I have OWA running (Exchange 2003 on Server 2003R2) and everything seems to be working, but I have one big security hole that I am sure is caused by an incorrect setting on my part.
Once users authenticate into their account, they can access any other account they wish by changing the URL. Example: You authenticate to this address for OWA: https://exch.mydomain.com/ You then go into your mailbox at: https://exch.mydomain.com/exchange if you add anyone elses username to the end of that URL, you can see their email account, example: https://exch.mydomain.com/exchange/bsmith would show you bsmith's account. I am sure this is something very basic I am missing. Thanks, Ed ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
