Link to home
Create AccountLog in
Avatar of carls64
carls64

asked on

Preventing incoming mail from senders not in global address list

We User Microsoft Exchange Server 2003 and Symantec Antivirus for Exchange (Not End point Security) as well as the premium Ant-Spam protection. All in all it does a great job of filtering email. However spammers are getting smarter by the day, and we regularly get email from users in our organization that simply do not exist, like bob@orgainization.org, no bob here!

We also seem to get a number of hijacked emails from existing people on our domain, so when the mail gets bounced it looks like its coming from within our organization. We validate each of these to be sure we are not sending these out ourselves, but I am not sure there is any way to stop spoofed emails.

Lastly we pipe all incoming email from the net through a postfix/Linux server before it reaches our exchange server, for outgoing email we do the same, we have exchange send it to the postfix server then out the net. (I don't trust exchange to be exposed to the net, that is just me).

Thank you in advance!
Carl Slaughter
IT Administrator
SCFCU

Any suggestions?
Avatar of Tomas Valenta
Tomas Valenta
Flag of Czechia image

Hi you must setup Postfix to do LDAP lookup to Exchange Address list to be able recognize nonexistent account. Look at http://postfix.state-of-mind.de/patrick.koetter/mailrelay/
Second is to setup Postfix to denied relay to internal server if internal users are in from header. Of course if you dont need it.
Tom
Avatar of FRaccie
FRaccie

Go into your Exchange System Manager
There go to 'Global Settings - Message Delivery - Recipient Filtering'

Check the 'Filter Recipients who are not in the directory'.

This should do the trick.


Greetz FRaccie
it's not going to help the spoofed stuff though - for that you are going to have to create spam-specifi rules for the stuff the premium anti-spam is failign to catch
Avatar of carls64

ASKER

Tominov: LDAP Lookup is already setup, we authenticate through Exchange this way and we have a relay recipient file created that prevents any incoming mail "TO" anyone not in the address list, problem is we get mail being sent FROM bob@orginization.org to carl@orginization.org where bob is invalid and carl is valid addresses.

FRaccie: Setting this will filter any incoming message from users not in the address directory? Seems like it only covers recipients, message being sent to?
ASKER CERTIFIED SOLUTION
Avatar of Tomas Valenta
Tomas Valenta
Flag of Czechia image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Carls64: only incoming mail will be filtered that way. Even when a mail is spoofed exchange should notice that this isn't coming from an internal address en deny it.

Greetz FRaccie
Avatar of carls64

ASKER


Tominov, abhaigh:
Well my knowledge of postfix is limited I reallied on a consultant to help me set it up, so I am going to confer with them and see, but I did find this: http://www.arschkrebs.de/postfix/postfix_incoming.shtml
I added the rule into the master.cf file and created the /etc/postfix/disallow_my_domain, postmaped the file and reloaded postfix, so far it has not broken anything but not sure that it is working.

FRaccie:
I set this up in Exchange and they are still getting through :-(
try to send email from outside like real spammer and you will see result immediately.. use for examle telnet or e-mail client where you can modify from header.
Avatar of carls64

ASKER

I tried it and it seems to be working thanks everyone!