Solved

Exchange 2007 Sender Policy Framework

Posted on 2009-05-06
5
247 Views
Last Modified: 2012-05-06
Hi. We are looking at increasing our security and one of the tasks is to deny hackers that TELNET to our mail server via port 25 and send an email from a user thats on my domain to another user thats on my domain. If an hacker does this the originating IP will be external thus this must not be allowed. However, I tried changing some settings in Exchange 2007 under Receive connectors but then my emails start queing up so i had to reverse my changes. Please advise. I dont want to change port 25 nor do I want to deny telnet, i believe its IPs allowed in receive connectors that i have to change but how.Thanks
0
Comment
Question by:BSTIT
  • 2
  • 2
5 Comments
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24312387
If you are so concerned, why don't you disable telnet acces on your firewall and open it only when you need to test something?
0
 
LVL 32

Accepted Solution

by:
gupnit earned 250 total points
ID: 24312459
Hi,
Exchange 2007 is secure by default and is not an open relay, unless you make changes to it. Can you please show me some mail, that you suspect. You should not be thinking about blocking port 25, as your mail flow will be hampered.
Thanks
Nitin Gupta (gupnit)
0
 

Author Comment

by:BSTIT
ID: 24312587
Hi qupnit. Let me give you an example. User A on my networks email address is userA@domain.com and User B on my network is userB@domain.com. If a hacker telnets to my exchange server on port 25 and then sends an email from userA@domain.com to userB@domain.com requesting him to transfer money urgently to a bank account. userB will not know its a hacker and will then transfer the money which is a huge security risk. We cant blcok userA email address because its valid but surely there is a way to block an email address if its an internal email address but is not from an internal Ip address
0
 

Author Comment

by:BSTIT
ID: 24313103
HI All. Thanks but i found the solution. We basically added the Anti Spam Ip's to our firewall whereby we allowing only mails from these IP's over port 25. Now if i telnet from the outside to my exchange server it denies access. PERFECT....thanks
0
 
LVL 32

Expert Comment

by:gupnit
ID: 24313489
Great
Cheers
Nitin
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange 2013 missing get-OutlookAnywhere PowerShell command 2 26
EXCHANGE, ACTIVE DIRECTORY 1 32
powershell question need assistance 10 32
outlook 6 39
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question