Configuring mail server to prevent "spoofing" of internal mail addresses.

Posted on 2006-10-27
Medium Priority
Last Modified: 2010-08-05
My company just went through an internal vulnerability assessment and one of the recommendations was to configure our 2003 Standard mail server (not exchange-it's for internal use only --employee and application notifications-- and not external email) to prevent someone from the inside telnetting to port 25 and using the helo command to "spoof" an employees email address to send mail to other employees. I am not finding a way to do this at all. Any help would be greatly appreciated, this is driving me insane :) I have to come up with a response for this other than "this is a serious problem?"
Question by:dshaney
LVL 17

Accepted Solution

BudDurland earned 2000 total points
ID: 17822953
I don't think it can be done.

The first part of an SMTP conversation is the user can pretty much enter any e-mail address they want as the 'sender' (which, by the way, doesn't have to be anything like the e-mail address in the "From:" line in the message body.  

I think you can configure the server to only accept mail from a specific domain -- that is, the given e-mail address has to end in '@mycompnay.com'.

The fastest solution might be to turn on SMTP authentication, and it will force the user to identify themselves with an account name and password.  Depending on the type of authentication, the password is send over the wire encrypted -- very hard for a telnet user to duplicate.
LVL 104

Expert Comment

ID: 17825392
When I get "recommendations" such as this I like to ask the company making the recommendations how that should be done. It looks like one of those things where they cannot find anything else to complain about, but most complain about something.

The only way that you could do that would be to use a spam filter to block email messages from your own domain unless authenticated. However that will stop any of the "Send to a friend" type scripts you see on web pages and could also impact other services you may run that send you email.


Author Comment

ID: 17880862

Using SMTP authentication fixes the basic problem. Unfortunately, some application notifications do not offer the ability to authenticate. I see no way to work around that, so I'm going to reply that it is an acceptable risk for us and that those types of emails can be tracked to the source ip, etc...

Thanks for the help :)

Expert Comment

ID: 22611781
How do you track down the IP Addr ?

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Take a look at these 6 Outlook Email management tools which can augment the working and performance of Microsoft Outlook to give you a more rewarding emailing experience.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
The purpose of this video is to demonstrate how to use PicMonkey software to customize images for a Mailchimp campaign. Picmonkey is free and simple online software which can be used by users who don’t have robust editing software such as Photoshop,…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question