menhouse
asked on
Spoofed email addresses can send to Exchange 2000 Distribution Lists
Within Exchange 2000 I know it is possible to limit what users that can send to a distribution list (Exchange General/Message Restrictions/Accept Messages/Only From).
Thanks to one of the many viruses (beagle) I found an interesting hole.
If you spoof an email address that is allowed to send to the distribution list, it will send it to the distribution group. Not a good thing when it can go out to the entire company...
I have searched several places and can't find a fix for this. Maybe I'm searching the wrong places.
Is there a way to prevent spoofed addresses from sending to Exchange 2000 Distribution lists?
Thanks to one of the many viruses (beagle) I found an interesting hole.
If you spoof an email address that is allowed to send to the distribution list, it will send it to the distribution group. Not a good thing when it can go out to the entire company...
I have searched several places and can't find a fix for this. Maybe I'm searching the wrong places.
Is there a way to prevent spoofed addresses from sending to Exchange 2000 Distribution lists?
Last Comment
Well, you can disallow your domain on the inbound email server.
Say you blocked *@yourdomain.com from being able to be a sending address from outside your org. Then when anyone spoofs the address, it would just get dropped. Are you using any kind of email filter tool?
D
Say you blocked *@yourdomain.com from being able to be a sending address from outside your org. Then when anyone spoofs the address, it would just get dropped. Are you using any kind of email filter tool?
D
ASKER
Kidego
What type email filtering are you looking for? I have a Symantec Antivirus Gateway on the outside that scans for spam and viruses before it hits the mail server. I actually had thought of doing what you are saying out there. Guess I was hoping that Microsoft had a fix or something simple I had missed. Seems like a very large hole.
What type email filtering are you looking for? I have a Symantec Antivirus Gateway on the outside that scans for spam and viruses before it hits the mail server. I actually had thought of doing what you are saying out there. Guess I was hoping that Microsoft had a fix or something simple I had missed. Seems like a very large hole.
Under security for the distribution group there is a property called send to, just set it so only domain users/authenticated users can send to that mail address, therefore requiring authentication, and anything from the outside world will not be able to authenticate.
Timiano
Timiano
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Kidego,
In AD users and computers, find group, properties, security,....in the ACL Send to...make sure everyone doesn't have that permission, and restrict it to authenticated users/domain users, or similar group.
Timiano
In AD users and computers, find group, properties, security,....in the ACL Send to...make sure everyone doesn't have that permission, and restrict it to authenticated users/domain users, or similar group.
Timiano
and yes sorry, in E2k
cool, just asking. I need to build an E2K box for all the questions that get posted on it.... :)
D
D
ASKER
I realize that I'm most likely a rookie compared to you guys, but I do have the security set as timiano has recommended. I am still finding that a user that is specified to be able to send to the DL doesn't have to be authenticated to be able to send to the list. Now this a distribution that was carried over from an Exchange 5.5 upgrade so maybe there is something there... I have run several tests and as long as the email address matches, it doesn't have to authenticate. From what I understand E2K3 does work that way.
If I'm wrong please correct me.
In the mean time I have done what Kidego recommended and it has corrected the problem The solution works, also cuts out all the spoofed garbage related to all these viruses that are flying around.
I'm okay with that solution, but if I can get E2K to do it properly I think that's a better solution. I'm just not seeing it.
Thanks guys
If I'm wrong please correct me.
In the mean time I have done what Kidego recommended and it has corrected the problem The solution works, also cuts out all the spoofed garbage related to all these viruses that are flying around.
I'm okay with that solution, but if I can get E2K to do it properly I think that's a better solution. I'm just not seeing it.
Thanks guys
Exactly. It's a good way to keep out the crap. It resolves more than one issue. I'll bet if a user inside your network tried to send to that DL, unless they wer authenticated, it wouldn't send. That's because they are legit users, and are bound by the security.
D
D
ASKER
Exactly, Local users can't send to it, unless they have the proper credentials.
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
http://www.microsoft.com/exchange/evaluation/features/default.asp
"Distribution lists restricted to authenticated users. You can allow only sending from authenticated users or specify which users can or cannot send mail to specified distribution lists. "