[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 500
  • Last Modified:

Exchange Server 2010 Anti-Spam Features on Hub Transport

Hello all
I was wondering if you know if there's a way to configure exchange server to analyze the email address in the mail envelope to compare it to the MAIL FROM address and reject emails where those fields don't match.

We currently use a barracuda for spam filtering but the spoofing filter won't work in this case because all it does is examine that the address in the envelope isn't from our own domain, and since it isn't, it doesn't do anything.

Does anybody know how we can block these emails?

Thanks in advance.
0
amenezes0617
Asked:
amenezes0617
  • 3
  • 2
1 Solution
 
PapertripCommented:
envelope-from and MAIL FROM are the same thing, so I'm guessing you mean the body From and MAIL FROM.

By implementing what you are attempting to do, you will block a ton of legit mail, I promise.  To help counter this spoofing problem, you should enable SPF checking instead.  If possible you should also verify DKIM signatures.
0
 
RadweldCommented:
If you want to install anti spam agents onto a hub transport server you can run the script installantispamagents.ps1 located in the scripts folder of your exchange installation. This will allow you to perform better checking as well as dns blacklist checking which when configured, will check every incoming email against a central list to see if the sender is on a black list.  
0
 
amenezes0617Author Commented:
Yes, that's what I mean.
Thanks, I will look into that. I know the barracuda can do the DKIM signatures, but I don't have that configured yet.

Radweld
Yeah, i was just looking into that, however I don't know if there's a feature that will do exactly what I want. I've been doing some research, but if it will block a ton of legitimate email as Papertrip says, then I want to explore other options.

Thanks to both of you.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
PapertripCommented:
If your appliance can do DKIM signing as well as validation, you should definitely do it.  If you do not have an SPF record setup for your sending domain(s), you should add that as well.

If you have questions on DKIM or SPF best practices, feel free to open a new question ;)
0
 
amenezes0617Author Commented:
Yes, I know we have an SPF record for our own domain, for sending emails. I will look into the DKIM setup on the barracuda.


Thanks a lot for your help.
0
 
amenezes0617Author Commented:
Thanks a lot.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now