?
Solved

Setup a user that can only access POP3 email. Security reasons

Posted on 2006-04-23
6
Medium Priority
?
288 Views
Last Modified: 2006-11-18
I have a client that because of outside contraints needs to forward all his exchange box email to a outside account via pop3. I don't like the security of pop3 because of the clear text passwords and this particular user has some heavy access rights. What I did was to setup another user with a email account and forward the real users email to this account. The outside program then connects to our server and retrieves the forward email from a mailbox with as little rights as possible. This works great but I would like to lock down the account that I use to forward mail for the pop3 mail transfer. Right not the user is a domain user.  I could probably do better with some more testing but don't have the time. I am looking for some guiadance on how to lock down the pop3 accout. SSL is not an option here since I don't have control over the software that retrieves the pop3 mail. I look forward to you answers.


Glenn Thibeault
0
Comment
Question by:OnsiteIT
  • 3
  • 2
6 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16519045
Why do you need to have it forward via POP3??? Why not just forward the email directly from Exchange?  All you would need to do is create a CONTACT in Active Directory with the external address you want to forward messages to set as an SMTP email address.  Then on the Properties dialogue of the user click the Exchange General TAB > Delivery Options...  and then enter the Forwarding information.

I would never run the POP3 service for retreiving messages from a SBS.... it's too insecure and takes up too many resources.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:OnsiteIT
ID: 16520685
TecSoEasy,
That was my first thought and we have done this but beceause  (I have been working on this problem for a long time) of some problems on other side of the email setup ( that even MS says is the other group fault) we get multiple emails messages (such as five to one sometimes) we have to do it this way. Like I said I don't control the other side of the equation so I can only work with what I have. And the other people swear that it's our fault. Typicle stuff but I still have to find a way to make it work.



GlennT
0
 
LVL 5

Accepted Solution

by:
mickinoz2005 earned 375 total points
ID: 16532559
Having used that forwarding solution on numerous occasions I would definitely say it is the other side that is causing the problem, can you not set the user up with a different pop3 account a free one, hotmail or something and forward all mail to that as jeff says.

THe problem you have is that how do you lock down something when most of your constraints are going to be at the other end. Your security weakness lies in the very method you are using rather than in your configuration of that method so I would revist the other end. Normally if a solution is not presented to people then they can't suggest you use it, therefore you don't put yourself in a position where you are using a weak solution to cater for others incompetence.

I would get back onto the other side of this equation and discuss your options or just use a hotmail or something then you don't need to worry about any pop3 business just get exchange to forward (this works like a charm)

Michael
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16534115
Exactly... do what I suggested with the CONTACT, and forward the mail to a GMail account which will give you FREE POP3 access.  Then, the user can pull mail from the GMail account.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:OnsiteIT
ID: 16534291
I thought about doing that also, it seems against my grain to have to go through some many hoops to do this. I am sure that there is a way to control the user rights on an account to really lock this whole thing down. But is it worth the time and effort.


Glennn T
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 375 total points
ID: 16539522
Yes, there is, but I don't think it's worth the time and effort.  And it's not any additional hoops... Essentially you are still forwarding to a separate email account for POP3 retrieval.  It's just a GMail account instead of an internal one.  The added benefit of doing it this way is that you won't have the POP3 service running on your machine.

Jeff
TechSoEasy
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month17 days, 5 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question