Stoping malicious email sent from inside domain to outside using all in one server (HT-CAS-MBX) connected through non-windows Smarthost
Hi All,
When I do a simple test of telnet to my mail server, i just realize that it allows me to send email like this scenario:
from inside to outside: bill.gates@microsoft.com to myemail@live.com
from inside to inside: ceo@mydomain.com to myemail@domain.com (while sending in fake payrise email to myself :-| )
how to make the sen connector more secure by not allowing those attack ?
Any idea would be appreciated.
Thanks,
When I do a simple test of telnet to my mail server, i just realize that it allows me to send email like this scenario:
from inside to outside: bill.gates@microsoft.com to myemail@live.com
from inside to inside: ceo@mydomain.com to myemail@domain.com (while sending in fake payrise email to myself :-| )
how to make the sen connector more secure by not allowing those attack ?
Any idea would be appreciated.
Thanks,
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
To Rammstein,
When i query the send queue using get-message I've found that the
MessageSourceName = SMTP:Receive Connector
SourceIP = My Own Smarthost IP
I've created SPF for this cause and for the smtp authentication (Receive connector authentication)
I wonder what should i enabled / check on the EMC | Server Configuration | Hub Transport | Receive Connectors on both Authentication and Permission groups tab ?
When i query the send queue using get-message I've found that the
MessageSourceName = SMTP:Receive Connector
SourceIP = My Own Smarthost IP
I've created SPF for this cause and for the smtp authentication (Receive connector authentication)
- Transport Layer Security
- Basic Authentication
- Exchange Server authentication
- Integrated Windows authentication
- Externally Secured (for example, with IPsec).
I wonder what should i enabled / check on the EMC | Server Configuration | Hub Transport | Receive Connectors on both Authentication and Permission groups tab ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK,
I just realized that using a transport rule is so powerful to stop mail relay attack,
see the attached rule that I've just created:
Cheers.
I just realized that using a transport rule is so powerful to stop mail relay attack,
see the attached rule that I've just created:
Cheers.
Internal SPAM prevention
Rule Comments: Spam relay attack rule.
Apply rule to messages
from users Outside the organization
and sent to users Outside the organization
log an event with Spam Relay attack !
and prepend the subject with [SPAM]:
and redirect the message to Administrator
#################################################
Summary: 1 item(s). 1 succeeded, 0 failed.
Elapsed time: 00:00:00
Internal SPAM prevention
Completed
Exchange Management Shell command completed:
set-TransportRule -Name 'Internal SPAM prevention' -Comments 'Spam relay attack rule.' -Conditions 'Microsoft.Exchange.MessagingPolicies.Rules.Tasks.FromScopePredicate','Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SentToScopePredicate' -Actions 'Microsoft.Exchange.MessagingPolicies.Rules.Tasks.LogEventAction','Microsoft.Exchange.MessagingPolicies.Rules.Tasks.PrependSubjectAction','Microsoft.Exchange.MessagingPolicies.Rules.Tasks.RedirectMessageAction' -Exceptions -Identity 'Internal SPAM'
Elapsed Time: 00:00:00SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for your suggestion guys !
ASKER
from the test I've found that the reverse DNS is not correct
Reverse DNS FAILED! This is a problem.
is there a way of how to fix this ?