POP\SMTP access outside firewall

[sirlance]

Does anybody know a way to allow POP\SMTP for only specific mailbox's?
Our company doesn't allow it as a policy, but some higher exec's want to use this Samsung PDA phone that has a MS OS with Outlook, but use's only POP\SMTP for mail.

EX2k on AD
Cisoc PIX firewall
PDA Phone Samsung SCH-i600

Thanks

 

[jpederson]

In AD Users & Computers go to the Exchange Advanced tab for the user account(s). Click the Protocol Settings button. Highlight the protocol you want to control and click Settings. This is where you can enable/disable protocols that can be used by a mailbox.

The bad news! At least in our Organization the mailboxes are getting created with all three protocols allowed by default (http, imap, & POP).

Unless someone else has a better way, I'd look into writing a script that would unchek enable this protocol...for all of the user accounts. Then go into the exec accounts and set them up to be able to use the protocol. The ADSI property to midify is "protocolSettings".

Alternatively, If you have relatively few users you could just uncheck the enable this protocol...on the user accounts you want to keep out.

 

[sirlance]

Thanks Jpederson, but actually that's not my problem. Its allowing access outside the firewall. Internally, we don't care.

 

[Davetoo]

My first concern wouldn't be with how to do it, but rather with going against company policy, regardless of who wants to do it.

If the company allows the exception to permit this exec to access outside the network, then you'll have to allow the POP and SMTP traffic through the PIX.

Sorry, not a PIX guy, might check for a PIX forum here, I'm sure there is one.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[2cornot2c]

The whole point behind a policy is to implement it domain wide. However, I understand your problem and the rule of thumb is to always make the Executives happy.

I don't have a solution to your problem only a suggestion to prevent more unnecessary work in the future.

Do what I did, write up a policy regarding all hardware and software. Include the following:

All hardware and software on the network must be approved, registered and compatible with the companies network infrastructure.

All harware and software installed on the network must be tested and approved by the IT Department.

Make sure that you get a senior VP to back you on your policy and send it out to everyone.

I use to have these problems all the time with Managers, Senior Engineers and VP's buying Black Berry, Palm Handhelds, etc without consulting IT. When they found out that there was problems connecting or hardware limitations, they expected me to work a miricle and get it working.

NOT ANYMORE, if they buy it without consulting me I will not support it and I have the company policy to back me up.

 

[Davetoo]

I know this is a bit off topic, and of no use, but maybe a little humor on a Friday is a good thing? Anyway, our policy is no hardware/software purchases without IT approval, and no hardware/software is to be installed/connected to company systems without IT approval. Well known policy, distributed quarterly as a reminder.

Got a call from a guy having a problem. Walked over to that building to assist. Turns out he had a iPaq that would work only sometimes with his notebook. Knowing we had not approved any handhelds, I asked where he got it. "It's mine" was the response. Knowing, again, that no handhelds had been approved to be attached to our systems, I asked what the problem was specifically. Let him go through all the problems and troubleshooting he'd already done, and after about five minutes he finally stopped and looked at me. I just said "wow, that must suck, how you gonna fix it?" He had no response. I then "reminded" him of our policy against having personal hardware attached to our systems, told him to take it all home, and left.

I know, I know, I shouldn't have done it that way, but you know what? It turned my bad day into a good one.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.