Solved

How to verify Lotus Notes Sender

Posted on 2004-03-24
8
513 Views
Last Modified: 2013-12-18
I would like to know whether there is any way to verify the sender for Lotus Notes.

One of my client's Lotus Notes email address has been spoofed by someone, so they are looking for a way in Lotus Notes to protect this situation to happen again. For instance, whether there is a way to authenticate both the user id and lotus notes email address together?

Thank you for any advice.
0
Comment
Question by:kodegenos
8 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 10665958
Hi kodegenos,

In Notes the sender can add his signature, so the receiver can see that it really was the sender who sent the mail.

Cheers!
   Sjef
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10666508
What do you mean, it has been spoofed ?  

Over the internet (smtp), or over Notes - to - Notes  (nrpc) trafic ?

I think sjef means the sender can 'sign' his message, to allow the receiver to verify this.  This only works for Notes-to-Notes email ...

Tom
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 10668218
The new virus does spoof the sender names there is nothing you can do about it except do a virus check and delete any potential virus attachments..

~Hemanth
0
 
LVL 31

Accepted Solution

by:
qwaletee earned 200 total points
ID: 10669121
1) Look at Delivery info, it will tell you if it was a pure Notes message, or came in via the internet

2) Look at $UpdatedBy, the first entry shoudl be the person who created the document, regardless of what teh SendTo field says.  For an internet message, that would be your inbound Domno SMTP server name.  For an internal message, it should be the name of the user who created the doc.  If it is an internal message but has a server name, then either an agent sent the message, or the spoofer has access to a server ID.

Exceptions: if a user has access to another user's ID, the purloined ID can be used to create untraceable spoofs.  Or, if one user has another user sign or modify an agent, the signer/modifier will be seen as the sender of messages from that agent.  The programmer sets things up so lots of messages will appear to come from the signer.  That's good for system messages, but can be abused by a crafty programmer for spoofing.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:kodegenos
ID: 10673709
Thanks for everyone reply.

I get to know that Lotus Notes require a user to authenticate to the server with a correct address and password before they can send email. What do they mean by the correct address? Do they mean they need their own address to send mail? eg. user id is kgoh, and the user must use kgoh@mydomain.com to send email? How about if they use othername@mydomain.com to send as user id 'kgoh'?
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10680267
If you mean that someone send a message over the internet containing a virus, that appears to come from you (kgoh@mydomain.com), and you now get all the alert messages from various antivirus engines, you can't do anything about that.

That has nothing to do with Notes - any idiot with a networkconnection can send an email that appears to come from you.

Try it yourself : telnet to port 25 on your smtp server , and start sending away , impersonating every user you want ....  (actually, if you set your smtp server correctly, you'll need to use a from address from within your domain, but on the internet, you can do what you want ... you'll get the idea)

telnet mail.yourmailserver.com 25
| Out: 220 mail.yourmailserver.com Ready for action (whatever/SMTP)
| In: helo mail.yourmailserver.com
| Out: 250 hodgsonfamily.org
| In: mail from: <WHOEVER@WHATEVER.COM>
| Out: 250 receiving from WHOEVER@WHATEVER.COM
| In: rcpt to: <testaddress@yourmailserver.com>
| Out: 250 will send to testaddress@yourmailserver.com
| In: data
| Out: 354 send the message, terminate with "."
| In: from: SPAMMER <WHOEVER@WHATEVER.COM>
| In: To: <testaddress@yourmailserver.com>
| In: Subject: Telnet test 1
| In: TEST
| In: .
| Out: 250 received the message, thanks
| In: rset
| Out: 250 clearing sender and recipient list, go ahead
| In: quit
| Out: 221 have a nice day (SMTP Closing)
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 10707599
Bozzie is correct about SMTP.  It is also possible internally, though the user would have to be pretty sophisticated to avoid all detection.
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 10728197
kodegenos,

FYI, it has nothing to do with the Notes user's internet adddress.  It is the "user name" embedded in the user.id file, which generally matches a Full Name in the server names.nsf.  The authenication uses Public Key Cryptography to verify identity.  It is rather complicated.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
I thought it will be a good idea to make a post as it will help in case someone else faces these issues. I trust this gives an idea how each entry in Notes.ini can mean a lot for the Domino Server to be functioning properly. This article discusses t…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now