Martin, It's obvious now that one of two things happened, either:
- Ipswitch rushed this application to market, or - the programming team assigned to develop the new produce has absolutely no knowledge of server security. I suspect a little of both is involved here. I deal with these kinds of issues all the time with medical scheduling software and have to deliberately hold BACK on installing updates that some of the people I work for are demanding but we cannot implement because the updates create more problems than they solve. We constantly fight for security on our servers. Because some of our clients accept credit cards, our servers are CONSTANTLY under the scrutiny of Visa/MasterCard for security loopholes and, after reading the security settings, I KNOW an installation of Imail will flunk us and get all of our e-commerce shut down. The fines that can be levied by the US Credit Card issuers will close down a business in a matter of seconds. Bruce Barnes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Schaible Sent: Tuesday, January 03, 2006 19:29 To: Bruce Barnes Subject: Re: [IMail Forum] 2006 permissions Hi Bruce, This is absolutely right. In the most cases SYSTEM does need not full control either. The both accounts IMail works with must be restricted for sure. It can't be the solution, that those users have full control over the Application- and Data-directories. Especially the IIS guest user must run under very limited rights. This affects the registry too. Did somebody already test, if IMail will work, after reducing the rights to the usual read/write/change permissions? IMail 2006 does not strictly separate program and data by default. With a bit registry hacking, a separation is possible. At the end, three or four files need R/W access in the application directory. We made that already for every version of IMail, including 2006 . I have no idea, why we poor admins have fiddle around in the registry to fullfil some basic IT-rules. This separation could be done very very easy by default and would allow to implement a security concept easily. If somebody is interested what have to be done for a 99% separation, i can post more infos. ============================================ Am Mittwoch, 4. Januar 2006 um 00:53 schrieben Sie: > Full control should NEVER be allowed on a server of any kind! That > will give full access to anyone who can connect to the site. > > The only account having FULL CONTROL is ADMINISTRATOR and SYSTEM. > > The user who is logged into the system checking his mail should only > be allowed CREATE, MODIFY and DELETE, NOT full control. > > This is a definitely problem with the latest version of IMail and > needs to be addresses ASAP. We will not deploy until this is resolved! > > Bruce Barnes > ChicagoNetTech Inc > ________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity > Hosting > Sent: Tuesday, January 03, 2006 16:53 > To: [email protected] > Subject: Re: [IMail Forum] 2006 permissions > Full control? > Mike Barber wrote: > Here you will find the permissions necessary > > http://support.ipswitch.com/kb/IM-20051123-DM03.htm#InstallUpgrade > For your scenario you will need to add > IUSR_ComputerName to d:\imail\ > ________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting > Sent: Tuesday, January 03, 2006 5:23 PM > To: [email protected] > Subject: [IMail Forum] 2006 permissions > We have all of our domains on the D drive and it seems > that permissions are still not corrected after installing 2006.01. > This is the error I get when I try to save attachment blocking: > > "Unable to open attachment blocking file d:\IMail\\ab.txt" > > That would indicate a permissions problem but it is reading > the file. What file permissions should be in place? > > Thanks, > > Bill > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ ============================================ -- Mit freundlichen GrĂ¼ssen -------------------------------------------- Merlin Consulting Martin Schaible Bahnhofstrasse 27 CH-8702 Zollikon Phone: +41 44 391 30 00 Fax: +41 44 391 32 49 Mail: mailto:[EMAIL PROTECTED] URL: http://www.merlinconsulting.ch Support: http://support.merlinconsulting.ch GPS: N47 20.235 E8 34.226 -------------------------------------------- News - Neue Produkte: .:. NOD32 Antivirus System .:. BlueDragon .:. Kiwi Syslog Monitor .:. Paessler GmbH .:. Sawmill Loganalyzer .:. SmarterTools -------------------------------------------- To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
