Re: Outlook and Exchange Mailbox Security

  • From: Danny <nocmonkey@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 6 Apr 2005 11:42:46 -0400

On Apr 6, 2005 11:29 AM, webmaster@xxxxxxxxxxxxxxxx
<webmaster@xxxxxxxxxxxxxxxx> wrote:
> It just came to my attention that I have a huge email secuirty hole and I
> was wondering what could be causing it.
> Right now if any user starts a new email and clicks the To: button.  Then
> right clicks a recipient user that exists on the Exchange store. And
> selects properties, and clicks the Email Addresses tab, and then selects
> one of the email aliases assigned to that user.  Then they click contacts
> buttons on the add to section below.  This begins to create a contact for
> the exchange user, if they click on activities tab all the email for the
> other exchange user is show.

1) The Activities output should only display transactions between the
current user you are logged-in as and the user you have selected as a
contact.  You are stating that you are able to view emails that you
did not receive or send to this particular user?  All emails are

2) Who are you logged-in as?  Domain Admin?

> Is there a major setting that I have overlooked.  I know the mailbox
> rights set in outlook for everyone are set to anonymous none and default
> none.  Is this a setting that is set for all users of the exchange store?

Has anyone modified the default Exchange Store permissions or the
mailbox rights of this particular user?


Other related posts: