Outlook For Mac 2011 Spoof From Address
I discovered something disconcerting after one of those "Oops" moments. UserA was replying to an email and accidentally changed the From field to UserB before clicking Send. A funny thing happened... the message was sent, apparently from UserB. The problem? UserA does NOT have Send as or full access to UserB's mailbox, only read access to the calendar folder (which is why Outlook for Mac decided to put the name in the drop-down list for the From field, apparently). When I look at the message header, here's what I see:
From: User Bravo (userb@domain.com)
Sender: User Alpha (usera@domain.com)
What the ....? So Outlook for Mac will allow the message to be sent with a "spoofed" sender in the From field and Exchange 2010 will deliver it?!
Has anyone encountered this obvious flaw and is there a fix that I'm missing? My Google Fu is weak today as I can't figure out the right search terms to find this one.
Thanks in advance.
Rusty
From: User Bravo (userb@domain.com)
Sender: User Alpha (usera@domain.com)
What the ....? So Outlook for Mac will allow the message to be sent with a "spoofed" sender in the From field and Exchange 2010 will deliver it?!
Has anyone encountered this obvious flaw and is there a fix that I'm missing? My Google Fu is weak today as I can't figure out the right search terms to find this one.
Thanks in advance.
Rusty
ASKER
Send on behalf is blank in EMC for UserB. I tested with my account as UserC and UserD and was also able to send the message. Again, I don't have access to UserD's mailbox other than read-only on the Calendar. I checked Send on behalf and UserD has no one configured. I'm almost certain neither UserB nor UserD has any delegates setup (because neither of them asked me how to configure delegates). I'm stumped thus far...
Thanks for the input, Guy.
Thanks for the input, Guy.
No problems :-)
Run "get-mailboxpermission UserB" and see if there are any odd accounts or groups listed with access rights in there.
Run "get-mailboxpermission UserB" and see if there are any odd accounts or groups listed with access rights in there.
ASKER
Ah. Could this be the culprit?
RunspaceId : 8e9a5bdb-d572-4738-95be-b4
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny : False
InheritanceType : All
User : DOMAIN\Domain Admins
Identity : domain.local/Company/User Bravo
IsInherited : True
IsValid : True
ObjectState : Unchanged
Both UserA and myself were members of Domain Admins. I have removed UserA from the group and will test in a few. Is the above a default permission with Ex2010? Is it necessary when all of the Exchange security groups are assigned similar permissions as well? I don't recall adding this setting but my predecessor certainly may have...
RunspaceId : 8e9a5bdb-d572-4738-95be-b4
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
Deny : False
InheritanceType : All
User : DOMAIN\Domain Admins
Identity : domain.local/Company/User Bravo
IsInherited : True
IsValid : True
ObjectState : Unchanged
Both UserA and myself were members of Domain Admins. I have removed UserA from the group and will test in a few. Is the above a default permission with Ex2010? Is it necessary when all of the Exchange security groups are assigned similar permissions as well? I don't recall adding this setting but my predecessor certainly may have...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The calendar read permission was set using PowerShell, granting everyone read-only access to everyone else's calendar. Not exactly a delegation, but would that also conform to the above? What a wacky hierarchy IMO.
ASKER
Removing UserA from the Domain Admins did indeed deny access to send as or on behalf. After removing group membership, an attempt to change the From field resulted in Outlook throwing an "Access denied" error.
Thanks for the assist, Guy. And thanks again EE!
Thanks for the assist, Guy. And thanks again EE!
Outlook for Mac does not decide whether a mail can be sent or not, that's exchange's job. If UserA is not allowed to send, they would get an NDR once the mail was picked up in the queue. Have another look at the mailbox permissions again and make sure that "Send on Behalf of" isn't set.
regards
Guy