Creating mailbox - Status=1 but no mailbox is created

hkbloke · Post by **hkbloke** » Sat Nov 11, 2006 7:50 am

I'm using the ASP API to create a new mailbox. I'm using the example code provided by ME. All status return codes are 1, the directories get created but no mailbox appears in the domain.

This only happens on the live server environment - in development (my local PC) everything is fine.

Sounds like a permissioning problem - any ideas ??

hkbloke · Post by **hkbloke** » Sat Nov 11, 2006 7:55 am

OK - so i found this in the read me that came with the example - so is there a SECURE way to add mailboxes with the API/ASP ??

This page is an example ASP page that adds a mailbox. This
should not be used in a publically accessible server, since
it has security issues. Since the objects called need write
permissions to add the mailbox, the identity of the web site
needs write permissions to the Mail Enable\Config directory.

Post by **MailEnable** » Sat Nov 11, 2006 9:23 am

The secure way to do it is to have the web application run under the IME_ADMIN user account.

Exactly how this is done depends on the version of IIS. If you running IIS 6 or later, it means running the administration VDIR under the MailEnableAppPool. If your running IIS 5, it is very much more complicated since you need to know the password for the IME_ADMIN user and set this as the anon user account for the Virtual Directory that hosts the administration. This means using the meinstaller app to set the password to a known password, and then using that password for the anon user account for the iis virtual directory.

NB: If you are having permission related issues, filemon and regmon are very useful.

WimVM · Post by **WimVM** » Fri Feb 15, 2008 12:58 pm

Can a regular user that has a website hosted on the same server as were MailEnabled is installed use the API objects by default? How is this secured? I want to avoid that users can manage the mailenable configuration when they know how the API works.

WimVM · Post by **WimVM** » Wed Feb 20, 2008 6:37 am

Nobody can answer this question? Does this mean you all use it on dedicated servers or just not knowing what it does and how it works??

Post by **MailEnable** » Wed Feb 20, 2008 9:16 am

There is no simple answer to the question because the answer depends on your IIS configuration. Specifically it depends on what you have configured your anonymous user account to be for your hosted web sites.

Typically, you would need to ensure that the IIS Service account for any windows accounts afforded to hosted parties do not have access to sensitive resources (this includes more than just mailenable - eg: scripting file system object and many others).

WimVM · Post by **WimVM** » Wed Feb 20, 2008 9:43 am

MailEnable runs in it own IIS Application Pool with the account that is created by MailEnable. The website's from the users use another account and application pool dedicated to there websites. Ths normally should be enough to disable them from using it. What made me worry was that I found examples where users can use these components to sent mails with a form (similar to CDONTS, ...). Due to the lack of documentation on this subject I need confirmation because I start using them.

Post by **MailEnable** » Wed Feb 20, 2008 9:14 pm

RE: "The website's from the users use another account and application pool dedicated to there websites".

This would depend on what access permissions the app pool identity has. You need to make sure that the app pool identity does not have access to some resources. Specifically, I was refering to the COM API (which is what the original poster indicated they were using). Also, if you have Mailenable objects under COM+ (which is a legacy install option) you need to be careful about who you allow to activate them (in much the same way that you need to ensure that your iis/worker process identity does not have access to other system resources).

MailEnable should be secured appropriately if you are using .NET, since MailEnable does not register into the GAC and only the web application itself can access the resources under its bin directory. ie: for someone to use the objects they would need to access the MailEnable Bin\... folder and place their scripts there.

Johnbo · Post by **Johnbo** » Tue May 13, 2008 4:34 pm

In my case, I developed a web application which creates mailboxes, but it doesn't do anything. I searched the Event Viewer and see this:

Code: Select all

The description for Event ID ( 10000 ) in Source ( MailEnable ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: MailEnable Postoffice Service error: 5; Timed out waiting to block for POSTOFFICES\prueba\MAILBOX.

MailEnable wrote:If you running IIS 6 or later, it means running the administration VDIR under the MailEnableAppPool.

I can't, because the application is developed under .NET Framework 2 and MailEnable uses 1.1, so if I put the app vdir into the MailEnableAppPool, I receive a "Server Unavailable" error, because the aspnet process can't run two different versions of the .NET Framework at the same time.

MailEnable wrote:If your running IIS 5, it is very much more complicated since you need to know the password for the IME_ADMIN user and set this as the anon user account for the Virtual Directory that hosts the administration. This means using the meinstaller app to set the password to a known password, and then using that password for the anon user account for the iis virtual directory.

Instead of this, can I grant IUSR_APP (the anonymous user of my app) permission to the necessary directories to access the API? Which directories would I have to modify? It's just that I'm afraid that changing the IME_ADMIN password could make any service unavailable.

Thanks very much in advance.

jamesas1 · Post by **jamesas1** » Tue Mar 10, 2009 9:53 pm

What I was able to do in order to be able to create mailboxes using the API from another app pool was to add the current app pool user to the "IME_STORE_GROUP" group account and it works fine now.

MikeBarrett · Post by **MikeBarrett** » Wed Apr 01, 2009 9:52 pm

Hello we're using the ASP script to create mailboxes on the fly - we're having the following problem

set oMailbox = server.CreateObject("MEAOPO.Mailbox")
set oAUTHLogin = server.CreateObject("MEAOAU.Login")

Response.Write("<br />Step 1.0")
' response.End()

With oMailbox
.Postoffice = request("postoffice")
.Mailbox = request("mailbox")
.Limit = -1
.RedirectAddress = ""
.RedirectStatus = 0
.Status = 1
lResult = oMailbox.AddMailbox()
End With

'######################################################################################
' startTime = timer
Response.Write("<br />Step 1.1")
Response.Write("<br />" & FormatNumber(Timer - StartTime,

)
Response.Write("<br />" & lResult)
' response.End()

This part of the code is taking 50 seconds to execute - any ideas?

ghenas · Post by **ghenas** » Thu Jun 11, 2009 10:51 am

someone has solved this questions ?

I use a script able to check existing mailbox and it works.
But when I try to add a new mailbox the script needs 40 - 50 seconds but doesn't create a mailbox.

IIS 6.0

below the code:

Server.ScriptTimeout = 200

set oMailbox = server.CreateObject("MEAOPO.Mailbox")
set oAUTHLogin = server.CreateObject("MEAOAU.Login")

With oMailbox
.Postoffice = "mydomain.com"
.Mailbox = "testing"
.Limit = -1
.RedirectAddress = ""
.RedirectStatus = 0
.Status = 1
lResult = .AddMailbox()

response.write lResult
If .GetMailbox() = 1 Then
response.write "Esiste" & .GetMailbox()
else
response.write "non esiste"

End If

End With

Creating mailbox - Status=1 but no mailbox is created

Creating mailbox - Status=1 but no mailbox is created

Slow creating the first part of the mail box