahnge booklet which is located online.  Here's a link to get you started:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
prodtech/mailexch/default.asp
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security
/prodtech/mailexch/default.asp> 

  _____  

From: Cresswell, Charles [mailto:charlesc@xxxxxxxxxxxxxxxx] 
Sent: Monday, October 27, 2003 7:06 AM
To: [ExchangeList]
Subject: [exchangelist] ISAPI dlls for EX2000 WebMail


http://www.MSExchange.org/

Hiya,
 
does anyone know the essential ISAPI dlls for running webmail on IIS 4.0?
I've been trying to lock down our web server security a bit, including
webmail. I know I cannot disable WebDAV on the exchange server, but I cant
seem to find any reference to which ISAPI extensions I can remove.
 
Obvoiusly the .asp needs to stay. however our security consultant
recommended certain .htr files be removed from the system folders to prevent
brute forcing of passwords, as well as the removal of the ISAPI .printer
reference. Unfortunately I managed to hose the webmail until I did a restore
of the IIS config!
 

Charles Cresswell, IS Manager
020 7213 0728

 

The Association of Corporate Treasurers 
Ocean House
10/12 Little Trinity Lane 
London EC4V 2DJ 

tel: +44.(0)20 7213 9728 
fax: +44.(0)20 7248 2591 
www:  <http://www.treasurers.org> http://www.treasurers.org 

Notice of Confidentiality 
This e-mail (and any attachments) is intended for the named addressee(s)
only. It contains information that may be confidential. Unless you are the
named addressee (or authorised to receive it for the addressee) you may not
read, copy, use, or disclose it to anyone else. Unauthorised use, copying or
disclosure is strictly prohibited and may be unlawful. If you have received
this transmission in error, please notify the sender immediately and delete
the message from your e-mail system.

The Association of Corporate Treasurers may monitor outgoing and incoming
e-mails and other telecommunications on its e-mail and telecommunications
systems. By replying to this e-mail you give your consent to such
monitoring.

The Association of Corporate Treasurers is a company limited by guarantee.
It is registered in England at the above address, registration number
1445322.
#ACT#

This email has been scanned for known viruses.
Any and all incoming unsolicited or SPAM email may be blocked to this
address. 
If you experience problems sending legitimate email to this address please
contact antispam@xxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------ 

Other related posts: