Re: External messages "spoofed" as coming from our internal domain are accepted
From: Deji Akomolafe (deji_at_
Date: 03/04/04
- Next message: Jenny Frye [MSFT]: "Re: Not Receiving NDR's for some bad email addresses"
- Previous message: Curt Winter: "Re: Slow Outbound SMTP"
- In reply to: Patrick Genova [MSFT]: "Re: External messages "spoofed" as coming from our internal domain are accepted"
- Next in thread: MB: "Re: External messages "spoofed" as coming from our internal domain are accepted"
- Reply: MB: "Re: External messages "spoofed" as coming from our internal domain are accepted"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 4 Mar 2004 11:29:43 -0800
>> When receiving mail we only look at the
>> domain of the recipient and not at the sending domain.
Patrick, this is not correct. You look at BOTH the FROM and the TO. One of
them must be local in order to avoid not being a "open" relay. IF the FROM
is local, then you look to see if the server requires AUTH and then accept
or reject the mail based on that. ALSO, if neither the FROM nor the TO is
local, then you check to see whether or not the server accepts relay and if
it does, you let the mail through. In whatever case, BOTH TO and FROM are
looked at.
-- Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon "Patrick Genova [MSFT]" <pgenova@online.microsoft.com> wrote in message news:uANVMNeAEHA.1700@TK2MSFTNGP12.phx.gbl... > Hi, > > There is really no way around this. When receiving mail we only look at the > domain of the recipient and not at the sending domain. If we accept mail for > this domain we accept that mail and then once we do Exchange will do the > lookup on the recipient and deliver the mail to that mailbox. You may want > to take a look at the following article about reverse DNS lookup. But even > this will only append to the message header the domain that the mail is > coming from. > > 297412 The "Perform Reverse DNS Lookup for Incoming Messages" Option Is for > http://support.microsoft.com/?id=297412 > > Hope this helps, > -- > Patrick Genova > Pgenova@online.microsoft.com > Please do not send mail directly to this alias. This alias is for Newsgroup > purposes only. > This posting is provided "AS IS" with no warranties, and confers no rights. > > "D. Kelly" <support@samsonmanagement.com> wrote in message > news:3b2501c40167$20f4cd30$a601280a@phx.gbl... > > Full Subject: External messages "spoofed" as coming from > > our internal domain are accepted and delivered to valid > > internal users. > > > > Any suggestions to correct this issue would be appreciated: > > > > Users are receiving external internet e-mail > > which appears to be sent from non-existent users > > "successfully pretending" to be within our > > internally defined system. > > > > eg. Lets say I have a valid MX record > > for "mydomain.com" & > > gus@mydomain.com receives a message from > > bob@mydomain.com > > Unfortunately... > > Although gus@mydomain.com is a valid user which > > we administer, > > bob@mydomain.com doesn't exist. > > Nevertheless someone can externally > > spoof "bob@mydomain.com" > > & my Exchange 2000 system delivers the mail > > as if bob@mydomain.com is a valid account > > > > Extra System Details - > > > > Our corporate e-mail's MX record points mail > > for "mydomain.com" to the > > external IP of an ISA firewall. > > There's publishing rule(s) on the ISA server to forward > > SMTP traffic > > for "mydomain.com" to our Exchange Server. > > & > > The Exchange Server's SMTP connector - > > - accepts the ISA server's "forwarded" messages > > - & ultimately handles message delivery > > > > Although I've examined the ISA publishing rules & > > Exchange's SMTP connector settings; > > I'm uncertain where the "security"/mail delivery failure > > occurs. > > Ideally, I would prefer to have Exchange Server properly > > manage/handle the SMTP mail > > rather than make ISA server do the job for Exchange. > > > > Thanks in advance. > > > > D. Kelly > > POSTING TO: > > microsoft.public.exchange2000.transport & > > microsoft.public.exchange2000.general > >
- Next message: Jenny Frye [MSFT]: "Re: Not Receiving NDR's for some bad email addresses"
- Previous message: Curt Winter: "Re: Slow Outbound SMTP"
- In reply to: Patrick Genova [MSFT]: "Re: External messages "spoofed" as coming from our internal domain are accepted"
- Next in thread: MB: "Re: External messages "spoofed" as coming from our internal domain are accepted"
- Reply: MB: "Re: External messages "spoofed" as coming from our internal domain are accepted"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
