Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
DiscussionsAccessExcelInfoPathOutlookPowerPointPublisherWord
DirectoryUser Groups
Related Topics
Outlook ExpressInternet ExplorerWindowsMS Server ProductsMore Topics ...
MS Office Forum / Outlook / Programming Add-Ins / October 2004

Tip: Looking for answers? Try searching our database.

Spamnet add-in to Outlook

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
tdog - 28 Oct 2004 20:03 GMT
Hello,

I and other enterprise users are running Outlook 2003 with SpamNet 3.0 and
we get the "A program is trying to access e-mail addresses..." pop-up. This
occurs even though we have trusted spamnet.dll in our Outlook Security
Template per the reference in the Cloudmark Knowledge Base which points to
the Microsoft ORK article. ActiveSync is not installed on my system and never
has been (brand-new system).

Has anyone else had any luck getting the trust to work for the SpamNet
plug-in? Thanks!

cheers /td
Reply to this Message
Sue Mosher [MVP-Outlook] - 28 Oct 2004 20:06 GMT
Sounds like the trust mechanism isn't working, either because the folder is
in the wrong place, the required client registry entry isn't set, etc. In
any case, Outlook 2003 trusts COM add-ins by default. In other words, if
SpamNet is the only reason you fired up that folder, you don't need it.

Signature

Sue Mosher, Outlook MVP
Author of
    Microsoft Outlook Programming - Jumpstart for
    Administrators, Power Users, and Developers
    http://www.outlookcode.com/jumpstart.aspx

> Hello,
>
[quoted text clipped - 11 lines]
>
> cheers /td
Reply to this Message
tdog - 28 Oct 2004 22:03 GMT
Sue,
Thanks for the response. The Outlook Security Settings folder is in the
Public folder structure in Exchange, the affected clients have the proper
CheckAdminSettings value in the Registry (it was also set up to address the
PDFMOutlook.dll issue which produces similar pop-ups, and it does fix that
issue if you have certain Programmatic Settings approved - trusting the DLL
in Trusted Code does nothing), yet we still have many users getting the
security model pop-ups in OL2003 when SpamNet 3.0 is installed.

I have read in several places that OL2003 allegedly trusts COM add-ins;
however, we are not the only users experiencing the problem (and we don't
have ActiveSync installed, which according to Cloudmark can cause the SpamNet
add-in to trigger the pop-ups).

Could there be an issue with the SpamNet DLL coding such that Outlook does
not recognize it (and thus not trust it) correctly?

Thanks.

> Sounds like the trust mechanism isn't working, either because the folder is
> in the wrong place, the required client registry entry isn't set, etc. In
[quoted text clipped - 16 lines]
> >
> > cheers /td
Reply to this Message
Sue Mosher [MVP-Outlook] - 28 Oct 2004 22:31 GMT
Anything is possible, but given that SpamNet works fine without prompts
under the default trust mechanism built into Outlook 2003, their code
doesn't seem to be the problem.

Are you sure you trusted the correct .dll? If I were you, I'd be discussing
this issue with CloudMark.

My guess about PDFMOutlook.dll is that it is not properly constructed to
take advantage of the trust mechanism.

Signature

Sue Mosher, Outlook MVP
Author of
    Microsoft Outlook Programming - Jumpstart for
    Administrators, Power Users, and Developers
    http://www.outlookcode.com/jumpstart.aspx

> Sue,
> Thanks for the response. The Outlook Security Settings folder is in the
[quoted text clipped - 23 lines]
>> any case, Outlook 2003 trusts COM add-ins by default. In other words, if
>> SpamNet is the only reason you fired up that folder, you don't need it.

>> > Hello,
>> >
[quoted text clipped - 13 lines]
>> >
>> > cheers /td
Reply to this Message
tdog - 29 Oct 2004 14:29 GMT
Sue,

Thanks. I agree that setting up the Outlook Security Template and not
utilizing the default security may cause SpamNet to trigger the pop-ups.

The spamnet.dll file is the correct add-in to trust (I've been working with
Cloudmark on the issue); however, the Template itself seems to periodically
fail and must be re-created (it gives an error about permissions/passwords
sometimes when we modify the template, and this appears to destroy its
functionality). I think it's odd that when changes are made, we are never
prompted for a password as the MS documentation suggests we should be. Do you
know why that may be?

I agree also that the PDFMOutlook.dll file does not seem to be coded to take
advantage of the built-in Outlook 2003 trusts.

The best scenario, then, is probably to use NO Security Template but allow
the default security model to rule to alleviate the SpamNet pop-ups, and then
disable the PDFMOutlook.dll add-in from loading with Outlook (in the
Registry). I'm still curious about why the Security Template is behaving in
the manner it does - any ideas or suggestions on that would be greatly
appreciated.

As always, thanks so much for your help, Sue.

cheers /td

> Anything is possible, but given that SpamNet works fine without prompts
> under the default trust mechanism built into Outlook 2003, their code
[quoted text clipped - 51 lines]
> >> >
> >> > cheers /td
Reply to this Message
tdog - 29 Oct 2004 14:37 GMT
...and while we're on the subject, does anyone know the difference between
"accessing address information via Outlook security model" vs. "accessing the
address book via Outlook security model" in the Programmatic Settings tab of
the Outlook Security Template?

