Reject messages from outside my domain with FROM HEADER from inside (forgery)
Thiago Bemerguy
thiagobemerguy at gmail.com
Thu Jul 25 15:49:45 IST 2013
Hello,
I have an Exchange 2010 server with MailScanner for filtering external
messages. The users are receiving phishing messages from outside my network
with FROM header forged with email addresses from my domain. Is there any
way to avoid that messages from outside come with certain email addresses,
like filtering email and ip address or MTA hostname?
Following the header of the phishing message
Received: from ???.com (????) by ???
(????) with ????
Received-SPF: none (beetobee.it: No applicable sender policy available)
receiver=????.com; identity=mailfrom; envelope-from="www-data at beetobee.it";
helo=mail.beetobee.it; client-ip=???
X-Greylist: delayed 1335 seconds by postgrey-1.32 at ????;
Received: from mail.beetobee.it (mail.blucamera.it [82.85.28.154]) by
???.com (Postfix) with ESMTP id BE94320722 for
<address1 at internal.com>;
Received: by mail.beetobee.it (Postfix, from userid 33) id 6D9D2291ADE;
To: <address1 at internal.com>
Subject: .....
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
X-Mailer: Microsoft Office Outlook, Build 17.551210
*From: <address1 at internal.com> (forged)*
Message-ID: <????@mail.beetobee.it>
Date:
X-TCE-MailScanner-ID: BE94320722.89A9A
X-TCE-MailScanner: Found to be clean
X-TCE-MailScanner-SpamScore: sss
X-TCE-MailScanner-From: www-data at beetobee.it
X-Spam-Status: No
Return-Path: www-data at beetobee.it
X-MS-Exchange-Organization-AuthSource: Maia.tce.pa
X-MS-Exchange-Organization-AuthAs: Anonymous
We have SPF configured but I think it only protects envelope sender address.
Thanks in advance,
--
Thiago Bemerguy
thiagobemerguy at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130725/cacb557b/attachment.html
More information about the MailScanner
mailing list