If NTLM authentication is used with front-end server it possible random access to wrong mailbox.
vulners.com/securityvulns/securityvulns:doc:5630