Re: mail spoofed/phishing

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On Sun, 20 Aug 2006 15:45:58 -0400, Andy David - MVP
<adavid@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

On Sun, 20 Aug 2006 11:57:01 -0700, inadmin
<inadmin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

The users send email through OWA and RPC over HTTPS.

How would IMF or James advice would help me?

IMF wont hurt you.(well maybe not :P)

But the point is that if you send anything outside of the Exch Org
that sends to your org as your domain, these emails will be blocked.
Ex: Batch jobs from a sendmail server within your org but not part of
the Exch Org that have your domain in the Reply. Web Pages that send
emails to your org that may right now use a reply that appears to be
sent from your domain etc...

Personally, I wouldnt block or use the IMF on the SMTP virtual
server. You should be using a SMTP gateway to provide these functions.
Nothing from the Internet should be touching the Exch Server directly.

Oh and follow Rich's advice as well.



"Andy David - MVP" wrote:

On 20 Aug 2006 10:11:09 -0700, jamestechman@xxxxxxxxx wrote:

Go to ESM, Global Settings, Sender Filtering. Block messages that claim
to be from the following senders: add your domain ie. @yourdomain.com.
This will prevent you from receiving messages spoofed as your own
domain. Make sure that this is applied in your SMTP Virtual Server
setting. I would evaluate your overall Anti SPAM architecture and
follow the advices of the previous posts.

I wouldnt do that unless you are sure that you do not have any
processes outside of Exch that send using your domain as the sender.


James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com

to set the filtering on the SMTP if you're not already doing it.
inadmin wrote:
Hi,

I recently encountered a problem as follows:

A valid user on a domain recieves spam mail from "itself". The email comes
from: "user@xxxxxxxxxx" instead of just the "user" which is his name in the
active directory. Any way to prevent this? As far as I know my server is not
open to relay.

I'm running exchange 2003 sp2.

Thanks in advance.

.

Relevant Pages

  • Re: mail spoofed/phishing
    ... How would IMF or James advice would help me? ... But the point is that if you send anything outside of the Exch Org ... Batch jobs from a sendmail server within your org but not part of ...
    (microsoft.public.exchange.admin)
  • Re: mail spoofed/phishing
    ... How would IMF or James advice would help me? ... But the point is that if you send anything outside of the Exch Org ... Batch jobs from a sendmail server within your org but not part of ...
    (microsoft.public.exchange.admin)
  • Re: Strange IMF behavior
    ... Regarind your first SBS installation, ... Filtering ignores IP Accept lists: ... SBS server including 127.0.0.1 ... IMF Tune - Unleash the Full Intelligent Message Filter Power ...
    (microsoft.public.windows.server.sbs)
  • RE: I need help with Exchange 2003 SP2 SMTP not working now...
    ... different inbound monitoring servers are blocked by IMF. ... > 825763 How to configure Internet access in Windows Small Business Server ... > Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: IMF V2 ContentFilterState Key
    ... messages already and client's server has been live for a week now. ... you find the "MSExchange Intelligent Message ... the Intelligent Message Filter System Monitor ... IMF feature is enabled on Exchange Server. ...
    (microsoft.public.windows.server.sbs)