In practice, setting the former but not the latter to Automatically Approve
would seem to allow access to recipient fields (thus allowing new messages to
be created) but not the Contacts/addresses per se, thus a mass-mailer virus
like Mailissa would fail to function properly as it could not populate the
new messages it generates with addresses from the Contacts list.

But that is my rudimentary understanding at work also...we're just trying to
get a handle on how open/vulnerable clients would be with such settings
enabled. Thanks.

> Sue,
>
[quoted text clipped - 78 lines]
> > >> >
> > >> > cheers /td
Reply to this Message
Sue Mosher [MVP-Outlook] - 29 Oct 2004 15:08 GMT
I think "address information" may cover reading properties like
Email1Address, Body, etc. while "accessing the address book" may refer to
actual address book reads. The only way to know which is relevant to a
particular application is to run it and test.

New messages can always be created without security prompts. It's reading
addresses/address book information that is blocked, to prevent harvesting of
those addresses.
Signature

Sue Mosher, Outlook MVP
Author of
    Microsoft Outlook Programming - Jumpstart for
    Administrators, Power Users, and Developers
    http://www.outlookcode.com/jumpstart.aspx

> ...and while we're on the subject, does anyone know the difference between
> "accessing address information via Outlook security model" vs. "accessing
[quoted text clipped - 11 lines]
> like Mailissa would fail to function properly as it could not populate the
> new messages it generates with addresses from the Contacts list.
Reply to this Message
Sue Mosher [MVP-Outlook] - 29 Oct 2004 14:37 GMT
If you're modifying the security settings item (you should never be
modifying the template itself), open the item, and then choose Edit | Revise
Contents. If you make a change to the members of the item, be sure to make
some other change in the item - perhaps toggling a setting on and off.
Otherwise, Outlook may not save the change to the member list. To save the
changes to the item, choose File | Post. Any other method of modifying the
item may cause problems.

As for the password issue, if you are running Outlook with a profile that
points to a mailbox other than the mailbox for the Windows account that you
are logged in under, you will be prompted for your network credentials the
first time you create a security settings item during a given Outlook
session, you will be prompted for your network credentials. Use the
credentials for the mailbox whose Outlook profile you are using.

Signature

Sue Mosher, Outlook MVP
Author of
    Microsoft Outlook Programming - Jumpstart for
    Administrators, Power Users, and Developers
    http://www.outlookcode.com/jumpstart.aspx

> Sue,
>
[quoted text clipped - 99 lines]
>> >> >
>> >> > cheers /td
Reply to this Message
tdog - 29 Oct 2004 15:57 GMT
Sue,
Thanks for all the info. I am using an Outlook profile that points to my
mailbox as I am logged in to Windows.

I just went to create a new security item (added members in an Exception
Group, toggled settings on, trusted DLL) and used the File-Post method to
save but still got the error message. Weird.

> If you're modifying the security settings item (you should never be
> modifying the template itself), open the item, and then choose Edit | Revise
[quoted text clipped - 114 lines]
> >> >> >
> >> >> > cheers /td
Reply to this Message
Sue Mosher [MVP-Outlook] - 29 Oct 2004 16:05 GMT
What's the exact error message? What permissions does your mailbox user have
on the Outlook Security Settings folder?

Signature

Sue Mosher, Outlook MVP
Author of
    Microsoft Outlook Programming - Jumpstart for
    Administrators, Power Users, and Developers
    http://www.outlookcode.com/jumpstart.aspx

> Sue,
> Thanks for all the info. I am using an Outlook profile that points to my
[quoted text clipped - 24 lines]
>> session, you will be prompted for your network credentials. Use the
>> credentials for the mailbox whose Outlook profile you are using.

>> > Sue,
>> >
[quoted text clipped - 120 lines]
>> >> >> >
>> >> >> > cheers /td
Reply to this Message
tdog - 29 Oct 2004 17:40 GMT
The error is "The access levels on this security setting
cannot be saved, probably because of an invalid
password.  This setting is currently set as a default
setting for all users.  You should either delete the
setting or save it again, and type the correct
password."

If you then close the form, the changes remain, yet the settings no longer
appear to work.

I am a member of a group who has Owner rights to the OSS folder. Could that
have anything to do with it, i.e. should I be added singly as Owner and not
as a member of a group? Thanks.

> What's the exact error message? What permissions does your mailbox user have
> on the Outlook Security Settings folder?
[quoted text clipped - 152 lines]
> >> >> >> >
> >> >> >> > cheers /td
Reply to this Message
Sue Mosher [MVP-Outlook] - 29 Oct 2004 21:15 GMT
Were you trying to modify the default item in the folder or a settings item
for particular people/groups?

I haven't tried it with group permissions on the folder. Might be worth
seeing if the behavior changes if your individual mailbox has Write access.
(Owner is more than you need.)
Signature

Sue Mosher, Outlook MVP
Author of
    Microsoft Outlook Programming - Jumpstart for
    Administrators, Power Users, and Developers
    http://www.outlookcode.com/jumpstart.aspx

> The error is "The access levels on this security setting
> cannot be saved, probably because of an invalid
[quoted text clipped - 15 lines]
>> have
>> on the Outlook Security Settings folder?

>> > Sue,
>> > Thanks for all the info. I am using an Outlook profile that points to
[quoted text clipped - 171 lines]
>> >> >> >> >
>> >> >> >> > cheers /td
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.