Solved

Configuring mail server to prevent "spoofing" of internal mail addresses.

Posted on 2006-10-27
4
1,257 Views
Last Modified: 2010-08-05
My company just went through an internal vulnerability assessment and one of the recommendations was to configure our 2003 Standard mail server (not exchange-it's for internal use only --employee and application notifications-- and not external email) to prevent someone from the inside telnetting to port 25 and using the helo command to "spoof" an employees email address to send mail to other employees. I am not finding a way to do this at all. Any help would be greatly appreciated, this is driving me insane :) I have to come up with a response for this other than "this is a serious problem?"
0
Comment
Question by:dshaney
4 Comments
 
LVL 17

Accepted Solution

by:
BudDurland earned 500 total points
ID: 17822953
I don't think it can be done.

The first part of an SMTP conversation is the user can pretty much enter any e-mail address they want as the 'sender' (which, by the way, doesn't have to be anything like the e-mail address in the "From:" line in the message body.  

I think you can configure the server to only accept mail from a specific domain -- that is, the given e-mail address has to end in '@mycompnay.com'.

The fastest solution might be to turn on SMTP authentication, and it will force the user to identify themselves with an account name and password.  Depending on the type of authentication, the password is send over the wire encrypted -- very hard for a telnet user to duplicate.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17825392
When I get "recommendations" such as this I like to ask the company making the recommendations how that should be done. It looks like one of those things where they cannot find anything else to complain about, but most complain about something.

The only way that you could do that would be to use a spam filter to block email messages from your own domain unless authenticated. However that will stop any of the "Send to a friend" type scripts you see on web pages and could also impact other services you may run that send you email.

Simon.
0
 

Author Comment

by:dshaney
ID: 17880862
Yes,

Using SMTP authentication fixes the basic problem. Unfortunately, some application notifications do not offer the ability to authenticate. I see no way to work around that, so I'm going to reply that it is an acceptable risk for us and that those types of emails can be tracked to the source ip, etc...

Thanks for the help :)
0
 

Expert Comment

by:MelittaChickadee
ID: 22611781
How do you track down the IP Addr ?
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
e-Discovery Software 8 195
Import Mac mail archive subfolders into Gmail 2 71
Outlook Search Results limited to 1000 13 441
MSP multi use software 4 125
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
The purpose of this video is to demonstrate how to set up an account with Mailchimp. This will be demonstrated using a Windows 8 PC. Tools Used are: Mailchimp.com Go to Mailchimp.com : Enter an Email, Username, and Password. Click Create My Acco…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question