Solved

Configuring mail server to prevent "spoofing" of internal mail addresses.

Posted on 2006-10-27
4
1,260 Views
Last Modified: 2010-08-05
My company just went through an internal vulnerability assessment and one of the recommendations was to configure our 2003 Standard mail server (not exchange-it's for internal use only --employee and application notifications-- and not external email) to prevent someone from the inside telnetting to port 25 and using the helo command to "spoof" an employees email address to send mail to other employees. I am not finding a way to do this at all. Any help would be greatly appreciated, this is driving me insane :) I have to come up with a response for this other than "this is a serious problem?"
0
Comment
Question by:dshaney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 17

Accepted Solution

by:
BudDurland earned 500 total points
ID: 17822953
I don't think it can be done.

The first part of an SMTP conversation is the user can pretty much enter any e-mail address they want as the 'sender' (which, by the way, doesn't have to be anything like the e-mail address in the "From:" line in the message body.  

I think you can configure the server to only accept mail from a specific domain -- that is, the given e-mail address has to end in '@mycompnay.com'.

The fastest solution might be to turn on SMTP authentication, and it will force the user to identify themselves with an account name and password.  Depending on the type of authentication, the password is send over the wire encrypted -- very hard for a telnet user to duplicate.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17825392
When I get "recommendations" such as this I like to ask the company making the recommendations how that should be done. It looks like one of those things where they cannot find anything else to complain about, but most complain about something.

The only way that you could do that would be to use a spam filter to block email messages from your own domain unless authenticated. However that will stop any of the "Send to a friend" type scripts you see on web pages and could also impact other services you may run that send you email.

Simon.
0
 

Author Comment

by:dshaney
ID: 17880862
Yes,

Using SMTP authentication fixes the basic problem. Unfortunately, some application notifications do not offer the ability to authenticate. I see no way to work around that, so I'm going to reply that it is an acceptable risk for us and that those types of emails can be tracked to the source ip, etc...

Thanks for the help :)
0
 

Expert Comment

by:MelittaChickadee
ID: 22611781
How do you track down the IP Addr ?
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I tend toward trying the newest hardware and software.  Thiss sometimes works out to my benefit, and sometimes not.  Because I downloaded and installed Android 5.x (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.htm…
This is my first article on Expert Exchange on the Manual Method of Exporting Office 365 Mailboxes to PST format by using the eDiscovery mechanism of Office. Hope you will enjoy the article.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question