How to correctly adjust user's delivery restrictions? (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Server Security



Message

ZAQZAQ -> How to correctly adjust user's delivery restrictions? (5.Dec.2005 1:41:25 PM)

Hello. Our security department has set rules which confine communications between departments.
In other words in "Exchange advanced\Delivery restrictions" we set "Accept message only from: Department1 name, Department2 name, User1 name, User2 name"
Question: How to permit  user to receive messages from the Internet, and keep rules of security department?
Is there any utilities which can help to adjust rules of  message sending in the organization?



mark@mvps.org -> RE: How to correctly adjust user's delivery restrictions? (5.Dec.2005 11:14:31 PM)

Your security department has been drinking way too much Koolaid.

What the hell do they think they're doing in restricting mail communication between internal departments but are letting Internet messages come in.

Precisely how stupid do they think the users are? How long do you think it will take the users to work out that they can email the bloke in the next office by sending data out to the Internet so that the user can hotmail in and get the message.

What EXACTLY is the security requirement here, because I'll be jiggered if I can see it?



ZAQZAQ -> RE: How to correctly adjust user's delivery restrictions? (6.Dec.2005 10:05:49 AM)

O-оk.. To be precise:
 
Let's take 3 groups
Group1.User1..Group1.User100
            work with internal financial documents (NO access to the Internet)
Group2.User1..Group2.User100
work with internal technical documents on equipment and production (NO access to the Internet)
Group3.User1..Group3.User50
            sales department, work with clients
 
Communications INSIDE groups are free.
For all usual users:
Delivery restrictions:
            GroupXX.UserXX = Accept only from GroupXX;
 
Communications BETWEEN groups are controlled by security department
For example, users Group1.User15 and Group2.User10 forward to user Group3.User32 necessary documents for concluding of contract with clients.
Delivery restrictions:
            Group1.User15 = Accept only from: Group1; Group3.User32
            Group2.User10 = Accept only from: Group2; Group3.User32
            Group3.User32 = Accept only from: Group3; Group1.User15; Group2.User10
 
How to permit user Group3.User32 to receive mail from the Internet?
Dеlivery restrictions:
            Group3.User32 = Accept from everyone except:
                                               Group1.User1..Group1.User14,  ,Group1.User16..Group1.User100
                                               Group2.User1..Group1.User10,  ,Group1.User12..Group1.User100
As you understand, it is possible to do it only once and only for one user.
After the second time, I'll start thinking about quiting this job or atleast changing of mail server.
Do you have any ideas?



Page: [1]