Email Spoofing Exchange 2010

Hi All,

Currently I am experiencing major issues with SPAM or email spoofing rather, and I have spent numerous hours googling potential resolutions to this issue to no avail.

So far I have tried enabling the Sender ID on the edge transport server
creating SPF record for the affected domain
Installed and running GFI mail essentials on the Exchange 2010 server.
Disabled anonymous access/ closing the open relay even though MX toolbox advised that our server wasn't open relay.

I don't know what else I can do with this one and hoping you EE geniuses can assist further.

Any advise, tips  on how to combat this spoofing would be greatly appreciated.

Thanks in advance.
Adma1Asked:
Who is Participating?
 
Svet PaperovConnect With a Mentor IT ManagerCommented:
I will have to revise my recommendation about Google Postini. They just announced some comming changes and migration towards Google business apps that we don't like and we will have to find a new provider. They are dumping the quarantine web management tool for the end user and the spooler.
0
 
suriyaehnopConnect With a Mentor Commented:
I encountered the problem last week. In my case it seem that Sender from outside (214.x.x.x), connect directly to our Exchange server. So I would like to advice you:

1. Use message trancking log to identity the sender ID IP addresses and with which "Receive Connector" the email authenticated.

2. Check with log SMTP Receive (C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\ProtocolLog\SmtpReceive) to verify the smtp session occured.

3. If you have anti-spam(mail gateway), temporary block the spam mail

4. Identify port 25 open at your firewall? (my case)

5. To check for open relay use this:http://mxtoolbox.com/diagnostic.aspx

6. To check for black list:http://mxtoolbox.com/blacklists.aspx
0
 
Alan HardistyCo-OwnerCommented:
Please describe the problem more (not what you have tried) and then we might be able to help you.

What exactly is the problem?

Please also describe your email delivery path e.g., internet -> Firewall -> Exchange Server or

Internet -> 3rd Party Spam Filtering Service -> Firewall -> Exchange Server

Many thanks

Alan
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Neil RussellTechnical Development LeadCommented:
As Alan says, we really need more info on what the actual issue is.

When you talk about email spoofing, are you talking about email that is recieved by your own internal staff on your domain seeming to originate from other email addresses inside your domain but you know did not?
OR
Are you talking about emails recieved by OUTSIDE organisations that Apears to come from inside your organisation but you are sure did not?

The track to take is very very different depending on your problem.
0
 
Svet PaperovConnect With a Mentor IT ManagerCommented:
Use external, hosted filtering solution instead of one on your local servers. It will eliminate most f the junk before even reaching your system.

I had a similar issue couple of years ago and I fixed it by redirecting all incoming e-mail via Google Postini Services. I don't want to make free ads for them but it was very simple to set it up and works perfectly well almost all of the time (some short periods of passing new spam before self-adjusting). If you are familiar with GFI they also have a hosted anti-spam.

Before, 95% of the incoming messages were spam and I had to constantly adjust the filters on our mail server to keep the users not very frustrated with the spam. Now, everybody is happy. For the prise of those solutions (1$ a month per user) it's worth it.
0
 
Eric WoodfordSoftware Systems Specialist 3Commented:
If the legitimate traffic on the server isn't too busy, maybe turn on reverse DNS lookups on the Edge servers, prevent spoofing on the internal domain.

Ref: http://technet.microsoft.com/en-us/library/bb124512.aspx
0
 
Adma1Author Commented:
Spoofing seemed to decrease after creating the SPF records will, I am in the process of evaluating google postini as an extra measure.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.