Re: mail spoofed/phishing

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

How is Rich's advice going to help me?
How can the spammer spoof the email address? I don't believe they are doing
it via telnet.

"Andy David - MVP" wrote:

On Sun, 20 Aug 2006 15:45:58 -0400, Andy David - MVP
<adavid@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

On Sun, 20 Aug 2006 11:57:01 -0700, inadmin
<inadmin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

The users send email through OWA and RPC over HTTPS.

How would IMF or James advice would help me?

IMF wont hurt you.(well maybe not :P)

But the point is that if you send anything outside of the Exch Org
that sends to your org as your domain, these emails will be blocked.
Ex: Batch jobs from a sendmail server within your org but not part of
the Exch Org that have your domain in the Reply. Web Pages that send
emails to your org that may right now use a reply that appears to be
sent from your domain etc...

Personally, I wouldnt block or use the IMF on the SMTP virtual
server. You should be using a SMTP gateway to provide these functions.
Nothing from the Internet should be touching the Exch Server directly.

Oh and follow Rich's advice as well.



"Andy David - MVP" wrote:

On 20 Aug 2006 10:11:09 -0700, jamestechman@xxxxxxxxx wrote:

Go to ESM, Global Settings, Sender Filtering. Block messages that claim
to be from the following senders: add your domain ie. @yourdomain.com.
This will prevent you from receiving messages spoofed as your own
domain. Make sure that this is applied in your SMTP Virtual Server
setting. I would evaluate your overall Anti SPAM architecture and
follow the advices of the previous posts.

I wouldnt do that unless you are sure that you do not have any
processes outside of Exch that send using your domain as the sender.


James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com

to set the filtering on the SMTP if you're not already doing it.
inadmin wrote:
Hi,

I recently encountered a problem as follows:

A valid user on a domain recieves spam mail from "itself". The email comes
from: "user@xxxxxxxxxx" instead of just the "user" which is his name in the
active directory. Any way to prevent this? As far as I know my server is not
open to relay.

I'm running exchange 2003 sp2.

Thanks in advance.


.

Relevant Pages

  • Re: mail spoofed/phishing
    ... How would IMF or James advice would help me? ... But the point is that if you send anything outside of the Exch Org ... Batch jobs from a sendmail server within your org but not part of ...
    (microsoft.public.exchange.admin)
  • Re: mail spoofed/phishing
    ... Its the nature of SMTP. ... But the point is that if you send anything outside of the Exch Org ... Batch jobs from a sendmail server within your org but not part of ...
    (microsoft.public.exchange.admin)
  • Re: mail spoofed/phishing
    ... anyone can spoof an email address. ... But the point is that if you send anything outside of the Exch Org ... Batch jobs from a sendmail server within your org but not part of ...
    (microsoft.public.exchange.admin)
  • Re: mail spoofed/phishing
    ... How would IMF or James advice would help me? ... But the point is that if you send anything outside of the Exch Org ... Batch jobs from a sendmail server within your org but not part of ...
    (microsoft.public.exchange.admin)
  • Re: Basic NT4 to w2k3 migration questions
    ... > The easiest way and the least disruptive is to upgrade your existing PDC ... If you can't do that then use the "advice". ... >> hardware and then upgrading it to w2k3 which sounds a bit idiotic to me. ... This includes a Windows 2003 Exchance server. ...
    (microsoft.public.windows.server.migration)