One thing we discovered was this: We ran the IIS Lockdown and URLScan on our E2K Front-End OWA server using the OWA template. If a OWA user attempted to open an email with a subject ending in a period (ie: Hello...) URLScan blocked it. There was a rule in URLscan that blocked any url containing ".." So if a message had the above subject the link would be:
https://wwwmail.somone.com/exchange/user/Hello....eml and would be blocked. Note: please forgive syntax errors or lack of description... but im really sick today... and along with seeing small purple midgets in leiderhosen... my train of thought is a bit derailed. -----Original Message----- From: Joe L. Casale [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 10:26 AM To: MS-Exchange Admin Issues Subject: RE: IIS Lockdown/URLScan on E2K? I am using the latest version of lockdown. It says its got urlscan integrated, and the correct settings... Well, urlscan used to load an isapi filter that I no longer see, and as for the correct settings, bogus as usual. I had to check the logs every failure to tweak the settings... But it is all working better then it used to! Didn't really break anything that wasn't easy to fix! I would say its safe now... Just be prepared to have to change the settings in the urlscan.ini file... jlc -----Original Message----- From: Bonner, Jon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 7:48 AM To: MS-Exchange Admin Issues Subject: IIS Lockdown/URLScan on E2K? Is anybody using either IIS Lockdown or just URLScan alone on their E2K servers? I'm wondering what everyone else is doing? Thanks. Jon Bonner List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
