Spoofing

In our organization we have Windows 2003 with Exchange 2003 servers running. Recently users are complaining that they are receiving a lot of Non-delivery reports or virus notifications for emails they have not sent at all. I definitely understand that these are due to spam and stuff like that but can you propose a solution to this?
fuzz2004Asked:
Who is Participating?
 
andydisConnect With a Mentor Commented:
these virus's also look at infected peoples contact lists, word documents and even webpages they visit to find new email addressed to send themselves to.

many companies have now adopted ethier:-

1) changing e mail addresses to andydis [at] hotmail.com from andydis@hotmail.com
2) incorporate antispam technology into exchange (comes free with 2003), or setup a completey new "spam gateway" in your DMZ.

if you would like infomation on a solution myself have supplied to many customers please feel free to drop me an email.
0
 
bloemkool1980Commented:
Spam is a pain for everyone today. If you use exchange you could use mailsweeper which can handle spam and anti-virus issues but the problem is that mails from the type you describe are often from valid domains and not blacklisted domains on blacklists for MX.
So there not a real solution for your problem.
0
 
kruptosCommented:
The best solution for this case may be prevention. I would take the following steps:

1. Ensure all client and servers are up to date with there Operating System Patches.
2. Make sure youare running some sort of distributed Anti-Virus, such as Norton Corporate, and verify all clients have the most recent virus definitions.
3. If you have a firewall and router make sure the firmware/OS/IOS are all up to date.
4. if using a firewall, try to filter out the bad emails, for instance, i have a Watchguard Firebox 700, and I am able to set up rules that filter out bad email content.
5. On your exchange server there are may 3rd part applications taht will help reduce the spam and virus distribution as well.

Please let me know if any of this helps, or if you need further assistance.

Thanks!!
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
badroxConnect With a Mentor Commented:
One of the solutions that a lot of sites are looking into (us included) is reverse dns lookups.

This actually works very well and AOL and a few others have already implamented this.  

Most legit mailers will have a reverse DNS that works (and if they don't, they should) but so far it our tests it makes a pretty dramatic difference.


 
0
 
kruptosCommented:
Yes, That is 100% correct....in matter of fact i posted a question when i was having trouble getting mail kicked back from one of our clients..

the problem was simple....our company did not have a reverse DNS entry on the ISP server, and the recipient had their mail server set up to reject all emails that come from a source where there is no Reverse DNS entry...

good job badrox...I forgot that one :-)

0
 
kmcgheeCommented:
Hey, I had the same problem with this virus. I installed an anti spam solution which worked really well. I can give you more details/contact details if you want???

Kev
0
 
TolomirAdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Split: bloemkool1980{http:#10813642} & andydis{http:#10813653} & badrox{http:#badrox}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer
0
 
TolomirAdministratorCommented:
Sorry, typo...

No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Split: bloemkool1980{http:#10813642} & andydis{http:#10813653} & badrox{http:#10817312}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer

0
 
TolomirAdministratorCommented:
Sorry, just 50 points available....

No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Split: andydis{http:#10813653} & badrox{http:#10817312}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.