Home page logo
/

basics logo Security Basics mailing list archives

Re: Restricting Incoming Email in Exchange by From Address
From: Greg Jones <grjones () gmail com>
Date: Wed, 29 Jun 2005 16:24:41 -0400

Tim et al,

Please see my original email.  Encryption is nice, but that's not what
I'm going for here. I am wanting to filter out forged From addresses. 
Lots of you have responded with a solution to filter based on From
addresses, but most of these solutions would filter legitimate email
as well.  Again, I want to reject emails that come in from the
Internet via SMTP that have mydomain.com in the From address.  But, I
want to allow emails that come from the Internet via Exchange since
the sender is effectively authenticated.

Using a sendmail/postfix server to handle SMTP traffic would work
(block any email with a From address of mydomain.com and just let
Exchange do it's thing since it won't go thru the sendmail/postfix
server).  But what I'm really look for here, is a way to do this in
Exchange itself; without another mail server.

Thanks

Greg

On 6/29/05, Tim Hayes <morphieus () earthlink net> wrote:
 I understand wanting to limit the availability to send unencrypted email
across the internet but unless you are setting up your imap/pop accounts
with SSL you won't be resolving anything.

You can setup recipient filter in the global policy and then apply this
filter in the advanced interface properties of you SMTP virtual server.

Unless you have a front end server with a dedicated SMTP connector, you may
need to create an additional internal SMTP connector listening on another IP
to allow systems management email to be distributed internally.

An explaination of your messaging topology would be really helpful

Regards,

Tim

-----Original Message-----
From: Greg Jones [mailto:grjones () gmail com]
Sent: Friday, June 24, 2005 11:06 AM
To: Gaddis, Jeremy L.
Cc: security-basics () securityfocus com
Subject: Re: Restricting Incoming Email in Exchange by From Address

That's exactly it.  The Brandon Lockhart email was good (using sendmail or
qmail gateway to block it there).  But I wonder if this is possible in
Exchange.

Greg

On 6/22/05, Gaddis, Jeremy L. <jlgaddis () ivytech edu> wrote:
I think some of you may be misunderstanding what the OP is wanting.

To clarify, I believe he wants to configure Exchange so that it will
not accept mail from outside servers that say it's from hisdomain.com.
I could be wrong here, but that's what I gathered.  This would force
users to send e-mail directly through the Exchange server (either via
Outlook or OWA).  A user with a 3rd-party mail client connecting to
25/TCP from home would not be able to send e-mail to an Exchange
recipient with a From: address of their work domain.

-j

--
Jeremy L. Gaddis   <jlgaddis () ivytech edu>
Special Projects Manager
Computer & Technology Services
Ivy Tech State College, Bloomington
812.330.6156 (w)   812.797.6176 (m)


-----Original Message-----
From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com]
Sent: Tuesday, June 21, 2005 10:31 AM
To: Greg Jones; Steve
Cc: security-basics () securityfocus com
Subject: RE: Restricting Incoming Email in Exchange by From Address

No additional security checking is involved here, but why not use the
Exchange General/Delivery Restrictions screen (Under user properties
in
AD) to limit who the user can receive email from? Domain or Proxy
server authentication to an OWA server should take care of the
authentication issue.

-----Original Message-----
From: Greg Jones [mailto:grjones () gmail com]
Sent: Monday, June 20, 2005 6:03 PM
To: Steve
Cc: security-basics () securityfocus com
Subject: Re: Restricting Incoming Email in Exchange by From Address


Without explaining why, some of our employees require pop/imap access
to our exchange server from the Internet (they only need this for
receiving mail, and don't need smtp).   So when email from the
Internet comes in from a @mydomain.com address, I want to make sure
that whomever sent it is authenticated (using exchange), and reject
the traditional unauthenticated SMTP traffic when the From address is
a @mydomain.com address.  I will look at SPF more, but it seems to me
that what I'm trying to do should be pretty simple and effective.

Thanks

Greg

On 6/20/05, Steve <securityfocus () delahunty com> wrote:
Not sure I follow on the first part.  Your users can connect to your
Exchange server via other clients like POP? If so, turn off POP/IMAP.

For spoofing/phishing check out using reverse DNS lookups with
Exchange and/or SPF.  That will improve your overall email security.

STEVE
----- Original Message -----
From: "Greg Jones" <grjones () gmail com>
To: <security-basics () securityfocus com>
Sent: Saturday, June 18, 2005 12:30 PM
Subject: Restricting Incoming Email in Exchange by From Address


In Exchange (any version), I would like to disallow email coming
from the Internet (smtp) that has a From address of my domain.  This
would force our employees to use OWA or Exchange (via VPN of
course).  This would help with phishing and worms that are fooling
some of our employees (e.g., emails from admin () mydomain com).  Is this
possible?

 Greg













  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault