Sender Spoofing via SMTP

[brandon.steili () gmail com]

Hi all,

Thanks again for all the responses, I think everyone's contributed to me getting this far with my plan - Here's roughly 
what I've got in mind until the proxy or something to that effect can be placed in front of the exchange box(s). Please 
feel free to comment on the validity of the setup and any concerns you may have. I'm not yet an Exchange Guru so rake 
me over the coals as needed =) --- again thanks for all the help!!!

The first system is running Windows Server 2003 w/ Exchange 2003 behind a NAT/PAT device. Server is also dual homed. 
Using a dual homed host would allow us to separate inbound traffic from internal traffic. 

Hostname (internet DNS) - smtp.foo.com - internal IP addresses 192.168.1.10 & 192.168.1.11

The server is configured with 2 SMTP virtual servers (VS), each one on port 25, one VS for each address. 192.168.1.10 
(VS1) is internet facing the second 192.168.1.11 (VS2) will connect to the internal server(s). All traffic from the 
internet would be sent to smtp.foo.com, which intern would come to the 192.168.1.10 address. We allow anonymous 
connections to this VS, but perform reverse DNS lookups on incoming messages, and also apply a sender filter for 
*.foo.com that way even though we are not stopping the outside from connecting via telnet, they cannot spoof an 
internal address (since we are filtering that) and they cannot spoof a bogus domain since we look for that too. 
Exchange 2003 already prevents relaying to external domains as previously suggested, thanks for making me check though! 
The second VS could now be configured to speak only to the backend server(s) and ignore all other traffic from other 
systems (ie client desktops). 

Inside the firewall 
Hostname (internal DNS) - exch1.foo.com - internal IP address 192.168.2.10
Any and all internal SMTP Virtual servers get configured slightly differently. These Virtual servers do not require the 
filter, no reverse DNS lookup and should be configured to require Integrated Windows authentication, which will prevent 
anyone from conecting via Telnet to the internal exchange boxes and sending a spoofed email -- Insert spoofed pink slip 
from the boss email here -- since once they try to do anything beyond a EHLO the connection gets dropped. 

We could also configure an anonymous SMTP VS that would only allow connections from say a server vlan for any 
monitoring tools to communicate. Clients would connect via outlook (rpc), pop3, imap4 and since these clients 
authenticate would have no issues sending mail. 

Does this sound like a pretty safe exchange setup besides the obvious 3rd party AV and things of that nature?