Stopping people sending as our domain?
Hi, We have seen some problems with mails coming in as spam but the "From" e-mail address is from our own domain. Random domain names like dsrc_com@domain.co.ukStupid names. Where domain.co.uk appears below, is my domain but masked for this forum. Sample Header: - Microsoft Mail Internet Headers Version 2.0Received: from dsl88.230-17501.ttnet.net.tr ([88.230.68.93]) by domain.co.uk with Microsoft SMTPSVC(6.0.3790.1830); Fri, 14 Mar 2008 15:20:40 +0000Content-Return: allowedX-Mailer: CME-V6.5.4.3; MSNMessage-Id: <20080314072040.15876.qmail@dsl88.230-17501.ttnet.net.tr>To: <dshafer_ee@domain.co.uk>Subject: RE: MensHealth id 61035443From: <dshafer_ee@domain.co.uk>MIME-Version: 1.0Content-Type: text/html; charset="ISO-8859-1"Content-Transfer-Encoding: 7bitReturn-Path: dshaferdd@ankeny.k12.ia.usX-OriginalArrivalTime: 14 Mar 2008 15:20:41.0554 (UTC) FILETIME=[F726B320:01C885E6]Date: 14 Mar 2008 15:20:41 +0000 ------------------------------------------------------------- So, is there any way to stop people sending as another name from my domain without permission? I have SBS2003 R1 with Exchange 2003. Cheers.
March 17th, 2008 2:53pm

Ahhh the famous NDR attack emails....god...the *** I went through trying to figure out how to stop this, thankfully its pertty easy. :-) In 2007 Exchange you can enable the built in antispam agents and go to the Recipent Filtering option and put a check in "Perform a lookup on the GAL to make sure recipent exists in origanization". I checked this and we no longer recieved NDR/Domain spam emails. I also added a IP blocklist to our built in Antispam agent. This stopped both forms of attacks thankfully. I know you have Exchange 2003 but I am pretty sure there is a way you can perform a GAL lookup on AD, or maybe your Antispam solution has an option to block or scan for NDR type messages. Basically all the spammer is doing is generating random email addresses, and spamming your domain....hopethats some help.
Free Windows Admin Tool Kit Click here and download it now
March 17th, 2008 4:56pm

Still trying to find out how to do this Can't work out how to do the Global Address Lookup in Exchange 2003. Tricky stuff.
March 28th, 2008 2:17pm

Sadly, I don't see there is an option for exchange to check on the email address of the sender when the client issue the command "MAIL FROM:". There are SMTP servers that performs this check. I don't know if I miss this anywhere in Exchange 03/07 but I am dying to get this on. For the annoying message you have which call bogus or forged header message, the SendID filtering should work to prevent this. For Exchange 2003, you must have SP2 applied. Download this guide for Exchange Server Intelligent Message Filter v2 http://www.microsoft.com/downloads/details.aspx?FamilyId=B1218D8C-E8B3-48FB-9208-6F75707870C2&displaylang=en You should be able to configure the filter by following this guide. For the SenderID to work, you should have your DNS recrod for SPF. Create a text record following this link http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ However, having a 3rd-party anti-spam agent is still a wise choice. Configure this MIFalone will not get all spam. The last thing is if you do have 3rd-party anti-spam agent, never put your domain name in the whitelist. Some people have BlackBerry service running was told to do this at their anti-spam setting to avoid problem with BlackBerry messages get filtered but this will let these boggus header messages get in because they pass your anti-spam agent unchecked. The option for checking GAL is also available in Exchange 2003 MIF but that is for checking people whose email isin the "RCPT TO:" SMTP command. This has the good and bad: it will reject message that sent to unknown users but if someone misspelled the address, you will never see the message.
Free Windows Admin Tool Kit Click here and download it now
March 28th, 2008 7:48pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics