Spoofing email

[ctjohnson]

It appears that people can telnet to the smtp port of our exchange server and "spoof" messages. I know there's not a good way to prevent them from sending fake messages from other domains, but I need to prevent them from sending fake messages that appear to come from our domain.

Does that make sense? How can I adjust this? I'd like messages that appear to come from our domain only to be sent from users who log in via pop3, owa, or the outlook client.

We already have relaying turned off.

Thanks!

 

[gkes]

Add a filter entry for your domain on the message delivery object under global settings. That way the server will filter inbound messages appearing to be from your domain.

Note that this might break pop3 clients as well as any internal smtp delivery you do, and may cause problems if you have more than one server.

To get around this, add another IP address to the exchange server and set up each IP on the existing smtp virtual server with a separate identity (smtp virtual server properties, general tab, advanced button). Set "filter enabled" to "no" on the IP that is used by internal users, and "yes" for the IP that is exposed to the internet or your smart host. That way, the filter only applies to inbound email from outside your company.

You can also do this by setting up entirely separate smtp virtual servers, which might be useful for other reasons.