Exchange User Account vs Distribution Group Account
hi, i got one question, scenario; application team require one user account for email use (sending & retreiving emails). my question 1- should i create user account or distribution group? 2- their intention is to create user account with credential, so that it'll be secure. 3- my intention is to create distribution group since the account also need to retrieve emails and distribute to few admins. 4- are distribution group is not secure since no password require to send email?
March 12th, 2012 5:51am

1) DL should be fine if you are allowing the application to relay emails directly to exchange. If the application is configured to use the exchange mailbox, where you need to key in the user name and password, DL will not work. 2) Creating a user account and giving to the application team is not secure. Main risk involved is that lot many people will know the password. Risk will increase if the password is not getting changed along with the resignation of team member. 3) DL should work if the application is having its own smtp engine and can directly relay emails to the exchange infrastructure. Application can use the DL email address in from field so that reply for those mails will get delivered to the DL members. 4) DLs dont have any previlage to send or receive email. Its just a workaround where the reply emails can be delivered to the respective people who needs it. If application is relaying emails directly to exchange, it dosent matter what is the from address or to which recipients this emails is targeted.Shaba
Free Windows Admin Tool Kit Click here and download it now
March 12th, 2012 6:18am

In term of functionality, both are working. But for DL still anybody within local can send email without permission since none credential require. Is that mean, user account more secure since only a few of apps team know the password.
March 12th, 2012 7:07am

Hi, Why don't you create a shared mailbox (A mailbox that's not primarily associated with a single user and is generally configured to allow logon access for multiple users). Exchange 2007 and Shared Mailboxes http://knicksmith.blogspot.in/2007/03/exchange-2007-and-shared-mailboxes.html http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-resource-mailboxes-exchange-server-2007-part1.html Create a shared mailbox in Microsoft Exchange 2010 and Add to OWA http://atthedatacenter.wordpress.com/2010/09/28/create-a-shared-mailbox-in-microsoft-exchange-2010-and-add-to-owa/ Thanks
Free Windows Admin Tool Kit Click here and download it now
March 12th, 2012 7:22am

HI as you mentioned that "still anybody within local can send email without permission to DL" so in that you can restrict that as well, include only those whom you want to allow into the Message Delivery Restrictions option. Right Click the DL in EMC > Mailflow settings >Message Delivery Restrictions there select message from and reject message from. Thanks
March 12th, 2012 7:28am

1) DL should be fine if you are allowing the application to relay emails directly to exchange. If the application is configured to use the exchange mailbox, where you need to key in the user name and password, DL will not work. 2) Creating a user account and giving to the application team is not secure. Main risk involved is that lot many people will know the password. Risk will increase if the password is not getting changed along with the resignation of team member. 3) DL should work if the application is having its own smtp engine and can directly relay emails to the exchange infrastructure. Application can use the DL email address in from field so that reply for those mails will get delivered to the DL members. 4) DLs dont have any previlage to send or receive email. Its just a workaround where the reply emails can be delivered to the respective people who needs it. If application is relaying emails directly to exchange, it dosent matter what is the from address or to which recipients this emails is targeted.Shaba
Free Windows Admin Tool Kit Click here and download it now
March 12th, 2012 1:13pm

Hi, Why don't you create a shared mailbox (A mailbox that's not primarily associated with a single user and is generally configured to allow logon access for multiple users). Exchange 2007 and Shared Mailboxes http://knicksmith.blogspot.in/2007/03/exchange-2007-and-shared-mailboxes.html http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-resource-mailboxes-exchange-server-2007-part1.html Create a shared mailbox in Microsoft Exchange 2010 and Add to OWA http://atthedatacenter.wordpress.com/2010/09/28/create-a-shared-mailbox-in-microsoft-exchange-2010-and-add-to-owa/ Thanks
March 12th, 2012 2:16pm

Hi , Any Updates ??
Free Windows Admin Tool Kit Click here and download it now
March 13th, 2012 1:39am

Hi, i'm doing testing right now. i need to ensure my objective is achieve. anyway im using exchange 2003 sp2. thanks
March 13th, 2012 10:12pm

No issues , Shared mailbox concept can be used in Exchange 2003 as well. Would suggest creating the 'dummy' account and assigning it the desired email address, ensure it has a secure password (this can be anything random as we dont actually need to log in with the account, we just want the account to be secure), assign full mailbox permissions to the users who need access to this account, this can be done in AD via the Users and Computers snap-in. In ADUC select the dummy user and go into the Exchange Advanced tab and select Mailbox Permissions, add the user you want to grant permissions to and then give them the Full Mailbox Access permission. This will allow them to add the mailbox into their Outlook profile (edit the profile and then under the More Settings > Advanced menu you can add additional mailboxes - in this case you would add the dummy account), this will then show up in the users Outlook as a second Mailbox - dummy account name in the left hand pane. One thing to note is that granting Full Mailbox Access *wont* by default allow those users to send emails or reply back as the email address associated with the dummy account, to allow this the users need an additional 'send-as' permission. To grant this edit the dummy account, and go to the Security tab (if you dont see this tab then you need to enable Advanced Features from the View menu), add the user(s) who need send-as permissions and then if you scroll down the list of available permissions you will see the 'Send-As' option. If you expect to be granting permissions to a number of users you may find it easier to manage by creating a security group to manage them and assigning the permissions to the group rather than the users, that way if you need to add/remove permissions from a user it is as simple of editing the group rather than digging through ADUC to set/remove the permissions. I hope the above is informative for you. Thanks
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2012 4:50am

Any updates ??
March 16th, 2012 2:27am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics