We have recently received image based spam sent to ourselves from ourselves. This bypasses our Sophos Puremessage anti spam scans.
We have had no choice but to enable Sender Filtering in the default SMTP server. In Message Delivery, Sender Filtering. We have one entry *@ourdomain.com added. Since there are many users, we have opted for the wild card entry as oppose to enter all users email addresses manually.
This has blocked the image based spam considerably sent from ourselves to ourselves. But it is affecting users who have Exchange and also POP3 configured in their Outlook 2003. The POP3 incoming and outgoing server is our Win 2003 SBS server itself.
The reason why we have POP3 accounts set as the server itself is because we have a rule where all emails sent to user is forwarded to a Public Folder for global archiving and public access. If a user wishes to send an email and receive an email privately then they will use the POP3 account to send. The recipient in this case replies to the POP3 account and it won't be delivered to the Public Folders.
With the Sender Filtering enabled. Users cannot send email if the sender's email address is set as themselves in Outlook POP3. Catch 22 I'd say.. We tried to enable smtp authentication but this didn't make any difference.
Error message in Outlook:
The message could not be sent because the server rejected the sender's e-mail address. The sender's e-mail address was 'firstname.lastname@example.org'. Subject 'test', Account: '192.168.1.125', Server: '192.168.1.125', Protocol: SMTP, Server Response: '554 5.1.0 Sender Denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC78