Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 and securing mail to certain accounts.

Posted on 2014-07-21
9
Medium Priority
?
87 Views
Last Modified: 2015-01-30
We have developers that are on a domain and exchange server in another country. Currently we have their addresses within our domain here and they have accounts on a (separate)domain and Exchange server there. These developers have no internet access for security purposes. Current they have written a program that when we send to a certain single address, the sender puts the username$ in the subject line and the program on the other side, routes mail to the user internally there.

What I'm trying to find out is there a better way to make Exchange do this securely within the local domain or is it available within Exchange?
0
Comment
Question by:Harold
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 7

Expert Comment

by:Murali Reddy
ID: 40209307
Do they have individual mailboxes in the other forest?

If so, let them create a distribution group there including all the mailboxes they have. The DL should be allowed to email from external world.

Then create a contact with the email address as that of group address they created. Then exchange emails.
0
 
LVL 1

Author Comment

by:Harold
ID: 40209371
Murali

Yes, mailboxes on both

" The DL should be allowed to email from external world."  sorry DL?  So what would prevent them from sending to the world in this configuration? Like sending code out.

"Then create a contact with the email address as that of group address they created." this address would be assigned to the Group, correct?
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 2000 total points
ID: 40578936
Is the point to prevent the other developers from sending email? That can be done on their exchange server very easily.

http://exchangeserverpro.com/restrict-outbound-email-transport-rule/
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 1

Author Comment

by:Harold
ID: 40580550
kevinhsieh: thanks, that looks more like what we need, but curious, what if we have webmail enabled. Say someone created a message, attached source code to the message and saved it to drafts, then logged in to webmail outside and downloaded. Will this protect this as well?
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 2000 total points
ID: 40580711
Only if you disable webmail. Also, if you email them documents, and they access that from IMAP, POP3, ActiveSync, or RPC over HTTPS you still have possibly lost control of the email/documents. You also need to be sure that they can't copy anything to USB stick, external drive, iPod, CD, DVD, their own laptop/computer attached to the network, or access the physical hard drive in a computer. Don't forget about printouts and taking photos of the screen. There are lots of ways that data can leak. You should be looking at a real DLP (data loss prevention) solution.

That said, if you can't trust your developers, how can you trust their code?
0
 
LVL 1

Author Comment

by:Harold
ID: 40580737
kevinhsieh: thanks, I had a feeling all that would have to be disabled, but can't obviously, for cutting off everyone else. I was just given the task and trying best to give them what they want, for security. I do appreciate all you given me, as it has helped greatly.

Best regards
0
 
LVL 1

Author Closing Comment

by:Harold
ID: 40580738
thanks again!
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40580779
You can disable access via various protocols on a per mailbox/user basis. You can disable OWA, ActiveSync, POP3, and IMAP. I am not sure how you prevent MAPI access from outside.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question