ITPro zone

Microsoft Exchange 2000 and 2003 security update MS06-029 (KB 912442).  



The Microsoft patch MS06-029 (KB 912442) released to fix a vulnerability in Outlook Web Access prevents 3rd party Exchange connectors, such as the Femail 2000 Exchange connector from working correctly. After applying this update the connector will no longer be able to send messages from the Femail 2000 Gateway into Exchange.

This is due to the fact that patch MS06-029 changes the behaviour of the "Send As" feature in Microsoft Exchange Server. Prior to this patch, any user with the “Full Mailbox Access” permission for a mailbox also had the ability to “Send As” the mailbox owner. By installing patch MS06-029 the Femail 2000 Exchange connector looses its "Send As" permission on its gateway mailbox which it uses to send message into Exchange.

The problem is that the Femail 2000 Connector object in AD is a mailGateway object and thus not a user object so it's not possible to correct this by granting the permission back directly on the mailbox through the AD Users & Computers snap in.

For more information regarding patch MS06-029 read the following article "KB912442"

Solution provided by MS Support:

To grant Send As permissions to the Femail 2000 Exchange Connector object, perform the following steps:

1. Open ADSIEdit.msc (more information on ADSIEdit)

2. Browse down to Configuration\Services\Microsoft Exchange\<Exchange Organization>\Administrative Groups\<Administrative Group>\Routing Groups\<Routing Group>\Connections

3. Right click on FemExGwSERVER, and go to properties.
(where SERVER is the name of the Exchange server on which the connector was installed)

4. Find the distinguishedName attribute, and copy it to Notepad (or somewhere easily accessible)

5. Open the Command Prompt, and type the following:

6. Dsacls "distinguishedName" /G "DOMAIN\SVCACCT:CA;Send As"
(where distinguishedName is the text copied previously, and DOMAIN\SVCACCT is the Domain and User Name of the Femail 2000 Exchange Connector Service account, more information on Dsacls)

7. You may need to restart the Information Store, or dismount and mount the Mailbox Store that the Femail 2000 Exchange Connector mailbox resides on, for this change to take effect immediately.