Mailenable seems to be a great product. However, our security standards require us to not allow userids where the password is set to never expire. When installing Mailenable, it created two accounts, IME_USER and IME_ADMIN that have password never expires turned on.
So, I am left with the choices of disabling the ids (what would that break?), setting the passwords to expire (if I can find out where to change each of the passwords), or removing Mailenable (which I don't want to do).
Can you help?
BTW: I only use the inbound SMTP part of the product. I don't use lists, pop, or outbound SMTP.
Thanks for your help and your great product!
B. J. Catlin
IME_ accounts pw never expires
Hey BJ...
I would suggest just changing the passwords to the IME_USER and IME_ADMIN account every so often (within your pwd expiration policy time limit) using the computer management console... But don't forget to also make sure you change the password in IIS when you specify the anonymous user account for your site. It's kind of a manual thing, but if you have standards that guard against this sort of thing, there must be a good reason.
One other thing... I prefer not to use userids with non-expiring passwords... but one way that puts me more at ease is by choosing a *huge* random password for these accounts... something like "#@$ELK#JFFjdlfjsdfl###J#LKDSldfjsadfljsa;lj;dlakjas;lj;asf"... There is no way in million years someone would be able to brute force that one without you noticing...
Take care,
Mike
I would suggest just changing the passwords to the IME_USER and IME_ADMIN account every so often (within your pwd expiration policy time limit) using the computer management console... But don't forget to also make sure you change the password in IIS when you specify the anonymous user account for your site. It's kind of a manual thing, but if you have standards that guard against this sort of thing, there must be a good reason.
One other thing... I prefer not to use userids with non-expiring passwords... but one way that puts me more at ease is by choosing a *huge* random password for these accounts... something like "#@$ELK#JFFjdlfjsdfl###J#LKDSldfjsadfljsa;lj;dlakjas;lj;asf"... There is no way in million years someone would be able to brute force that one without you noticing...
Take care,
Mike
-
MailEnable
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
The IME_USER and IME_ADMIN accounts are only used for Professional and Enterprise edition functionality (spefically webmail and webadmin).
The reason the accounts are created in standard is so that the upgrade to professional does not need to explicitly change permissions apon install. (as setting these permissions is very time consuming).
Bottom-line... if you are only using Standard Edition freatures (which includes SMTP), you can disable these accounts.
The reason the accounts are created in standard is so that the upgrade to professional does not need to explicitly change permissions apon install. (as setting these permissions is very time consuming).
Bottom-line... if you are only using Standard Edition freatures (which includes SMTP), you can disable these accounts.
Regards, Andrew
