Reject messages from outside my domain with FROM HEADER from inside (forgery)
Thiago Bemerguy
thiagobemerguy at gmail.com
Thu Jul 25 19:45:22 IST 2013
as far as I know spf only avoid forgery in envelop sender address, not in
FROM that is displayed to the user.
2013/7/25 Kevin Miller <Kevin_Miller at ci.juneau.ak.us>
> Implement SPF records in your DNS.****
>
> ** **
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4500
> Registered Linux User No: 307357 ****
>
> *From:* mailscanner-bounces at lists.mailscanner.info [mailto:
> mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Thiago Bemerguy
> *Sent:* Thursday, July 25, 2013 6:50 AM
> *To:* mailscanner at lists.mailscanner.info
> *Subject:* Reject messages from outside my domain with FROM HEADER from
> inside (forgery)****
>
> ** **
>
> Hello,****
>
> ** **
>
> I have an Exchange 2010 server with MailScanner for filtering external
> messages. The users are receiving phishing messages from outside my network
> with FROM header forged with email addresses from my domain. Is there any
> way to avoid that messages from outside come with certain email addresses,
> like filtering email and ip address or MTA hostname?****
>
> ** **
>
> Following the header of the phishing message****
>
> ** **
>
> Received: from ???.com (????) by ???****
>
> (????) with ????****
>
> Received-SPF: none (beetobee.it: No applicable sender policy available)
> receiver=????.com; identity=mailfrom; envelope-from="www-data at beetobee.it";
> helo=mail.beetobee.it; client-ip=???****
>
> X-Greylist: delayed 1335 seconds by postgrey-1.32 at ????; ****
>
> Received: from mail.beetobee.it (mail.blucamera.it [82.85.28.154]) by****
>
> ???.com (Postfix) with ESMTP id BE94320722 for****
>
> <address1 at internal.com>; ****
>
> Received: by mail.beetobee.it (Postfix, from userid 33) id
> 6D9D2291ADE; ****
>
> To: <address1 at internal.com>****
>
> Subject: .....****
>
> MIME-Version: 1.0****
>
> Content-Type: text/html; charset="iso-8859-1"****
>
> X-Mailer: Microsoft Office Outlook, Build 17.551210****
>
> *From: <address1 at internal.com> (forged)*****
>
> Message-ID: <????@mail.beetobee.it>****
>
> Date: ****
>
> X-TCE-MailScanner-ID: BE94320722.89A9A****
>
> X-TCE-MailScanner: Found to be clean****
>
> X-TCE-MailScanner-SpamScore: sss****
>
> X-TCE-MailScanner-From: www-data at beetobee.it****
>
> X-Spam-Status: No****
>
> Return-Path: www-data at beetobee.it****
>
> X-MS-Exchange-Organization-AuthSource: Maia.tce.pa****
>
> X-MS-Exchange-Organization-AuthAs: Anonymous****
>
> ** **
>
> We have SPF configured but I think it only protects envelope sender
> address.****
>
> ** **
>
> Thanks in advance,****
>
> ** **
>
> --
> Thiago Bemerguy
> thiagobemerguy at gmail.com ****
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
--
Thiago Bemerguy
thiagobemerguy at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130725/809753e2/attachment.html
More information about the MailScanner
mailing list