Re: Fake internal e-mails

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

curiously, this is the first I've heard of LanWench's idea to filter in this manner.

Unfortunately, I have to question something.

Exchange filtering operates on the SMTP level so such filtering would effect _any_ traffic submitted (processed?) by SMTP. No problem for Outlook users (local or remote) but what impact might it have to SBS's internal processes (monitoring and reporting) which submit info to Exchange?

I'd probably also be looking at SPF to limit such but I've never actually tried it. Will Exchange filter its own domain using SPF? This would limit 'external' servers from submitting mail from @mydomain.com. (GAWD, another thing I need to look at :-)

"TL" <torrey no spam moderntravel no spam net> wrote in message news:OVY5lPkaJHA.4684@xxxxxxxxxxxxxxxxxxxxxxx
Thank you for your reply. A few questions for you, if I may?

We use SMTP and the pop connector. Does that mean we cannot use your suggestion of adding our domain to the sender blacklist? If we are still able to, then, where do I find the sender blacklist settings so I can add our domain to it. If we do this, I take it, internal users can still send to each other within the network? It just won't let outside users send e-mail to our server using our domain e-mail addresses, right?

Last question, I have heard of them, but what are listservs?

Thank you again.


"Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:%238ee3KkaJHA.4424@xxxxxxxxxxxxxxxxxxxxxxx
TL wrote:
I am annoyed at the amount of e-mails our users are getting that
appear to be coming from the internal network. They show they are
sent from users inside our network to users inside our network. This
has happened in the past, but it was usually one or two once in a
blue moon. In the past week or two, we are getting up to 50 a day.

Is there a way to prevent these?

You're getting spam that spoofed the sender. This happens to everyone. One way to combat it is to add @mydomain.com to the sender blacklist settings in Exchange (this will stop all inbound mail that purports to be *from* your domain...be careful if you also use a listserv/etc via a third party). Make sure you've got Exchange 2003 SP2 and filtering is enabled, also...and note that you can't do any of this if you're using the POP connector.




.

Relevant Pages

  • Re: Fake internal e-mails
    ... Exchange filtering operates on the SMTP level so such filtering would ... None whatsoever - it would affect only inbound internet mail. ...
    (microsoft.public.windows.server.sbs)
  • Re: New Spam Question
    ... Enable SenderID Filtering, publish SPF record for your domain. ... If not already using Content Filter (or Intelligent Message Filter in Exchange Server 2003), ... it's recommended to enable SMTP tarpit as well. ... Recently I am receiving spam emails from http://www.royaleurogaming.com ...
    (microsoft.public.exchange.admin)
  • Re: IMF catching good mail
    ... telling Exchange to ignore the IP addressof non-Exchange smtp hosts/gateways which will handle incoming internet mail. ... If Exchange isn't directly receiving inbound, ... For smtp hosts that don't belong to your organization, add these to the Global Accept list (in Connection Filtering tab under Message Delivery properties), and enable Connection Filtering on SMTP virtual server. ...
    (microsoft.public.exchange.admin)
  • Re: If I am being spoofed, what to do ?
    ... on that informative e-mail the only names/IP associated ... I didn't see any of my Exchange server addresses listed there so my ... MAPI and doesn't need SMTP to send e-mail, ... > If the message didn't originate from you network there's not a whole ...
    (microsoft.public.exchange.admin)
  • Re: New exchange server on a child domain.
    ... MVP - Exchange ... I have set up a network within a network.. ... My new network is made up of a Server 2003 DC (plugged into the ... Did you do any configuration to your SMTP virtual server? ...
    (microsoft.public.exchange.admin)