Spoofed email addresses can send to Exchange 2000 Distribution Lists
Posted on 2004-03-31
Within Exchange 2000 I know it is possible to limit what users that can send to a distribution list (Exchange General/Message Restrictions/Accept Messages/Only From).
Thanks to one of the many viruses (beagle) I found an interesting hole.
If you spoof an email address that is allowed to send to the distribution list, it will send it to the distribution group. Not a good thing when it can go out to the entire company...
I have searched several places and can't find a fix for this. Maybe I'm searching the wrong places.
Is there a way to prevent spoofed addresses from sending to Exchange 2000 Distribution lists?