<div dir="ltr">as far as I know spf only avoid forgery in envelop sender address, not in FROM that is displayed to the user.</div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/7/25 Kevin Miller <span dir="ltr"><<a href="mailto:Kevin_Miller@ci.juneau.ak.us" target="_blank">Kevin_Miller@ci.juneau.ak.us</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1f497d">Implement SPF records in your DNS.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier New";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.0pt;color:#1f497d"> ...Kevin<br>--<br>Kevin Miller<br>
Network/email Administrator, CBJ MIS Dept.<br>155 South Seward Street<br>Juneau, Alaska 99801<br>Phone: (907) 586-0242, Fax: (907) 586-4500<br>Registered Linux User No: 307357</span><span style="color:#1f497d"> </span><span style="font-size:11.0pt;font-family:"Courier New";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:mailscanner-bounces@lists.mailscanner.info" target="_blank">mailscanner-bounces@lists.mailscanner.info</a> [mailto:<a href="mailto:mailscanner-bounces@lists.mailscanner.info" target="_blank">mailscanner-bounces@lists.mailscanner.info</a>] <b>On Behalf Of </b>Thiago Bemerguy<br>
<b>Sent:</b> Thursday, July 25, 2013 6:50 AM<br><b>To:</b> <a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br><b>Subject:</b> Reject messages from outside my domain with FROM HEADER from inside (forgery)<u></u><u></u></span></p>
<div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">Hello,<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">I have an Exchange 2010 server with MailScanner for filtering external messages. The users are receiving phishing messages from outside my network with FROM header forged with email addresses from my domain. Is there any way to avoid that messages from outside come with certain email addresses, like filtering email and ip address or MTA hostname?<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Following the header of the phishing message<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><div><p class="MsoNormal">
Received: from ???.com (????) by ???<u></u><u></u></p></div><div><p class="MsoNormal"> (????) with ????<u></u><u></u></p></div><div><p class="MsoNormal">Received-SPF: none (<a href="http://beetobee.it" target="_blank">beetobee.it</a>: No applicable sender policy available) receiver=????.com; identity=mailfrom; envelope-from="<a href="mailto:www-data@beetobee.it" target="_blank">www-data@beetobee.it</a>"; helo=<a href="http://mail.beetobee.it" target="_blank">mail.beetobee.it</a>; client-ip=???<u></u><u></u></p>
</div><div><p class="MsoNormal">X-Greylist: delayed 1335 seconds by postgrey-1.32 at ????; <u></u><u></u></p></div><div><p class="MsoNormal">Received: from <a href="http://mail.beetobee.it" target="_blank">mail.beetobee.it</a> (<a href="http://mail.blucamera.it" target="_blank">mail.blucamera.it</a> [82.85.28.154]) by<u></u><u></u></p>
</div><div><p class="MsoNormal">???.com (Postfix) with ESMTP id BE94320722 for<u></u><u></u></p></div><div><p class="MsoNormal"> <<a href="mailto:address1@internal.com" target="_blank">address1@internal.com</a>>; <u></u><u></u></p>
</div><div><p class="MsoNormal">Received: by <a href="http://mail.beetobee.it" target="_blank">mail.beetobee.it</a> (Postfix, from userid 33) id 6D9D2291ADE; <u></u><u></u></p></div><div><p class="MsoNormal">To: <<a href="mailto:address1@internal.com" target="_blank">address1@internal.com</a>><u></u><u></u></p>
</div><div><p class="MsoNormal">Subject: .....<u></u><u></u></p></div><div><p class="MsoNormal">MIME-Version: 1.0<u></u><u></u></p></div><div><p class="MsoNormal">Content-Type: text/html; charset="iso-8859-1"<u></u><u></u></p>
</div><div><p class="MsoNormal">X-Mailer: Microsoft Office Outlook, Build 17.551210<u></u><u></u></p></div><div><p class="MsoNormal"><b><span style="background:red">From: <<a href="mailto:address1@internal.com" target="_blank">address1@internal.com</a>> (forged)</span></b><u></u><u></u></p>
</div><div><p class="MsoNormal">Message-ID: <????@<a href="http://mail.beetobee.it" target="_blank">mail.beetobee.it</a>><u></u><u></u></p></div><div><p class="MsoNormal">Date: <u></u><u></u></p></div><div><p class="MsoNormal">
X-TCE-MailScanner-ID: BE94320722.89A9A<u></u><u></u></p></div><div><p class="MsoNormal">X-TCE-MailScanner: Found to be clean<u></u><u></u></p></div><div><p class="MsoNormal">X-TCE-MailScanner-SpamScore: sss<u></u><u></u></p>
</div><div><p class="MsoNormal">X-TCE-MailScanner-From: <a href="mailto:www-data@beetobee.it" target="_blank">www-data@beetobee.it</a><u></u><u></u></p></div><div><p class="MsoNormal">X-Spam-Status: No<u></u><u></u></p></div>
<div><p class="MsoNormal">Return-Path: <a href="mailto:www-data@beetobee.it" target="_blank">www-data@beetobee.it</a><u></u><u></u></p></div><div><p class="MsoNormal">X-MS-Exchange-Organization-AuthSource: <a href="http://Maia.tce.pa" target="_blank">Maia.tce.pa</a><u></u><u></u></p>
</div><div><p class="MsoNormal">X-MS-Exchange-Organization-AuthAs: Anonymous<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">We have SPF configured but I think it only protects envelope sender address.<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Thanks in advance,<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><p class="MsoNormal">-- <br>Thiago Bemerguy<br>
<a href="mailto:thiagobemerguy@gmail.com" target="_blank">thiagobemerguy@gmail.com</a> <u></u><u></u></p></div></div></div></div></div></div><br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Thiago Bemerguy<br><a href="mailto:thiagobemerguy@gmail.com" target="_blank">thiagobemerguy@gmail.com</a>
</div>