To get rid of spoofed internal emails you need to use iptables at your routers and firewalls to disable SMTP (TCP25) traffic from any host other than your dedicated mail servers. Set a default policy of DENY for SMTP traffic and then an ALLOW declaration for each of the mail servers in your organization. Additionally disable telnet login for your mail server. The use of a security product such as Security Blanket TM (www.trustedcs.com) on your in-house linux machines will help as well. As for the issue with spoofed external e-mails using internal addresses I recommend looking for security measures that are home-brewed. For example you could create a transparent gig that contains a security code and embed it in the signature of all e-mails originating within your infrastructure. Then use a simple script to check for the existence of that file upon receipt. If the email does not contain that file then drop before delivery. Also you could require PGP signatures. -Jesse
> > Message: 13 > Date: Mon, 12 May 2008 09:25:42 +0300 > From: "shadow floating" <[EMAIL PROTECTED]> > Subject: [Full-disclosure] exchange server spam problem > To: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > I ve been recently found many supicious emails sent from the internet > to the internal clients using the sender address as a legitimate email > address of one of the internal users, do you know how to configure > exchange server to stop such emails (by authenticating users before > sending for example),....I also suffer from internal email spoofing > that users send each other with spoofed internal emails....any help > would do. > thanks alot > > > > ------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > End of Full-Disclosure Digest, Vol 39, Issue 25 > *********************************************** >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
