Greetings! Welcome to Vol. 2, No. 6 of Exchange Messaging Outlook, an occasional newsletter about Microsoft Exchange, Windows Messaging and Microsoft Outlook, both for users of Windows 95 and NT 4.0 and for organizations using Microsoft Exchange Server.
Office 97 Service Release 1 and Outlook 8.02
The much anticipated patch to Outlook 8.02 has come and gone and come again on the Microsoft web site. It was briefly withdrawn after Microsoft found a problem with saving Word files. The new version was posted Monday.
The issue of whether you should use the downloadable patch is so complex that I've summarized it in a chart at http://www.slipstick.com/exchange/ol802.htm. The bottom line:
POP3 security hole for Microsoft Exchange Server 5.0
From the newsgroups comes this posting by Microsoft program manager Jim Reitz, in response to a problem reported by Rajiv Pant at http://rajiv.org/active/:
"By design, Exchange Server maintains a secure credentials cache in memory, on behalf of native Internet protocol clients (POP3, NNTP, LDAP) so that it doesn't have to make a round trip over the network to the NT Domain Controller every time a POP3 client does 'check mail' (like every 5 minutes for most mail clients). Credentials are automatically aged out of the cache -- 2 hours max lifetime by default, more quickly if they aren't used often (15 minute idle time by default).
"There's no new security risk here *unless your password has already been stolen*. If you suspect that's the case, and you change your NT password -- then there's an additional window of between 15 minutes and two hours where your old password will still be valid for basic authentication via POP3, NNTP, or LDAP. This only applies if you are using Basic Authentication (plain-text authentication) for these Internet protocols. The issue doesn't occur if you are using NTLM-aware POP3 mail clients -- like Outlook Express (since NTLM-aware clients do their own local credentials caching).
"If you don't want this caching, then you can easily disable it via a registry setting -- this is described in KB article Q166620 at http://www.microsoft.com/kb/articles/q166/6/20.htm. Keep in mind, however that this will mean a round-trip to the domain controller for every POP3 'check mail' operation.
"Of course, from a security perspective -- using POP3 with clear-text passwords isn't such a hot idea in the first place. If you want to use POP3, we'd strongly recommend only using it with 'Basic Auth over SSL encryption' or 'NTLM Challenge/Response Auth'."
The above-referenced MSKB article is not yet available, but Jim posted the registry entries that control the credentials cache:
HKLM\System\CurrentControlSet\Services \MsExchangeIs\ParametersNetIf \Credentials Cache Age Limit (Default = 120 minutes) HKLM\System\CurrentControlSet\Services \MsExchangeIs\ParametersNetIf \Credentials Cache Idle Limit (Default = 15 minutes) HKLM\System\CurrentControlSet\Services \MsExchangeIs\ParametersNetIf \Credentials Cache Size (Default = 256 buckets, to turn off caching, you should set the size = 0)
Recovering data from offline folders
I frequently get e-mail messages or read newsgroup postings from people who have switched to a new Microsoft Exchange Server mailbox and want to use the messages saved in the offline folders that they had been synchronizing with the old mailbox.
Unfortunately, most of the time it's too late. Because offline folders are associated with a particular mailbox, if you use the same profile with a new mailbox, all the information in the offline folders cannot be retrieved.
It is possible to recover items from offline folders, but only if you take specific steps as soon as you know that you'll be getting a new mailbox or even if you suspect that the old one is damaged:
You can now create a new profile to access your new mailbox, add the Personal Folders file to the profile and copy all items from the Personal Folders to the new mailbox.
If you're an administrator, a good habit to consider passing along to users is to always create a new profile for a new mailbox. That will leave the old one intact, along with its offline folders, until you can start it up offline and recover the offline folder information.
New and updated utilities
ListServer (limited beta)
Application for Microsoft Exchange Server to provide Internet e-mail users with access to Exchange Server's distribution lists. New Custom Recipients are created automatically as needed.
Add-in for Microsoft Exchange and Outlook to provide access to the millions of addresses in the Four11 directory.
ONYX Connect for Microsoft Outlook
Integrates Microsoft Outlook's scheduling and contact management with the ONYX Customer Center tool for managing, sharing, and viewing all customer information.
Uses Caller ID to monitor incoming calls then pop up Microsoft Outlook's contact records.
Get voice notification over the phone about messages waiting in your Inbox, and have the most critical ones faxed to you.
Sends you a quick message when you get new mail, giving just the number of unread messages.
Forwards incoming Microsoft Fax faxes to the intended recipients.
Psi-Sync for Microsoft Outlook (formerly Outlook Agenda Sync)
Enables users of Microsoft's Outlook 97 to synchronise their Calendar, Tasks, Contacts and Notes with a Psion 3a, 3c or Siena (but not a Psion Series 5). The optional EMessage alias enables simple e-mails to be composed on the Psion to be later uploaded and sent automatically via Outlook 97. The new HotSync feature completely automates the synchronisation of Agenda and Data files as well as EMessage retrieval whenever a Psion is connected.
Microsoft Outlook Support for Lotus cc:Mail
Updated version of the transport included on the Outlook CD.
ExLife (ver 1.21)
Adds two more actions -- printing messages and saving attachments -- to this premier utility for automatically processing messages in Exchange and Outlook.
Profile Maker (ver 2.1)
Adds more configuration options (not just MAPI settings, but registry options, too) to this utility for creating Exchange and Outlook profiles. Now supports IMEP, Microsoft Fax, Schedule+ file location and address book settings.
Get the answers from the Microsoft Exchange, Windows Messaging and Microsoft Outlook FAQs at http://www.slipstick.com/exchange/faqs.htm.
The Microsoft Outlook FAQ has a Table of Contents at http://www.slipstick.com/exchange/outlfaq.htm to help you find answers faster. New and updated items are at the bottom of the page.
Ask new questions and provide other feedback for the Slipstick Systems Exchange Center FAQs at http://www.slipstick.com/exchange/faqfdbk.htm.
About this newsletter