Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sending mail with a different users name from a command prompt through Exchange

Posted on 2001-08-01
10
Medium Priority
?
210 Views
Last Modified: 2012-06-27
I'm suspicious that someone is sending spoof mail to users within my companies network.  Is anyone aware of how you can send messages from either DOS or Unix to an Exchange Recipients pretending to be someone else??

Someone seems to be doing something??

Any help on how it?s being done gratefully received.
0
Comment
Question by:mmanning
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 23

Expert Comment

by:slink9
ID: 6340062
It works easily if someone has "Send on behalf of" rights, but this is something that would have to be intentionally set up.  It could not be created by a malicious user without access to the exchange server and the admin password.  I believe it can be assigned by the user who is granting the rights, also.
0
 
LVL 1

Author Comment

by:mmanning
ID: 6340110
Thanks but to give you a bit more info,

We are receiving mails that look like there from a competitor but we are sure they are not??  Its like someone jokingly has sent them internally.  I'm aware in the past one of my collegues sent me a mail from bill.gates@microsoft.com to my exchange account and I've seen it done on an MS Exchange course I was on.  

I just cannot remember how they did it, I'm sure it was from a command prompt??

Thanx
0
 
LVL 1

Expert Comment

by:rezzer
ID: 6340487
I remember from my Exchange course that this can be done by Telnet to the Exchange Server(can't remember the commands)although by looking at the options tab of the mail in Outlook you can tell where the message came from.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 1

Author Comment

by:mmanning
ID: 6340626
Telnet right...ringing bells now... can anyone remember or know?
0
 
LVL 1

Author Comment

by:mmanning
ID: 6340697
Telnet right...ringing bells now... can anyone remember or know?
0
 
LVL 1

Expert Comment

by:rezzer
ID: 6340758
I have the commands somewhere, I'll dig them out
0
 
LVL 1

Author Comment

by:mmanning
ID: 6340766
Thanks
0
 
LVL 17

Expert Comment

by:mikecr
ID: 6341235
Let me tell you something, it's extremely simple to do that and you don't need send on behalf permission. All you need to do is create an email using notepad according to the RFC specifications for mail and drop it in the pickup folder and away it goes. You can change the from line to say basically anything that you want from the President@whitehouse.org down and it will work. SMTP does not care about whether the email is "politically correct", it just sends it. If you can get message tracking turned on on the Exchange server though, it will tell you where it came from....
0
 
LVL 1

Accepted Solution

by:
mjsmith99 earned 400 total points
ID: 6341762
It is easy to spoof a sender address.  You can do it with telnet (to port 25 [i.e. SMTP]) like so :

telnet mail.yourcompany.com 25
mail from:faker@bogus.com
rcpt to:ceo@yourcompany.com
data
subject:yada yada yada
qwerty
qwerty
qwerty
.
quit

Or, you can use one of many programs to more easily achieve the same effect.

If you want to know where the message REALLY came from, look at the SMTP headers on the message (right click on the message and select "options" in Outlook), and you'll see something like :

Received: from realserver.realsender.com (HOSTNAME [10.1.1.1]) by mail.yourcompany.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)

You'll be able to identify the server that the message came from.  Note that this server might have SMTP forwarding enabled, meaning that the original sender sent to the forwarder, which then sent the message to you, effectively hiding the real sender.

You can test whether the sending server can forward.

Hope this helps,

Regards,
Mike
mjsmith99@hotmail.youknowwhat


0
 
LVL 1

Author Comment

by:mmanning
ID: 6343763
Spot on.

Thankyou very much mjsmith99
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question