KKrukow said:
Do you mean the sender or the recipient?
From your original post:
.... staff sent an e-mail to a client.
.... client reported ... prompted to login to our mailserver.
"staff" was the sender. "client" was the recipient. The recipient is
the one having the problem. Ask the recipient if they still have
configured (as the default) the Restricted Sites security zone (assuming
they actually use a Microsoft e-mail client that utilizes the security
zones versus some non-Microsoft e-mail client that may incorporate its
own security measures).
I can't speak for the recipient,
Well, you did. You said the recipient (client) was the one with the
prompts to logon to your mailserver.
I'll have to verify. Are you suggesting that if the settings your mentioned
are active on the recipient's mail server, that the sender (my employee) may
have something in his e-mail that would be suspect to the recipient?
It would depend on what your staff (the sender) put into their
HTML-formatted e-mail. If they inserted script, especially javascript
using the onmousehover event, and the recipient enabled scripts in the
rendering of their received HTML-formatted e-mails, then what you
describe could happen. You'll have to look at the HTML code in the sent
e-mail to see if your senders were incorporating scripts within them.
As the sender, the cure is not to include scripts. For the recipient,
they should never be rendering HTML-formatted e-mails in the looser
Internet security zone and instead use the Restricted Sites security
zone to prevent scripts from running. However, some recipients have
applications or receive e-mails in which they do want scripts to
execute, like getting some poll, voting, or interactive e-mails;
however, using the Internet security zone opens that recipient up to a
whole bunch of security holes to vector through e-mail into their host.
My
knowledge in exchange is unfortunately limited so forgive my elementary
approach to this.
Wouldn't be caused by Exchange. Would be caused by the HTML code inside
your sender's (staff) emails and also with a recipient that didn't
properly secure their e-mail client.
I'm just guessing that running scripts in HTML-formatted e-mails under a
loose security setup at the recipient's end is what causes the recipient
to see the logon prompt. Someone more familiar with RMS (Rights
Management Server) might know if a document (mail) with rights assigned
to it but sent to someone outside the scope of the RMS server might get
such a prompt. If the rights are still enforced outside the scope of
the RM server, like it's encrypted and must use the RM server to decrypt
it, then the recipient can't read the message unless they connect to
that RM server. That again is another guess. Hard to say when I know
nothing of the content of the sender's message, what Exchange might be
appending or prepending to outbound mails, and how the recipient has
their e-mail client configured.
