SNTT : Button to check if your users are fowarding mail to external email accounts
Sean Cull 11 December 2008 18:28:53
Users forwarding automatically forwarding emails to external accounts can cause both security and reliability issues. I have seen instances where an email was automatically sent to an external account which sent back an error bounce message ... which got sent to the same account ... which sent back another bounce message ... and so on.
There are two main ways that users will do this.
The first is to modify the mail forwarding address in their person record ( Can your users edit this setting ? Should they be able to edit this setting ? ). You can find these affected records by searching the people view in the NAB / Domino Directory using a search string such as the one shown below - this is a cruse search looking for the existence of the "@" symbol in the mailaddress field. Note that you can save this as a shared search for future use.
The second method that users use to forward mail to external accounts is to use the mail rules in their mail files. These can be disabled in the server configuration record but they are genuinely useful things to have in many cases.
I have written code for a button which will scan everyones mail rules ( assuming the user has access to their mail files ) and return a report of mail rules containing the symbols "@" and "." in the same forwarding address. This is a fairly crude search string but it is effective in most cases - feel free to improve upon it.
Clicking on the button will produce a report such as the one below which is emailed to your Notes account.
If you are having trouble accessing peoples mail files you may want to try using the "Full Access Administration" option in the administrator client
You can download the as an lss file at the end of this post. You can also download a database with the button in the first document - just cut and paste it to where ever. You should obviously look at the code before you click on the button - do this by selecting the button, right clicking and choosing edit. The easiest way to select the button without pressing it is to backspace onto it.
The code is provided for your own use without warranty. FoCul would be very happy to provide you with admin or development support for your Notes and Domino needs. You can contact us via
http://www.deliverytoolkit.com - our new shrink wrapped offerings
http://focul.net - our main site ( needs updating !! )
http://seancull.co.uk ( my personal tech blog )
mailaudit.zip
mailaudit2.lss
As ever if anyone knows of a better way to monitor this - or to disable it - please let me know. It does seem odd that the functionality does not exists in 80x
The last question is will my GPRS signal last far enough into the Irish Sea to replicate this from my ferry !
Sean
Admin Tips Download Show-n-Tell Thursday Lotus
2patrick picard 12.12.2008 14:21:24 NSF link broken An error has occured whilst trying to find the page that you have requested. It may be that the page does not exist or that you do not have the authorization to view it. Error Message: HTTP Web Server: Lotus Notes Exception - Entry not found in index
3patrick picard 12.12.2008 14:21:57 NSF link broken An error has occured whilst trying to find the page that you have requested. It may be that the page does not exist or that you do not have the authorization to view it. Error Message: HTTP Web Server: Lotus Notes Exception - Entry not found in index
4Sean Cull 12.12.2008 17:55:46 Download showl now be working @2,3 Patrick, the download should be ok now, I think the .nsf ending confused the blog template
5Sean Cull 12.12.2008 17:57:28 Delivery Controls @1 Randy, you are correct but this restriction also stops forwarding to internal people which is a very useful thing to be able to do.
6James Algar 04.06.2009 17:58:15 Forwarding in agents? An admin could create LotusScript agents on behalf of the users to achieve internal forwarding, which will get past the restriction in the Config doc. However my users have created simple agents to forward mail, rather than rules, yet they don't have Designer clients. Any ideas how to stop them creating these, without reducing their access level down from Mgr in the ACL?
7sean cull 04.06.2009 19:08:25 Use the ACL You could try leaving them as Managers but removing their ability to create private agents in the ACL I don't think that this will affect mail rules or Out of Office but you should check to be sure.
Please leave a comment
1Randy Bye 11.12.2008 22:09:06 Policy document
In the server configuration documents...
Router/SMTP tab
Restrictions and Controls tab
Delivery Controls tab
User rules mail forwarding: Enabled to disabled.
Users will see the forward indicator but it won't go anywhere.