Overview
Archived emails can be accessed by users who are not the intended recipients or senders of the email. The sender part of these email is a distribution list, along with the email address of the sender. Users that can access these emails are members of the list.
Environment
- All Environments.
Root Cause
A bug in the POP2Exchange feature of GFI MailEssentials 2010 inserts incorrect sender information when the recipients in the TO field are not on the local domain.
Resolution
The following statements need to be executed on the archive store in order to fix the ownership:
-
delete FROM arc_owners Where ID In (SELECT arc.id FROM ARC INNER JOIN arc_add on arc_add.id = arc.id where arc.received_date > 'xx.xx.xxxx xx:xx:xx' and arc.received_date < 'xx.xx.xxxx xx:xx:xx' and arc_add.email = 'DL@domain.com' and arc_add.type = 3) AND usrid IN (1,2,3,4)
-
DELETE FROM arc_add WHERE ID in (SELECT arc.id FROM ARC INNER JOIN arc_add on arc_add.id = arc.id where arc.received_date > 'xx.xx.xxxx xx:xx:xx' and arc.received_date < 'xx.xx.xxxx xx:xx:xx' and arc_add.email = 'DL@domain.com' and arc_add.type = 3) and email = 'DL@domain.com' and type = 3