RE: [exchange list] RE: OWA Blocking Attachments

  • From: "Carl Houseman" <c.houseman@xxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 15 Dec 2005 23:35:12 -0500

I don't find OOO replies to be *that* annoying.  Easy to recognize and
delete.  So I'm replying to the list and request the same for all followups
that you want me to read.

You can control the level 1 and level 2 attachment opening/sending
permissions for all of your internal OUTLOOK (not OWA) users.   That will
take care of this problem: "If you open the email with Outlook, then you can
open them all".  More here:
http://www.slipstick.com/outlook/esecup/admin.htm

Unfortunately, I don't know of a way to keep OWA from accepting any
attachment of any type.

Carl

-----Original Message-----
From: Tim Bolton [mailto:ltb@xxxxxxxxxxxxxxxxxx] 
Sent: Thursday, December 15, 2005 1:30 PM
To: Carl Houseman
Subject: [exchange list] RE: OWA Blocking Attachments

I am sending this direct to avoid the O u t of O f f I c e replies.

All of our email goes through Postini where it is screened four times
before it is sent to our server.  So in affect they handle the antivirus
for us.  But since OWA doesn't go through them, its no help.

I changed the Level 1 and 2 settings which will prevent a user from
"opening" a specified attachment, but only if they are using OWA.  If
you open the email with Outlook, then you can open them all.



"I don't follow how OWA would work differently for users in the office
vs at home."

Sorry for the confusion...  The User at home would be working with
people in the office, which may include passing documents.  The users at
work will not be using OWA, just the user at home.

I don't want the user at home to be able to send anything in except
PDFs.  But the attachment rules only affect the recipient from opening
the attachment, not from attaching it in the first place.

So basically the level 1 rules, via OWA Admin, only apply to OWA and,
they will let a OWA user send it to an Outlook user.


Does that make sense?



Tim Bolton
Network Administrator
Information Technology Dept. 
Arkansas State Medical Board
www.armedicalboard.org
Phone: 501-296-1953
Cell: 501-350-4291
Fax: 501-296-1805 






http://www.MSExchange.org/

Do you not have any Exchange antivirus installed?  That takes care of
scanning message attachments regardless of the source.

You can change the level 1 and level 2 attachment types for both regular
Outlook and OWA.  Google "OWAADMIN".

I don't follow how OWA would work differently for users in the office vs
at home.

Carl 

-----Original Message-----
From: Tim Bolton [mailto:ltb@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, December 15, 2005 11:41 AM
To: [ExchangeList]
Subject: [exchangelist] OWA Blocking Attachments

I have an issue allowing my users access to OWA from their home PCs.

If I turn on the attachment option in OWA, they can attach any type of
file they wish, again from their home PC.

When it comes through our Watchguard firewall, via port 443 - SSL, they
are not filtered since we cannot filter on that port as you can with the
SMTP Service.

If a users opens OWA, inside the office, to read the incoming email.
Only the attachments allowed in Level 2 can be accessed.

However, if they open the email using Outlook 2003, they can access all
of the attachments sent.

Meaning, they can send in any type of documents they wish which may
carry a virus.  Since it is coming in on port 443, it is not scanned or
filtered in any way.

Normally, all attachments are stripped at the firewall.  The only ones
we allow via email are PDF files.  If a users tries to download a ZIP,
or any other file, it is stripped at the firewall.

But OWA seems to open the door wide open.

It has been suggested buying a 3rd party product such as
www.messageware.com but you would think that you would be able to
control this in Exchange.  We only have a single Exchange 2003 Server,
no front or back end.

I only have 5 users that need this access so cost is an issue.  I am
currently turning off ALL attachments for OWA...

If I change the Level 1 settings for Outlook, it will prevent my users
from sending attachments internally as well, correct?

I have been researching Watchguards site but have yet to find a solution
there.



Any thoughts or suggestions?


Tim Bolton
Network Administrator
Information Technology Dept. 
Arkansas State Medical Board
www.armedicalboard.org
Phone: 501-296-1953
Cell: 501-350-4291
Fax: 501-296-1805 




Other related posts: