BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   BES and domain name/exchange migration (http://www.blackberryforums.com/bes-admin-corner/260852-bes-domain-name-exchange-migration.html)

alceryes 08-02-2012 10:37 AM

BES and domain name/exchange migration
 
In short, if I try to activate a BB with [email address] how does RIM match up that email address with the correct BES server? What if there's some malicious BES admins out there and there's several BES servers activated with the XYZ.com domain?

We are migrating a handful of users from two companies to new comapny (hardware/domain/IP etc...). The domain name for this new company is currently pointing to one of the two other companies. We even have a blackberry or two activated on the BES at this other company. We are trying to test the new environment and are having discussions on how RIM knows which BES server to make the connection to when a BB activation is attempted with XYZ.com domain.

Any help, suggestions, discussions on the matter is appreciated.
TIA!

alceryes 08-02-2012 11:05 AM

Re: BES and domain name/exchange migration
 
Okay, I THINK we figured it out. The activation hash seems to be sent from RIM. So it has to go to a valid external email address. It performs an MX lookup (of sorts).

nobody7290 08-02-2012 04:16 PM

Re: BES and domain name/exchange migration
 
If you activate a Handheld wireless, the Blackberry will send a message to the email address the user enters in the enterprise activation dialog using the RIM infrastructure. As you already found out, email will be delivered using the MX records for the domain.

This message is most likely encrypted, but because the one time activation password is short, it is not impossible that someone inbetween is able to decrypt the message.
After that, the Handheld + the Server will negotiate a strong encryption.

If you are paranoid, you are always able to do a wired activation, then you can be 100% sure that nobody else then the server which was meant to receive the activation mail will receive it.

http://testlab.sit.fraunhofer.de/dow...-06-104302.pdf


All times are GMT -5. The time now is 11:56 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.