1

We have found an issue on our systems whereby an outlook user (both 2007 and 2010) connected to our Exchange server (2007) can send emails as other users using the following steps

  1. Within Outlook Click <New Email>
  2. Select the <From> button to show a list of accounts outlook contains, but it also shows the option
  3. Select<Other Email Address>. This brings up a small dialog box with another button which when selected allows the user to select an email from their contacts or the Active Directory. The user in most cases can select any email within the Active Directory and send an email as if it were coming from that selected email.

It seems not everyone has this ability and I'm guessing it is something to do with settings in exchange or AD(version 6) or is there a group policy that can be implemented to stop users being able to do this. We have no idea what allows this and I have failed to find anything using Dr Google. No one has setup delegates within outlook but it does seem to be something similar?

Does anyone know how to lock this down?

Thanks in advance

Sherriffwoody
  • 13
  • 3
  • 2
    1. Huh? 2. Wha? 3. Can you give us some more detail on the problem? It's not clear to me how you're invoking this behavior. – joeqwerty Mar 21 '12 at 01:52
  • @joeqwerty , my reaction exactly, dug into the source and fixed – Mathias R. Jessen Mar 21 '12 at 01:58
  • I'm not sure what you mean. The behaviour is invoked by the steps as outlined. – Sherriffwoody Mar 21 '12 at 02:04
  • Looks like all your users are inheriting a send-as permission for this user from somewhere high up in your directory structure. I'd suggest checking the ACL of one of the users this person is able to send as. – Matt Mar 21 '12 at 02:48

1 Answers1

0

try this from your exchange management shell

Get-ADPermission - identity "user" | where {($_.ExtendedRights -like “*Send-As*”)} | FT -Wrap

substitute "user" with the CN of your user, should give you a list of users with access to this property on the requested mailbox

Matt Hamende
  • 129
  • 1
  • 11