Exchange tip

Just thought I’d throw this tip out there if you are running Exchange in your environment. I have RT configured on my CentOS 5.5 box, help.domain.com. My /etc/alias file uses help@help.domain.commailto:help@help.domain.com for incoming requests into my main helpdesk queue. What I’ve done with Exchange, that hosts for domain.com, is to create the email help@domain.commailto:help@domain.com, and a contact for help@help.domain.commailto:help@help.domain.com. The newly created Exchange mailbox, help@domain.commailto:help@domain.com forwards to help@help.domain.commailto:help@help.domain.com. What this allows me to do is use delivery restrictions on the Exchange account to limit the help desk to authenticated users only, thus blocking outside requests. I know RT has it’s own mechanism to do this, but this allows me to open it up easily if I need to, and I can use LDAP authentication alongside local users in RT.

This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email

I do something similar, just not with Exchange.

With this system you’re leaving the door open if help@help.domain.com
ever gets accidentally released into the wild. I’ve been very careful so
far and this hasn’t been an issue.

We talked about implementing iptables rules on the RT box that would
limit which machines it can receive email from in order to prevent
people from using help@help.domain.com and instead using help@domain.com
so mail goes through the proper path. We haven’t done it though, and so
far keeping help@help.domain.com as a secret all has been well.On 12/13/10 7:11 PM, Jason Knight wrote:

Just thought I�d throw this tip out there if you are running Exchange
in your environment. I have RT configured on my CentOS 5.5 box,
help.domain.com. My /etc/alias file uses help@help.domain.com
mailto:help@help.domain.com for incoming requests into my main
helpdesk queue. What I�ve done with Exchange, that hosts for
domain.com, is to create the email help@domain.com
mailto:help@domain.com, and a contact for help@help.domain.com
mailto:help@help.domain.com. The newly created Exchange mailbox,
help@domain.com mailto:help@domain.com forwards to
help@help.domain.com mailto:help@help.domain.com. What this allows
me to do is use delivery restrictions on the Exchange account to limit
the help desk to authenticated users only, thus blocking outside
requests. I know RT has it�s own mechanism to do this, but this
allows me to open it up easily if I need to, and I can use LDAP
authentication alongside local users in RT.


This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email


John Arends
jarends@illinois.edu
Network Analyst
College of ACES ITCS
University of Illinois at Urbana-Champaign