Reject messages from outside my domain with FROM HEADER from inside (forgery)

Thiago Bemerguy thiagobemerguy at
Thu Jul 25 15:49:45 IST 2013


I have an Exchange 2010 server with MailScanner for filtering external
messages. The users are receiving phishing messages from outside my network
with FROM header forged with email addresses from my domain. Is there any
way to avoid that messages from outside come with certain email addresses,
like filtering email and ip address or MTA hostname?

Following the header of the phishing message

Received: from ???.com (????) by ???
 (????) with ????
Received-SPF: none ( No applicable sender policy available)
receiver=????.com; identity=mailfrom; envelope-from="www-data at";; client-ip=???
X-Greylist: delayed 1335 seconds by postgrey-1.32 at ????;
Received: from ( []) by
???.com (Postfix) with ESMTP id BE94320722 for
 <address1 at>;
Received: by (Postfix, from userid 33) id 6D9D2291ADE;
To: <address1 at>
Subject: .....
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
X-Mailer: Microsoft Office Outlook, Build 17.551210
*From: <address1 at> (forged)*
Message-ID: <????>
X-TCE-MailScanner-ID: BE94320722.89A9A
X-TCE-MailScanner: Found to be clean
X-TCE-MailScanner-SpamScore: sss
X-TCE-MailScanner-From: www-data at
X-Spam-Status: No
Return-Path: www-data at
X-MS-Exchange-Organization-AuthAs: Anonymous

We have SPF configured but I think it only protects envelope sender address.

Thanks in advance,

Thiago Bemerguy
thiagobemerguy at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list