Mail enabled Public Folders on Exchange 2013 CU6 require action for internet mail to be received

So, CU6 is out. It’s easy to overlook the change mentioned within the Exchange 2013 Release Notes. And you might have missed the Exchange Team blog post about all Public Folder changes with CU6. And it might not be relevant for your situation.

But I know certain customers rely on mail enabled Public Folders that are able to receive internet mail and are now on Exchange 2013. Sometimes it’s not practical to change those Public Folders to a Shared Mailbox. In these cases it is imperative to roll out correct permissions to those mail enabled folders before upgrading to CU6, otherwise you will break stuff.

If you do not change the permissions on mail enabled folders, you will not receive mail from (what is for Exchange) unauthorized users, i.e. mail from the internet. They will receive an NDR, but you probably want to prevent any confusion regarding something that previously worked properly.

You have to add Create Items permissions to the user Anonymous. It’s possible to do that via the Exchange Admin Center or the Exchange Management Shell. Check this article on TechNet for an example.

Why was this changed? Does CU6 unintentionally break this feature? No, actually CU6 fixes what you could consider a security issue. Before CU6 any Mail Enabled Public was automatically able to receive mail from the internet which is not always required or preferred. As far as I know, you couldn’t easily prevent this. With CU6, you have to explicitly allow internet mail to be received. Basically it’s the same way with Mail-Enabled Distribution Lists; per default only authenticated users can mail those list and after a change in permissions it could receive mail from the internet.

Leave a Reply

Your email address will not be published. Required fields are marked *