RE: fake sender and Exchange 5.5

From: Jack Lyons (jack.lyons@martinagency.com)
Date: 04/02/02 

From: Jack Lyons <jack.lyons@martinagency.com>
To: "'S.Leyers'" <s.leyers@subdimension.com>, Focus MS List <focus-ms@securityfocus.com>
Date: Tue, 2 Apr 2002 12:07:45 -0500

One thing you can do is to restrict who can send messages to distribution
lists.

-----Original Message-----
From: S.Leyers [mailto:s.leyers@subdimension.com]
Sent: Tuesday, April 02, 2002 9:53 AM
To: Focus MS List
Subject: fake sender and Exchange 5.5

Hi all,

--------------------------------------------------------------
Problem summary:
--------------------------------------------------------------
An external user can configure his POP3 mail client (outlook,outlook
express) with fake infos like:
Display name: "Big boss" from company @mydomain.org
Email: bigboss@mydomain.org
smtp server: smtp.userlocalisp.org

Now for a big joke or worse he sends a mail:

To: Main_distribution_list @mydomain.org
Subject: everybody get a salary raise !

Everybody will receive the mail as if it was the Boss itself who send the
mail. (You could only tell the thruth by checking the internet headers).

--------------------------------------------------------------
Environment overview in @mydomain.org:
--------------------------------------------------------------
    Firewall
        |
        |
SMTP relay
        |
        |
Exchange 5.5 sp4
       /|\
     / | \
W2K/NT4 clients

Relay & exchange are not openrelay.
Routing set to Reroute incoming SMTP mail....
Selected Routing Restrictions... Hosts and clients that successfully
authenticate and Hosts and clients with specific internal IP addresses

--------------------------------------------------------------
Goal to achieve:
--------------------------------------------------------------
Now as i can reproduce the case over and over, I would like to make the
necessary modifications so that it wouldn't happen anymore.

I would like to set a rule that says something like:
Check mail recipient field 'from' - If it contains "@mydomain.org" AND is
not from intern IP range -> Deny

I posted a request on MS newsgroup ... no usefull answer so far.
I couldn't find any information on how to achieve this.

Thanks for any help

Relevant Pages

  • Re: Autodiscover
    ... John I highly reccomend that you go the route of using only one cert. ... Having clients pointing to two seperate addresses will really screw ... There is a whole host of docs available for exchange 2007/sp1 ... internal exchange server. ...
    (microsoft.public.exchange.admin)
  • Re: Proper DNS configuration for hub-and-spoke replication topolog
    ... each contiguous with one of the child domains. ... we'd like to limit domain controllers to receiving login ... requests from *only* clients in their domain, ... > Once the change to 9 VLANs is complete, a client workstation or an Exchange ...
    (microsoft.public.windows.server.active_directory)
  • Re: Info Store Help!!!
    ... Exchange in SBS is that it is the same as Exchange 2003 Standard. ... The clients are all Outlook 2003 Cached mode. ... The clients are still getting the "Exchange Server cannot be ... Offline Defrag against both the Public and Private stores. ...
    (microsoft.public.exchange.admin)
  • Re: EX address displays in Outlook Contacts instead of SMTP
    ... Outlook clients display users by their EX address instead of their SMTP ... how a company uses an Exchange server is in my opinion irrelevant. ... external pop3 server for internet email is not that uncommon. ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA Basic not possible without SSL?
    ... There is no FBA in Exchange 2000, ... >> server with SSL. ... >> You could issue a Cert from a Windows 2000 RootCA, but then your clients ...
    (microsoft.public.exchange.clients)
Loading