You can apply message filtering in the IMC from Exchange Administrator to
block domain.com messages coming in through the Internet Mail Connector -
press the "Message Filtering" button on the "Connections" tab on the
Internet Mail Service (SERVER) properties. Then add domain.com to the list
of blocked senders.

I also suggest removing all SMTP email addresses from your distribution
lists as well so that people outside the company can't contact the
distribution lists directly. It's still possible to call yourself Big Boss
[bigbosshotmail.com] and many people will rely on the display name and not
think to check the email address.

> -----Original Message-----
> From: S.Leyers [mailto:s.leyerssubdimension.com]
> Sent: Tuesday, April 02, 2002 06:53
> To: Focus MS List
> Subject: fake sender and Exchange 5.5
>
>
> Hi all,
>
> --------------------------------------------------------------
> Problem summary:
> --------------------------------------------------------------
> An external user can configure his POP3 mail client (outlook,outlook
> express) with fake infos like:
> Display name: "Big boss" from company mydomain.org
> Email: bigbossmydomain.org
> smtp server: smtp.userlocalisp.org
>
> Now for a big joke or worse he sends a mail:
>
> To: Main_distribution_list mydomain.org
> Subject: everybody get a salary raise !
>
> Everybody will receive the mail as if it was the Boss itself
> who send the
> mail. (You could only tell the thruth by checking the
> internet headers).
>
>
>
>
>
> --------------------------------------------------------------
> Environment overview in mydomain.org:
> --------------------------------------------------------------
> Firewall
> |
> |
> SMTP relay
> |
> |
> Exchange 5.5 sp4
> /|\
> / | \
> W2K/NT4 clients
>
>
>
> Relay & exchange are not openrelay.
> Routing set to Reroute incoming SMTP mail....
> Selected Routing Restrictions... Hosts and clients that successfully
> authenticate and Hosts and clients with specific internal IP addresses
>
>
>
> --------------------------------------------------------------
> Goal to achieve:
> --------------------------------------------------------------
> Now as i can reproduce the case over and over, I would like
> to make the
> necessary modifications so that it wouldn't happen anymore.
>
> I would like to set a rule that says something like:
> Check mail recipient field 'from' - If it contains
> "mydomain.org" AND is
> not from intern IP range -> Deny
>
>
> I posted a request on MS newsgroup ... no usefull answer so far.
> I couldn't find any information on how to achieve this.
>
> Thanks for any help
>
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]