OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Fullerton, James, CON, OASD(HA)/TMA (James.Fullertontma.osd.mil)
Date: Tue Apr 02 2002 - 11:44:51 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    This page might have some articles that could assist you:

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q196626

    I found that by going to www.microsoft.com/exchange and then the quick link
    for tips and tricks, which took me to:

    http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechn
    ol/exchange/tips/tips.asp

    Hope that helps.

    Thank you,

    James Fullerton
    James.Fullertontma.osd.mil
    Web Site Developer
    IntelliDyne, L.L.C.

    -----Original Message-----
    From: S.Leyers [mailto:s.leyerssubdimension.com]
    Sent: Tuesday, April 02, 2002 7:53 AM
    To: Focus MS List
    Subject: fake sender and Exchange 5.5

    Hi all,

    --------------------------------------------------------------
    Problem summary:
    --------------------------------------------------------------
    An external user can configure his POP3 mail client (outlook,outlook
    express) with fake infos like:
    Display name: "Big boss" from company mydomain.org
    Email: bigbossmydomain.org
    smtp server: smtp.userlocalisp.org

    Now for a big joke or worse he sends a mail:

    To: Main_distribution_list mydomain.org
    Subject: everybody get a salary raise !

    Everybody will receive the mail as if it was the Boss itself who send the
    mail. (You could only tell the thruth by checking the internet headers).

    --------------------------------------------------------------
    Environment overview in mydomain.org:
    --------------------------------------------------------------
        Firewall
            |
            |
    SMTP relay
            |
            |
    Exchange 5.5 sp4
           /|\
         / | \
    W2K/NT4 clients

    Relay & exchange are not openrelay.
    Routing set to Reroute incoming SMTP mail....
    Selected Routing Restrictions... Hosts and clients that successfully
    authenticate and Hosts and clients with specific internal IP addresses

    --------------------------------------------------------------
    Goal to achieve:
    --------------------------------------------------------------
    Now as i can reproduce the case over and over, I would like to make the
    necessary modifications so that it wouldn't happen anymore.

    I would like to set a rule that says something like:
    Check mail recipient field 'from' - If it contains "mydomain.org" AND is
    not from intern IP range -> Deny

    I posted a request on MS newsgroup ... no usefull answer so far.
    I couldn't find any information on how to achieve this.

    Thanks for any help