Solved

Spoofing

Posted on 2004-04-13
10
245 Views
Last Modified: 2010-04-11
In our organization we have Windows 2003 with Exchange 2003 servers running. Recently users are complaining that they are receiving a lot of Non-delivery reports or virus notifications for emails they have not sent at all. I definitely understand that these are due to spam and stuff like that but can you propose a solution to this?
0
Comment
Question by:fuzz2004
10 Comments
 
LVL 6

Expert Comment

by:bloemkool1980
Comment Utility
Spam is a pain for everyone today. If you use exchange you could use mailsweeper which can handle spam and anti-virus issues but the problem is that mails from the type you describe are often from valid domains and not blacklisted domains on blacklists for MX.
So there not a real solution for your problem.
0
 
LVL 4

Accepted Solution

by:
andydis earned 25 total points
Comment Utility
these virus's also look at infected peoples contact lists, word documents and even webpages they visit to find new email addressed to send themselves to.

many companies have now adopted ethier:-

1) changing e mail addresses to andydis [at] hotmail.com from andydis@hotmail.com
2) incorporate antispam technology into exchange (comes free with 2003), or setup a completey new "spam gateway" in your DMZ.

if you would like infomation on a solution myself have supplied to many customers please feel free to drop me an email.
0
 
LVL 4

Expert Comment

by:kruptos
Comment Utility
The best solution for this case may be prevention. I would take the following steps:

1. Ensure all client and servers are up to date with there Operating System Patches.
2. Make sure youare running some sort of distributed Anti-Virus, such as Norton Corporate, and verify all clients have the most recent virus definitions.
3. If you have a firewall and router make sure the firmware/OS/IOS are all up to date.
4. if using a firewall, try to filter out the bad emails, for instance, i have a Watchguard Firebox 700, and I am able to set up rules that filter out bad email content.
5. On your exchange server there are may 3rd part applications taht will help reduce the spam and virus distribution as well.

Please let me know if any of this helps, or if you need further assistance.

Thanks!!
0
 
LVL 1

Assisted Solution

by:badrox
badrox earned 25 total points
Comment Utility
One of the solutions that a lot of sites are looking into (us included) is reverse dns lookups.

This actually works very well and AOL and a few others have already implamented this.  

Most legit mailers will have a reverse DNS that works (and if they don't, they should) but so far it our tests it makes a pretty dramatic difference.


 
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 4

Expert Comment

by:kruptos
Comment Utility
Yes, That is 100% correct....in matter of fact i posted a question when i was having trouble getting mail kicked back from one of our clients..

the problem was simple....our company did not have a reverse DNS entry on the ISP server, and the recipient had their mail server set up to reject all emails that come from a source where there is no Reverse DNS entry...

good job badrox...I forgot that one :-)

0
 
LVL 1

Expert Comment

by:kmcghee
Comment Utility
Hey, I had the same problem with this virus. I installed an anti spam solution which worked really well. I can give you more details/contact details if you want???

Kev
0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Split: bloemkool1980{http:#10813642} & andydis{http:#10813653} & badrox{http:#badrox}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer
0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
Sorry, typo...

No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Split: bloemkool1980{http:#10813642} & andydis{http:#10813653} & badrox{http:#10817312}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer

0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
Sorry, just 50 points available....

No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Split: andydis{http:#10813653} & badrox{http:#10817312}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now