Re: Sender Spoofing via SMTP

[Luis Fernandez <lafernandez () matchmind es>]

        Perhaps you should consider products like SpamAssasin, or better even,
appliances like Barracuda or Ironport.

        Good luck.
        

brandon.steili () gmail com wrote:
> Everyone,
>
> Thanks for your replies thus far, but they have helped add few more thoughts. By the way, I'm also looking for any 
> thoughts on how to restrict this from happening internally as well. Using the about example, I can connect to a local 
> exchange server and intiate the same spoofing technique to another local user -- for example I can connect to the 
> server via Telnet to 25 and send my cubemate an email from santa@mydomain and tell him that the north pole has been 
> having connectivity issues... It's junk like this I am trying to prevent internal and external people from doing 
> straight from a telnet session.
>
> Quote(Andrew Chong) - Currently, two common technologies are SMIME and PGP to digitallysign/encrypt emails.
> Response - This would help validate the sender to the enduser, which is a good start (and easy to teach to users). 
> Not really the overall solution but definetly getting there. Thanks!
>
> Quote(Craig Wright) - Internal mail will not generally pass through SMTP 
> Response - Great Point, but in this scenario I am connecting to port 25 and intiating the message directly via SMTP 
> on the server. I think regardless of what happens to the message once it hits the queue and gets moved around by the 
> Information Store or another MTA the fatal problem is that I was able to connect and send send the message?
>
> Quote (Dallas Jordan & Corey LeBleu) (sort of combining these two) - I believe you should set your email server to 
> only relay email coming from your domain. that would prevent people from the internet connecting to the server and 
> sending emails randomly. Unauthenticating Mail Relay Response - However if I setup the server so it requires 
> authentication for communication, would this not break the ability for other domains to send email to my users? I 
> have validated that I cannot spoof outbound emails from the internet based connection, so I'm not a completely open 
> relay, but open
> enough that external connections can spoof an internal email sender and get that mail delivered to a recipient.
>
> Sorry for hitting this so hard, but I have done a bunch of searching on the net, read way too much Technet and 
> although I find bits and pieces, nothing really addresses the ability to spoof a sender or prevent this type of 
> relaying without breaking everything else.
>
> Thanks Again for the responses!