Re: Filter email from malicious sender

It's a simple fact that anyone can say that they're anyone using SMTP. That
is, you can send a mail that says you're from "Bill Gates
<billg@xxxxxxxxxxxxx>" and you have to examine the headers to determine if
they're spoofed. Please feel free to read Internet RFCs 2821 and 2822 to
understand what I'm talking about.

I'm not suggesting that you ignore Microsoft's warning. What I'm suggesting
is that you take all steps necessary to ensure that mail received from the
outside doesn't look to users like it's coming from inside your network.
Other than doing that, there isn't a whole lot you can do short of
installing and tuning content filters to block the things you want blocked.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"MASIV" <MASIV@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:902FECE4-D222-46C5-8A11-7F3E60097091@xxxxxxxxxxxxxxxx
Exchange version: Exchange Server 2003 SP2

This is not being sent as Send As. It is sent from the Internet. I can
see
his address in the headers.

The problem is that it has been requested that I block the email from
getting to the users and to send a copy or redirect the email to an
account
for legal purposes.

Are you suggesting that I set the resolve anon email on the backend
servers?
I did not set it because of this statement from Microsoft:

Note Microsoft does not recommend that you turn on the Resolve anonymous
E-mail option on any Exchange computers that receive mail from the
Internet.
If you turn on the Resolve anonymous senders option, any user can send
anonymous mail through the SMTP server, and the mail message appears to
the
recipient as authenticated mail.

Can I set this on the backend servers only?




"Ed Crowley [MVP]" wrote:

If he's doing this using Send As, then your permissions model is a mess.

If he's doing this using SMTP, then you need to lock down your SMTP
services
so that unauthorized senders can't send to them. If he's sending from
the
Internet, then your Exchange Server isn't locked down to prevent
spoofing.
You didn't specify your Exchange version, so you're welcome to search for
"ResolveP2" yourself and see if the hits apply to your version.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"MASIV" <MASIV@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3897A3AD-CC56-46F0-89E8-20E816FDA397@xxxxxxxxxxxxxxxx
Situation: Ex employee is sending email spoofed to look like it is
sent
from
one of our HR reps. He is sending to random people in the
organization.

Need: Ability to have the email redirected to specific account and not
reach the intended recipient. i.e. have the email redirected/forwarded
to
a
certain account (legal or HR) and block the email from being delivered
to
original intended recipient.

I don't think Exchange can do this without addition of a thrid party
solution. If true, can anyone direct me to a package that can do this?






.