RE: fake sender and Exchange 5.5
From: Fullerton, James, CON, OASD(HA)/TMA (James.Fullerton@tma.osd.mil)Date: 04/02/02
- Previous message: Ken Seitz: "RE: How to migrate my VeriSign SSL certificate from IIS 4 to IIS 5"
- Maybe in reply to: S.Leyers: "fake sender and Exchange 5.5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Fullerton, James, CON, OASD(HA)/TMA" <James.Fullerton@tma.osd.mil> To: "S.Leyers" <s.leyers@subdimension.com>, Focus MS List <focus-ms@securityfocus.com> Date: Tue, 2 Apr 2002 12:44:51 -0500
This page might have some articles that could assist you:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q196626
I found that by going to www.microsoft.com/exchange and then the quick link
for tips and tricks, which took me to:
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechn
ol/exchange/tips/tips.asp
Hope that helps.
Thank you,
James Fullerton
James.Fullerton@tma.osd.mil
Web Site Developer
IntelliDyne, L.L.C.
-----Original Message-----
From: S.Leyers [mailto:s.leyers@subdimension.com]
Sent: Tuesday, April 02, 2002 7:53 AM
To: Focus MS List
Subject: fake sender and Exchange 5.5
Hi all,
--------------------------------------------------------------
Problem summary:
--------------------------------------------------------------
An external user can configure his POP3 mail client (outlook,outlook
express) with fake infos like:
Display name: "Big boss" from company @mydomain.org
Email: bigboss@mydomain.org
smtp server: smtp.userlocalisp.org
Now for a big joke or worse he sends a mail:
To: Main_distribution_list @mydomain.org
Subject: everybody get a salary raise !
Everybody will receive the mail as if it was the Boss itself who send the
mail. (You could only tell the thruth by checking the internet headers).
--------------------------------------------------------------
Environment overview in @mydomain.org:
--------------------------------------------------------------
Firewall
|
|
SMTP relay
|
|
Exchange 5.5 sp4
/|\
/ | \
W2K/NT4 clients
Relay & exchange are not openrelay.
Routing set to Reroute incoming SMTP mail....
Selected Routing Restrictions... Hosts and clients that successfully
authenticate and Hosts and clients with specific internal IP addresses
--------------------------------------------------------------
Goal to achieve:
--------------------------------------------------------------
Now as i can reproduce the case over and over, I would like to make the
necessary modifications so that it wouldn't happen anymore.
I would like to set a rule that says something like:
Check mail recipient field 'from' - If it contains "@mydomain.org" AND is
not from intern IP range -> Deny
I posted a request on MS newsgroup ... no usefull answer so far.
I couldn't find any information on how to achieve this.
Thanks for any help
- Previous message: Ken Seitz: "RE: How to migrate my VeriSign SSL certificate from IIS 4 to IIS 5"
- Maybe in reply to: S.Leyers: "fake sender and Exchange 5.5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
