Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Spoofing through Exchange

Posted on 2007-04-11
5
Medium Priority
?
302 Views
Last Modified: 2010-04-20
I have an Exchange server on Server 2000 that is a victim of spoofing. An example of this is user@domain.com is getting mail from user2@domain.com with junk in it for commercial products such as Cialis and porn. Now user knows user2 wouldn't send that, and I know user2 didn't. I know someone is just sending mail as through telnet but how do you stop a thing like that? I was looking through the Exchange System Manager and I found that the Default Virtual Smtp connector allows anonymous access, but if I remove that it won't allow inbound mail even if I am replying to an email that someone from @domain.com sent me. There is an outbound security checkbox for anonymous access, but I am afraid that will do something similar. Any ideas on how to stop this sort of thing?

Thanks in advance.
-Joe
0
Comment
Question by:productivetech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 1000 total points
ID: 18890263
Follow the steps in this tutorial to ensure that your Exchange server is not being used for mail relaying: http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm

As far as preventing someone from using "user2@domain.com" as the "From" address in a SPAM email, there is nothing you can do about this.  I (or anyone else) can craft an email message on any email server with a From: line of santaclaus@northpole.org or productivetech@productivetechsnetwork.com and there isn't anything that can be done to prevent it.  Your due diligence extends to ensuring that the email server that you administer is not being used as an open relay for SPAMmers, using the steps in the link above. As far as the other bit is concerned, you would need to deploy some sort of anti-virus/SPAM filtering mechanism for your environment - I'm a big believer in the Barracuda anti-spam appliances, but there are literally dozens of options to choose from in this space.
0
 

Author Comment

by:productivetech
ID: 18890880
Thanks, I already made sure the server is not an open relay. I was thinking exactly what you said and I regret that I was right. I have had great luck with GFI and DNS Blacklist checking, which can automatically delete mail from offenders which I think I will want to use in this situation again. I have heard good things about Barracuda but they are a little pricey.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 18891374
The problem is, when they spoof your own domain, then the server has no idea that it's being used as a relay.  It's only a relay when neither the sending domain, or the receiving domain, are your own.  You might try setting up an SPF record for your domain, and then turning on Sender ID checking in Exchange.
0
 

Author Comment

by:productivetech
ID: 18901470
Sender ID checking in Exchange sounds like a good idea. I was looking through the Exchange System Manager and found a check box for "Allow anonymous access" under the properties of the Default Smtp Virtual Server. That seems like that kind of settings would resolve everything, but in a test it seemed to block mail inbound. I saw a similar setting under out bound security as well. Are these settings of any use in my situation?
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 18901532
I'm afraid not.  Sending servers will try to connect anonymously to your server, since they don't have credentials to log on to your domain.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question