Add the element ExcludedRolesToLogin tp the SiteSettings.config and specify
comma separate which roles are not allowed to login to the panel. e.g.:
<ExcludedRolesToLogin>Administrator,Reseller</ExcludedRolesToLogin>
By doing this you can eliminate the attack surface by publishing the portal
twice. One for the organization administrators and an internal one for the
adminsitrators and reseller admins
A) to route platform internal traffic of the
platform
B) To ensure internal OOF are not delivered to other platform tenants
The WSP Exchange SP2 Transport Agent is responsible for the following:
A) Determine that an email is being sent between tenants on the same system,
and re-routes the mail to deliver to a smart host elsewhere in the network, for
subsequent routing back to Exchange.
B) Since Exchange Server 2007, a user has been able to set both an internal and
an external OOF, and have Exchange deliver the OOF based on the sender being
inside or outside the same Exchange Organization. In a multi-tenant
configuration of Exchange such as that described in this document, all users
in all tenants are considered internal to each other, and so the Internal OOF
is sent between them if emails are exchange and OOF is set on a mailbox.
The transport agent will prohibit to exchange internal OOF between different tenants
The transport agent will override the recipient destination for inter tenant
email exchange to an alternative domain. The platform will have a send
connector defined pointing assigned to the alternative domain name space and
pointing to the next hop, a smart hosts (This can be a Windows SMTP Service).
The smarthost will have a smarthost defined as well that will route back
the message to the platform.
Perform the following steps:
A) Copy the files WSPTransportAgent.dll and WSPTransportAgent.dll.config
to “C:\Program Files\Microsoft\Exchange Server\V14\Public”
B) Import the WSPTransportAgent.reg to create the event source
C) Use the registry editor and provide the” NETWORK SERVICE” Full Control
on the following Key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\WSPTransportAgent
D Run the following powershell command in the exchange management shell:
Install-TransportAgent “WSPTransportAgent” –TransportAgentFactory
WSPTransportAgent.MEACPRoutingAgentFactory
–AssemblyPath
“C:\Program Files\Microsoft\Exchange Server\V14\Public\WSPTransportAgent.dll”
D) Enable-TransportAgent “WSPTransportAgent”
E) Restart the Microsoft Exchange Transport Service
The configuration file contains the following configurable items:
Key Value
A) routingDomain This is the alternative domain that will be added to
the recipient domain name. This should be aligned with the namespace for the
send connector. A sample value could be “.tmp”. The send connector will in
that case serve the *.tmp namespace
logFile Full qualified path to log file that will be used when verbose logging
is enabled (e.g. c:\temp\WSP.log)
enableVerboseLogging Possible values: true or false. Enables or disables
verbose logging. This should be disabled by default
blockInternalInterTenantOOF Possible values: true or false.
Enabled the internal auto reply between tenants. Auto replies within the
tenant or with external tenants (not hosted on the platform) will receive the
internal or external auto reply message.
See http://www.microsoft.com/en-us/download/details.aspx?id=28192
Exchange 2010 SP2 provisioning separated through a new provider
Exchange 2010 SP2 now compliant with product group guidelines
Support for Database Availability Group
Fixed Distribution List view scope to only tenant
Consumer support (individual mailboxes as hotmail) added
Mailbox configuration moved to mailbox plans concept
CN creation is now based on UPN
sAMAccountName generation revised and decoupled from tenant name
2007 (ACL Based), 2010 (ACL Bases), 2010 SP2 (ABP) supported
Automated Hosted Organization provisioning added to create hosting space
Enterprise Server webservice extended with ImportMethod
Mobile tab fixed
Added more information to users listview
All authentication related cookies tagged as httpOnly
web.config: enabledVersionHeader=false
autocomplete disabled
Login url injection redirection fixed
session hijacking implemented
Dont forget to apply ssl to your website with https and to set the requireSSL="false" to true
