Reject messages from outside my domain with FROM HEADER from inside (forgery)
Kevin Miller
Kevin_Miller at ci.juneau.ak.us
Thu Jul 25 21:10:24 IST 2013
I think you're right. I didn't notice that you were already using SPF. I should have read closer - sorry.
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Thiago Bemerguy
Sent: Thursday, July 25, 2013 10:45 AM
To: MailScanner discussion
Subject: Re: Reject messages from outside my domain with FROM HEADER from inside (forgery)
as far as I know spf only avoid forgery in envelop sender address, not in FROM that is displayed to the user.
2013/7/25 Kevin Miller <Kevin_Miller at ci.juneau.ak.us<mailto:Kevin_Miller at ci.juneau.ak.us>>
Implement SPF records in your DNS.
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of Thiago Bemerguy
Sent: Thursday, July 25, 2013 6:50 AM
To: mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
Subject: Reject messages from outside my domain with FROM HEADER from inside (forgery)
Hello,
I have an Exchange 2010 server with MailScanner for filtering external messages. The users are receiving phishing messages from outside my network with FROM header forged with email addresses from my domain. Is there any way to avoid that messages from outside come with certain email addresses, like filtering email and ip address or MTA hostname?
Following the header of the phishing message
Received: from ???.com (????) by ???
(????) with ????
Received-SPF: none (beetobee.it<http://beetobee.it>: No applicable sender policy available) receiver=????.com; identity=mailfrom; envelope-from="www-data at beetobee.it<mailto:www-data at beetobee.it>"; helo=mail.beetobee.it<http://mail.beetobee.it>; client-ip=???
X-Greylist: delayed 1335 seconds by postgrey-1.32 at ????;
Received: from mail.beetobee.it<http://mail.beetobee.it> (mail.blucamera.it<http://mail.blucamera.it> [82.85.28.154]) by
???.com (Postfix) with ESMTP id BE94320722 for
<address1 at internal.com<mailto:address1 at internal.com>>;
Received: by mail.beetobee.it<http://mail.beetobee.it> (Postfix, from userid 33) id 6D9D2291ADE;
To: <address1 at internal.com<mailto:address1 at internal.com>>
Subject: .....
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
X-Mailer: Microsoft Office Outlook, Build 17.551210
From: <address1 at internal.com<mailto:address1 at internal.com>> (forged)
Message-ID: <????@mail.beetobee.it<http://mail.beetobee.it>>
Date:
X-TCE-MailScanner-ID: BE94320722.89A9A
X-TCE-MailScanner: Found to be clean
X-TCE-MailScanner-SpamScore: sss
X-TCE-MailScanner-From: www-data at beetobee.it<mailto:www-data at beetobee.it>
X-Spam-Status: No
Return-Path: www-data at beetobee.it<mailto:www-data at beetobee.it>
X-MS-Exchange-Organization-AuthSource: Maia.tce.pa<http://Maia.tce.pa>
X-MS-Exchange-Organization-AuthAs: Anonymous
We have SPF configured but I think it only protects envelope sender address.
Thanks in advance,
--
Thiago Bemerguy
thiagobemerguy at gmail.com<mailto:thiagobemerguy at gmail.com>
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
Thiago Bemerguy
thiagobemerguy at gmail.com<mailto:thiagobemerguy at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130725/4b3de13c/attachment.html
More information about the MailScanner
mailing list