Hi all,

--------------------------------------------------------------
Problem summary:
--------------------------------------------------------------
An external user can configure his POP3 mail client (outlook,outlook
express) with fake infos like:
Display name: "Big boss" from company mydomain.org
Email: bigbossmydomain.org
smtp server: smtp.userlocalisp.org

Now for a big joke or worse he sends a mail:

To: Main_distribution_list mydomain.org
Subject: everybody get a salary raise !

Everybody will receive the mail as if it was the Boss itself who send the
mail. (You could only tell the thruth by checking the internet headers).

--------------------------------------------------------------
Environment overview in mydomain.org:
--------------------------------------------------------------
    Firewall
        |
        |
SMTP relay
        |
        |
Exchange 5.5 sp4
       /|\
     / | \
W2K/NT4 clients

Relay & exchange are not openrelay.
Routing set to Reroute incoming SMTP mail....
Selected Routing Restrictions... Hosts and clients that successfully
authenticate and Hosts and clients with specific internal IP addresses

--------------------------------------------------------------
Goal to achieve:
--------------------------------------------------------------
Now as i can reproduce the case over and over, I would like to make the
necessary modifications so that it wouldn't happen anymore.

I would like to set a rule that says something like:
Check mail recipient field 'from' - If it contains "mydomain.org" AND is
not from intern IP range -> Deny

I posted a request on MS newsgroup ... no usefull answer so far.
I couldn't find any information on how to achieve this.

Thanks for any help

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]