Any IP that SHOULD be allowed to send email directly to external recipients - if your web servers have port 25 open intentionally so they can send directly rather then relaying through your normal email source, they would be blocked by systems checking for SPF records if you don't supply SPF and PTR records for them.
-----Original Message----- From: Joe Heaton [mailto:[email protected]] Sent: Monday, February 23, 2009 8:40 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Thanks Don. So in the creation process, since I only have one IP that should be sending e-mail, I can check the box saying that all the reverse DNS records for my domain resolve to outbound e-mail servers? Or could there be PTR records for my web servers as well? Joe Heaton Employment Training Panel -----Original Message----- From: Don Andrews [mailto:[email protected]] Sent: Monday, February 23, 2009 8:38 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue You appear to have a valid PTR at least for the IP this message came from. -----Original Message----- From: Joe Heaton [mailto:[email protected]] Sent: Monday, February 23, 2009 7:47 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Joe Heaton Employment Training Panel -----Original Message----- From: Troy Meyer [mailto:[email protected]] Sent: Thursday, February 19, 2009 8:06 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Although it isn't perfect, this link has been out on the list before and is a good way to generate an SPF if you are wondering where to start. http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wiz ard/ -troy -----Original Message----- From: Micheal Espinola Jr [mailto:[email protected]] Sent: Thursday, February 19, 2009 6:52 AM To: MS-Exchange Admin Issues Subject: Re: Incoming spoofed e-mail issue +1. Although impossible to quantify, it can only help your situation. -- ME2 On Wed, Feb 18, 2009 at 7:22 PM, Don Andrews <[email protected]> wrote: > You might consider advertising an SPF record - cheap and little effort. No > guarantees except that it lets honest domains that check for it ignore > spoofed sends. > > > > ________________________________ > > From: Joe Heaton [mailto:[email protected]] > Sent: Wednesday, February 18, 2009 10:24 AM > > To: MS-Exchange Admin Issues > Subject: RE: Incoming spoofed e-mail issue > > > > Thomas, > > > > I think I've found a way to take care of some of this stuff. I have a > Watchguard firewall, which has a feature built in called an SMTP Proxy. > Within that, I can set a filter to deny any messages coming from specific > domains, or, as in this case, from specific country codes (.pl, .ru, etc). > > > > I just put it in place, so I'm hoping it's going to help the issue here. As > far as backscatter from within the US, I'm still working on that one... > > > > Joe Heaton > > Employment Training Panel > > > > From: Thomas Gonzalez [mailto:[email protected]] > Sent: Tuesday, February 17, 2009 10:35 AM > To: MS-Exchange Admin Issues > Subject: RE: Incoming spoofed e-mail issue > > > > That's exactly what I'm battling right now Joe...if you look at the header you > will see the actual sender / originator. I couldn't give you a correct way > how to tackle this issue. But this backscatter has become a pain in the you > know what. > > > > From: Joe Heaton [mailto:[email protected]] > Sent: Tuesday, February 17, 2009 12:30 PM > To: MS-Exchange Admin Issues > Subject: Incoming spoofed e-mail issue > > > > I'm getting users who are getting lots of mail in their inbox every morning > that looks like it is coming from themselves. Looking at the headers, I see > various actual senders, many coming from domains ending in .ru, or .pl, > etc. Is there a way of blocking e-mails from these foreign domains? None > of my users have legitimate business with anyone in Russia, or Poland, or > any other foreign country. I tried setting this up under Sender Filtering, > by putting the following in, for example: *...@*.pl > > > > Is there a different way of putting this in? I notice that the instructions > for Sender Filtering says to block messages "claiming" to be from the > following:, but these messages are actually "claiming" to be from the user, > not what is actually in the header. Is there a different way of filtering > these messages? There's nothing in the subject line that is keying the IMF, > or my Symantec Mail Security for Microsoft Exchange. > > > > Joe Heaton > > AISA > > Employment Training Panel > > 1100 J Street, 4th Floor > > Sacramento, CA 95814 > > (916) 327-5276 > > [email protected] > > > > > > > > This email and any attached files are confidential and intended solely for > the intended recipient(s). If you are not the named recipient you should not > read, distribute, copy or alter this email. Any views or opinions expressed > in this email are those of the author and do not represent those of the Girl > Scouts of Southwest Texas. Warning: Although precautions have been taken to > make sure no viruses are present in this email, Girl Scouts of Southwest > Texas cannot accept responsibility for any loss or damage that arise from > the use of this email or attachments. > > > > > > > > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
