productivetech
asked on
Spoofing through Exchange
I have an Exchange server on Server 2000 that is a victim of spoofing. An example of this is user@domain.com is getting mail from user2@domain.com with junk in it for commercial products such as Cialis and porn. Now user knows user2 wouldn't send that, and I know user2 didn't. I know someone is just sending mail as through telnet but how do you stop a thing like that? I was looking through the Exchange System Manager and I found that the Default Virtual Smtp connector allows anonymous access, but if I remove that it won't allow inbound mail even if I am replying to an email that someone from @domain.com sent me. There is an outbound security checkbox for anonymous access, but I am afraid that will do something similar. Any ideas on how to stop this sort of thing?
Thanks in advance.
-Joe
Thanks in advance.
-Joe
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The problem is, when they spoof your own domain, then the server has no idea that it's being used as a relay. It's only a relay when neither the sending domain, or the receiving domain, are your own. You might try setting up an SPF record for your domain, and then turning on Sender ID checking in Exchange.
ASKER
Sender ID checking in Exchange sounds like a good idea. I was looking through the Exchange System Manager and found a check box for "Allow anonymous access" under the properties of the Default Smtp Virtual Server. That seems like that kind of settings would resolve everything, but in a test it seemed to block mail inbound. I saw a similar setting under out bound security as well. Are these settings of any use in my situation?
I'm afraid not. Sending servers will try to connect anonymously to your server, since they don't have credentials to log on to your domain.
ASKER