Most Exchange Server installations have a set of mailboxes that aren't tied to a specific individual. Organizations often use these anonymous mailboxes for special purposes such as disseminating information or receiving input from many users about a certain topic. For example, you might have a mailbox called HelpDesk to which users can email requests for help; three or four people might then read and respond to those messages. Or you might use an anonymous mailbox called HR Manager or VP of Operations to disseminate a bulletin telling everyone that they can leave 2 hours early so that they can get home ahead of a coming ice storm.
Anonymous mailboxes are especially useful when more than one person is responsible for a business function. However, any time you have more than one person with access rights to a mailbox, you need some mechanism in place to ensure accountability, audit access, and validate the authenticity of sent messages. For example, what would happen if someone sent the "early dismissal" message without proper authority? Would you be able to tell who sent the message? Would your users have a way to know that the message wasn't authentic? In this article, I explain how to configure your system to help track who's using an anonymous mailbox and to let recipients know that messages they receive from such a mailbox are authentic.
Accessing Anonymous Mailboxes
To set up an anonymous mailbox, you create a mailbox and grant multiple people User Rights on that mailbox. Figure 1 shows such a configuration in an Exchange Server 5.5 organization.
Individuals with User Rights can use the anonymous mailbox in several ways. They can define an Outlook profile and access the entire mailbox, they can use Outlook's ability to open a folder from another user's mailbox, and they can use Exchange's Send As capabilities by simply entering the name of the anonymous mailbox in the message's From field. As Figure 2 shows, Kevin Mason is logged on to his mailbox but has entered VP of Operations in the From field to send a message from the VP of Operations mailbox.
Logging Anonymous Mailbox Information
By default, when someone accesses an anonymous account, the system logs little or no information that identifies specifically who accessed the mailbox and what they did while using it. As Figure 3, page 8, shows, when someone uses the Send As option to send a message, message tracking simply shows the submission as coming from the anonymous mailbox. (Exchange tracking-log information is intended for tracking a message as it moves through the system components, not as a security mechanism.)
Figure 3 shows the message-tracking results for Exchange 5.5, but Exchange 2000 Server also logs the message as submitted by the anonymous mailbox rather than by the domain user account or mailbox of the person who sent the message. When someone other than the mailbox's primary user accesses a mailbox by using an Outlook profile, Exchange 2000 and Exchange 5.5 log event ID 1016 in the Windows Application event log. This event occurs because the system recognizes that the domain account that the person is using to access the mailbox isn't defined as the "Primary Windows account" in Exchange 5.5 or isn't the Active Directory (AD) account linked to the mailbox object. However, when a user accesses an anonymous mailbox by other means (e.g., by using Send As or the Other User's Folder function), nothing is logged by default.
To make using an anonymous mailbox less anonymous from a security and auditing perspective, you can increase two diagnostic logging settings on the Private Information Store. For Exchange 5.5, use the Microsoft Exchange Administrator program to expand the container hierarchy and select the Private Information Store object (ORG\Site\Configuration\Server\<server>Private Information Store containers). From the File menu, select Properties, then select the Diagnostics Logging tab, which Figure 4, page 8, shows. In the Services window, select Private. In the Category window, select Logons and change the Logging level to Minimum. Next, select Send As and again set the Logging level to Minimum, then click OK.
For Exchange 2000, the procedure is nearly identical. Use the Microsoft Management Console (MMC) Exchange System Manager (ESM) snap-in to expand the Administrative Groups container. If you don't see an Administrative Groups container, you need to first access the organizational-level Properties and select the Display Administrative Groups check box. Next, expand the appropriate Administrative Group for the server you're configuring, then expand the Servers container. Right-click the server you're configuring, then select Properties. Select the Diagnostics Logging tab. In the Services section, expand the MSExchangeIS object and select the Mailbox object. Under Category, select Logons and change the Logging level to Minimum. Select Send As and again set the Logging level to Minimum, then click OK. You must perform this procedure on all your Exchange servers because some events are logged on the server that hosts the mailbox of the person with access and others are logged only on the server that hosts the anonymous mailbox. Neither Exchange 2000 nor Exchange 5.5 requires a restart—the diagnostic logging changes take effect immediately.
After you make these changes, the Application log will log two additional informational events. When someone accesses a mailbox (including their own) or uses the File, Open, Other Users Folder function, the Application log will record event ID 1009; event ID 1032, which Figure 5 shows, will show up in the Application event log whenever someone uses the Send As function.
Prev. page
[1]
2
3
next page 
