IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [exchange]

Microsoft Exchange Server is a widely used email server that is used with all versions of Microsoft's Outlook, Entourage, IMAP, and POP3 clients. It is also used to host Microsoft's Office 365 cloud offering.

78 questions
1
vote
1 answer

Does a Mailbox Export Request modify the mailbox data?

The procedure suggested by forensics companies to make a copy of a users's mailbox in a forensically sound manner is to use New-MailboxExportRequest. What information is modified (if any) by the use of this command? My understanding is that the…
WoJ
  • 8,957
  • 2
  • 32
  • 51
0
votes
1 answer

Exchange Autodiscover XML question (Exploit related)

Recently we had an issue with the Exchange autodiscover.xml appending ".com" to our mail servers autodiscover address. It resulted in a certificate error due to the name not matching the certificate. After hunting that down and correcting it (by…
tkiuntke
  • 1
  • 1
0
votes
0 answers

What does it mean when a message's contentes are replaced by "Malware name: 'EngineError'"

Possible Duplicate: Does a blocked email with a malware name “EngineError” indicate a flaw in Forefront Protection? A privious post on this topic was closed as "unlikely to ever help any future visitors; it is only relevant to a small geographic…
user5332
  • 1
0
votes
2 answers

When Activesync policy is applied to iPhones allows thumbprint-unlock, while Android does not. Which is correct?

We have a long-standing ActiveSync device policy that requires an unlock code for all phones that use corporate email. It seems that iPhones with "swipe to unlock" and Android phones with similar technology process this policy different: iPhones…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
0
votes
0 answers

Are there security concerns with IMAP when used with OAuth2 and MFA?

Several organizations using Outlook365 (the hosted/managed MS Exchange service from Microsoft) seem to be disabling IMAP and SMTP entirely, forcing users to only use the Outlook client. I get that reducing the attack surface may have some value in…
Security As A Hobby
  • 1
  • 1
0
votes
1 answer

Common attack vectors for Microsoft Exchange Server?

What are the common attack vectors for a Microsoft Exchange Server? My online searches only yield discussion into various APT groups, and technical write-ups of different 0day exploits. There does not seem to be an OWASP top 10 vulnerabilities, nor…
questioner
  • 171
  • 2
  • 11
0
votes
0 answers

Sending emails as other persons from internal network in Outlook Online

So today in work I tried making an SMTP email to our local mailserver. Using colleagues email name I sent an email to another colleague. The email didn't fall in spam and it actually showed the profile picture and online status from the actual real…
Giulio Ferraiuolo
  • 1
0
votes
1 answer

Exchange compromise affected company - should we 100% change administrator password?

We host exchange on premise (exchange 2013). We believe following MS's guides and guidelines that we were compromised regarding the exchange zero days hack. We did find some .aspx files that did not appear to be from us in our inetpub directory. …
JonH
  • 137
  • 1
  • 10
0
votes
0 answers

Watch Encrypted IMAP Responses

I'm trying to see if I can decipher the messages coming back from Exchange when I try and login via secure IMAP. My office 365 accounts are under attack and I've disabled IMAP (and legacy login) but I'm still getting errors (bad passwords) in…
Sean
  • 1
0
votes
1 answer

A replay attack was detected (4649) & Exchange Healthmailbox

We received alarms for this in our SIEM today. I believe it is expected and just "noise". The alarm was triggered immediately after Exchange cleared the ThrottlingConfig.log. I know Exchange Server 2013 CU5, CU5 includes a Managed Availability probe…
Lee
  • 31
  • 1
  • 6
0
votes
1 answer

How should I configure DMARC (or DKIM?) to deal with OWA forwarding changing email bodies?

For my own domain (mydomain.com, hosted with a free G Suite), I have setup DMARC in testing mode: v=DMARC1; p=none; sp=reject; aspf=s; adkim=s; rua=mailto:dmarc@mydomain.com I have sent out test emails to a bunch of email addresses to get an idea…
bers
  • 200
  • 1
  • 9
0
votes
1 answer

Blocking Email Attachment download from outside company in Office 365

In Office 365, Emails can accessed from anywhere (within or outside of the company). Want to block Email attachment download from outside of the company. Emails should be accessible from outside of the company but attachments should be blocked to…
Tushar
  • 443
  • 5
  • 9
0
votes
1 answer

Exchange Security - outgoing email marked as spam by recipients

Our company emails are getting blocked (blacklisted) every other day. Can someone tell us why the emails are getting blocked. And how to rectify for being blocked. Your advise will be highly appreciated.
syzh
  • 1
  • 1
0
votes
1 answer

Reason to Require A VPN Client for Exchange 2010 and Newer?

Reading Microsoft's Publishing Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010, it looks like encryption is baked in for client access in all flavors (OWA, EAS, etc). 2FA is available…
Ronnie Royston
  • 209
  • 1
  • 2
  • 7
0
votes
1 answer

block changing IP addresses on port 25 SMTP

A script is currently being run against my exchange server attempting to access resources on port 25 SMTP. This is generating event 4776 within Windows event logs. How can I stop this? Would I need to block this at the firewall or at the exchange…
user6255
  • 211
  • 2
  • 6
1 2 3 4
5
6