Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Spoofed email addresses can send to Exchange 2000 Distribution Lists

Posted on 2004-03-31
11
Medium Priority
?
970 Views
Last Modified: 2010-03-05
Within Exchange 2000 I know it is possible to limit what users that can send to a distribution list (Exchange General/Message Restrictions/Accept Messages/Only From).

Thanks to one of the many viruses (beagle) I found an interesting hole.

If you spoof an email address that is allowed to send to the distribution list, it will send it to the distribution group. Not a good thing when it can go out to the entire company...

I have searched several places and can't find a fix for this. Maybe I'm searching the wrong places.

Is there a way to prevent spoofed addresses from sending to Exchange 2000 Distribution lists?
0
Comment
Question by:menhouse
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 10

Expert Comment

by:dstoker509
ID: 10726846
No, it is a new feature for Exchange 2003.

http://www.microsoft.com/exchange/evaluation/features/default.asp
"Distribution lists restricted to authenticated users. You can allow only sending from authenticated users or specify which users can or cannot send mail to specified distribution lists. " 
0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 10727208
Well, you can disallow your domain on the inbound email server.

Say you blocked *@yourdomain.com from being able to be a sending address from outside your org. Then when anyone spoofs the address, it would just get dropped. Are you using any kind of email filter tool?

D
0
 

Author Comment

by:menhouse
ID: 10727355
Kidego

What type email filtering are you looking for? I have a Symantec Antivirus Gateway on the outside that scans for spam and viruses before it hits the mail server. I actually had thought of doing what you are saying out there. Guess I was hoping that Microsoft had a fix or something simple I had missed. Seems like a very large hole.

0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 2

Expert Comment

by:timiano
ID: 10727607
Under security for the distribution group there is a property called send to, just set it so only domain users/authenticated users can send to that mail address, therefore requiring authentication, and anything from the outside world will not be able to authenticate.

Timiano
0
 
LVL 24

Accepted Solution

by:
David Wilhoit earned 2000 total points
ID: 10728270
No, not really a hole. I mean, who should really think of having to block their own domain from being a sender from the other side?? The spammers have gotten very good, and the viruses are more sophisticated now. I believe SAG can do the domain name blocking for you, test it out.

Timiano, is that functionality available in E2K? I don't have it in front of me, I'm on E2K3 now....

D
0
 
LVL 2

Expert Comment

by:timiano
ID: 10728293
Kidego,

In AD users and computers, find group, properties, security,....in the ACL Send to...make sure everyone doesn't have that permission, and restrict it to authenticated users/domain users, or similar group.

Timiano
0
 
LVL 2

Expert Comment

by:timiano
ID: 10728294
and yes sorry, in E2k
0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 10728326
cool, just asking. I need to build an E2K box for all the questions that get posted on it.... :)

D
0
 

Author Comment

by:menhouse
ID: 10728427
I realize that I'm most likely a rookie compared to you guys, but I do have the security set as timiano has recommended. I am still finding that a user that is specified to be able to send to the DL doesn't have to be authenticated to be able to send to the list. Now this a distribution that was carried over from an Exchange 5.5 upgrade so maybe there is something there... I have run several tests and as long as the email address matches, it doesn't have to authenticate. From what I understand E2K3 does work that way.

If I'm wrong please correct me.

In the mean time I have done what Kidego recommended and it has corrected the problem The solution works, also cuts out all the spoofed garbage related to all these viruses that are flying around.

I'm okay with that solution, but if I can get E2K to do it properly I think that's a better solution. I'm just not seeing it.

Thanks guys


0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 10728491
Exactly. It's a good way to keep out the crap. It resolves more than one issue. I'll bet if a user inside your network tried to send to that DL, unless they wer authenticated, it wouldn't send. That's because they are legit users, and are bound by the security.

D
0
 

Author Comment

by:menhouse
ID: 10728843
Exactly, Local users can't send to it, unless they have the proper credentials.

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question