Sending mail with a different users name from a command prompt through Exchange

I'm suspicious that someone is sending spoof mail to users within my companies network.  Is anyone aware of how you can send messages from either DOS or Unix to an Exchange Recipients pretending to be someone else??

Someone seems to be doing something??

Any help on how it?s being done gratefully received.
LVL 1
mmanningAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
mjsmith99Connect With a Mentor Commented:
It is easy to spoof a sender address.  You can do it with telnet (to port 25 [i.e. SMTP]) like so :

telnet mail.yourcompany.com 25
mail from:faker@bogus.com
rcpt to:ceo@yourcompany.com
data
subject:yada yada yada
qwerty
qwerty
qwerty
.
quit

Or, you can use one of many programs to more easily achieve the same effect.

If you want to know where the message REALLY came from, look at the SMTP headers on the message (right click on the message and select "options" in Outlook), and you'll see something like :

Received: from realserver.realsender.com (HOSTNAME [10.1.1.1]) by mail.yourcompany.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)

You'll be able to identify the server that the message came from.  Note that this server might have SMTP forwarding enabled, meaning that the original sender sent to the forwarder, which then sent the message to you, effectively hiding the real sender.

You can test whether the sending server can forward.

Hope this helps,

Regards,
Mike
mjsmith99@hotmail.youknowwhat


0
 
slink9Commented:
It works easily if someone has "Send on behalf of" rights, but this is something that would have to be intentionally set up.  It could not be created by a malicious user without access to the exchange server and the admin password.  I believe it can be assigned by the user who is granting the rights, also.
0
 
mmanningAuthor Commented:
Thanks but to give you a bit more info,

We are receiving mails that look like there from a competitor but we are sure they are not??  Its like someone jokingly has sent them internally.  I'm aware in the past one of my collegues sent me a mail from bill.gates@microsoft.com to my exchange account and I've seen it done on an MS Exchange course I was on.  

I just cannot remember how they did it, I'm sure it was from a command prompt??

Thanx
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
rezzerCommented:
I remember from my Exchange course that this can be done by Telnet to the Exchange Server(can't remember the commands)although by looking at the options tab of the mail in Outlook you can tell where the message came from.
0
 
mmanningAuthor Commented:
Telnet right...ringing bells now... can anyone remember or know?
0
 
mmanningAuthor Commented:
Telnet right...ringing bells now... can anyone remember or know?
0
 
rezzerCommented:
I have the commands somewhere, I'll dig them out
0
 
mmanningAuthor Commented:
Thanks
0
 
mikecrCommented:
Let me tell you something, it's extremely simple to do that and you don't need send on behalf permission. All you need to do is create an email using notepad according to the RFC specifications for mail and drop it in the pickup folder and away it goes. You can change the from line to say basically anything that you want from the President@whitehouse.org down and it will work. SMTP does not care about whether the email is "politically correct", it just sends it. If you can get message tracking turned on on the Exchange server though, it will tell you where it came from....
0
 
mmanningAuthor Commented:
Spot on.

Thankyou very much mjsmith99
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.