?
Solved

Configuring mail server to prevent "spoofing" of internal mail addresses.

Posted on 2006-10-27
4
Medium Priority
?
1,264 Views
Last Modified: 2010-08-05
My company just went through an internal vulnerability assessment and one of the recommendations was to configure our 2003 Standard mail server (not exchange-it's for internal use only --employee and application notifications-- and not external email) to prevent someone from the inside telnetting to port 25 and using the helo command to "spoof" an employees email address to send mail to other employees. I am not finding a way to do this at all. Any help would be greatly appreciated, this is driving me insane :) I have to come up with a response for this other than "this is a serious problem?"
0
Comment
Question by:dshaney
4 Comments
 
LVL 17

Accepted Solution

by:
BudDurland earned 2000 total points
ID: 17822953
I don't think it can be done.

The first part of an SMTP conversation is the user can pretty much enter any e-mail address they want as the 'sender' (which, by the way, doesn't have to be anything like the e-mail address in the "From:" line in the message body.  

I think you can configure the server to only accept mail from a specific domain -- that is, the given e-mail address has to end in '@mycompnay.com'.

The fastest solution might be to turn on SMTP authentication, and it will force the user to identify themselves with an account name and password.  Depending on the type of authentication, the password is send over the wire encrypted -- very hard for a telnet user to duplicate.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17825392
When I get "recommendations" such as this I like to ask the company making the recommendations how that should be done. It looks like one of those things where they cannot find anything else to complain about, but most complain about something.

The only way that you could do that would be to use a spam filter to block email messages from your own domain unless authenticated. However that will stop any of the "Send to a friend" type scripts you see on web pages and could also impact other services you may run that send you email.

Simon.
0
 

Author Comment

by:dshaney
ID: 17880862
Yes,

Using SMTP authentication fixes the basic problem. Unfortunately, some application notifications do not offer the ability to authenticate. I see no way to work around that, so I'm going to reply that it is an acceptable risk for us and that those types of emails can be tracked to the source ip, etc...

Thanks for the help :)
0
 

Expert Comment

by:MelittaChickadee
ID: 22611781
How do you track down the IP Addr ?
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
The purpose of this video is to demonstrate how to set up a Mailchimp campaign. This will include styling and adding elements to a newsletter/email. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchim…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month16 days, 19 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question