locked
autoforward debate RRS feed

  • Question

  • In exchange 2003 we have found people can setup autoforward rules and forward traffic to non secure mail systems such as their hotmail account.

    management say they cannot see who currently has setup these rules, and the only way to do it is via scripts which dont always work.

    Is that a risk in itself, if you havent locked down autoforward rules, but you cant audit/see what rules are setup, is this a risk?

    Our exchange admin doesnt seem to fussed, they have a tool called websense which monitors user activity and outgoing mail, they say if mail is going to external hotmail it will still be picked up via this tool, whether it was purposelly sent, or whether it was autoforwarded by a rule.

    Therefore, is there any issue with people setting up autoforward rules, and the whole "autoforwarding management and monitoring" thing? And them not being able to see what autoforward rules are in place by employees? Is it a risk?


    Thursday, June 9, 2011 1:52 PM

Answers

  • 1. "Is that a risk in itself, if you havent locked down autoforward rules, but you cant audit/see what rules are setup, is this a risk?"

    It is a risk if your business expects you to monitor/restrict forwarding of such emails if you cant stop them at the gateway or prevent users from sending in the first place.

    2. "Our exchange admin doesnt seem to fussed, they have a tool called websense which monitors user activity and outgoing mail, they say if mail is going to external hotmail it will still be picked up via this tool, whether it was purposelly sent, or whether it was autoforwarded by a rule."

    What if messages are being sent to google and not hotmail or any other domain. I thnk they need something a little more intelligent which captures keywords/numbers or whatever is emails to stop them from being sent out.  Or they need to use something like Windows rights maangement to prevent them sending in the first instance.

    3. "Therefore, is there any issue with people setting up autoforward rules, and the whole "autoforwarding management and monitoring" thing? And them not being able to see what autoforward rules are in place by employees? Is it a risk?"

    Yes/No, as mentioned above.


    Sukh
    • Proposed as answer by Evan Liu Monday, June 13, 2011 8:20 AM
    • Marked as answer by Evan Liu Sunday, June 19, 2011 4:16 AM
    Thursday, June 9, 2011 3:39 PM

All replies

  • Hi,

    Generally organization do not want to setup autoforward rule to forward corporate email to external email address. In exchange 2003 its only can be generate report thru LDIFDE script.

    In exchange 2007/2010, It is managed better in remote domain level and can be restrict to all employee. Generally its a matter of security concern which may varry organization to organization.

    I hope it will help you much more !!!


    Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2011, My Blog : http://messagingschool.wordpress.com
    Thursday, June 9, 2011 2:06 PM
  • 1. "Is that a risk in itself, if you havent locked down autoforward rules, but you cant audit/see what rules are setup, is this a risk?"

    It is a risk if your business expects you to monitor/restrict forwarding of such emails if you cant stop them at the gateway or prevent users from sending in the first place.

    2. "Our exchange admin doesnt seem to fussed, they have a tool called websense which monitors user activity and outgoing mail, they say if mail is going to external hotmail it will still be picked up via this tool, whether it was purposelly sent, or whether it was autoforwarded by a rule."

    What if messages are being sent to google and not hotmail or any other domain. I thnk they need something a little more intelligent which captures keywords/numbers or whatever is emails to stop them from being sent out.  Or they need to use something like Windows rights maangement to prevent them sending in the first instance.

    3. "Therefore, is there any issue with people setting up autoforward rules, and the whole "autoforwarding management and monitoring" thing? And them not being able to see what autoforward rules are in place by employees? Is it a risk?"

    Yes/No, as mentioned above.


    Sukh
    • Proposed as answer by Evan Liu Monday, June 13, 2011 8:20 AM
    • Marked as answer by Evan Liu Sunday, June 19, 2011 4:16 AM
    Thursday, June 9, 2011 3:39 PM