Reject messages from outside my domain with FROM HEADER from inside (forgery)

Thiago Bemerguy thiagobemerguy at gmail.com
Thu Jul 25 15:49:45 IST 2013


Hello,

I have an Exchange 2010 server with MailScanner for filtering external
messages. The users are receiving phishing messages from outside my network
with FROM header forged with email addresses from my domain. Is there any
way to avoid that messages from outside come with certain email addresses,
like filtering email and ip address or MTA hostname?

Following the header of the phishing message

Received: from ???.com (????) by ???
 (????) with ????
Received-SPF: none (beetobee.it: No applicable sender policy available)
receiver=????.com; identity=mailfrom; envelope-from="www-data at beetobee.it";
helo=mail.beetobee.it; client-ip=???
X-Greylist: delayed 1335 seconds by postgrey-1.32 at ????;
Received: from mail.beetobee.it (mail.blucamera.it [82.85.28.154]) by
???.com (Postfix) with ESMTP id BE94320722 for
 <address1 at internal.com>;
Received: by mail.beetobee.it (Postfix, from userid 33) id 6D9D2291ADE;
To: <address1 at internal.com>
Subject: .....
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
X-Mailer: Microsoft Office Outlook, Build 17.551210
*From: <address1 at internal.com> (forged)*
Message-ID: <????@mail.beetobee.it>
Date:
X-TCE-MailScanner-ID: BE94320722.89A9A
X-TCE-MailScanner: Found to be clean
X-TCE-MailScanner-SpamScore: sss
X-TCE-MailScanner-From: www-data at beetobee.it
X-Spam-Status: No
Return-Path: www-data at beetobee.it
X-MS-Exchange-Organization-AuthSource: Maia.tce.pa
X-MS-Exchange-Organization-AuthAs: Anonymous

We have SPF configured but I think it only protects envelope sender address.

Thanks in advance,

-- 
Thiago Bemerguy
thiagobemerguy at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130725/cacb557b/attachment.html 


More information about the MailScanner mailing list