<div dir="ltr">Hello,<div><br></div><div>I have an Exchange 2010 server with MailScanner for filtering external messages. The users are receiving phishing messages from outside my network with FROM header forged with email addresses from my domain. Is there any way to avoid that messages from outside come with certain email addresses, like filtering email and ip address or MTA hostname?</div>
<div><br></div><div>Following the header of the phishing message</div><div><br></div><div><div>Received: from ???.com (????) by ???</div><div> (????) with ????</div><div>Received-SPF: none (<a href="http://beetobee.it">beetobee.it</a>: No applicable sender policy available) receiver=????.com; identity=mailfrom; envelope-from="<a href="mailto:www-data@beetobee.it">www-data@beetobee.it</a>"; helo=<a href="http://mail.beetobee.it">mail.beetobee.it</a>; client-ip=???</div>
<div>X-Greylist: delayed 1335 seconds by postgrey-1.32 at ????; </div><div>Received: from <a href="http://mail.beetobee.it">mail.beetobee.it</a> (<a href="http://mail.blucamera.it">mail.blucamera.it</a> [82.85.28.154])<span class="" style="white-space:pre"> </span>by</div>
<div>???.com (Postfix) with ESMTP id BE94320722<span class="" style="white-space:pre"> </span>for</div><div> <<a href="mailto:address1@internal.com">address1@internal.com</a>>; </div><div>Received: by <a href="http://mail.beetobee.it">mail.beetobee.it</a> (Postfix, from userid 33)<span class="" style="white-space:pre"> </span>id 6D9D2291ADE; </div>
<div>To: <<a href="mailto:address1@internal.com">address1@internal.com</a>></div><div>Subject: .....</div><div>MIME-Version: 1.0</div><div>Content-Type: text/html; charset="iso-8859-1"</div><div>X-Mailer: Microsoft Office Outlook, Build 17.551210</div>
<div><b style="background-color:rgb(255,0,0)">From: <<a href="mailto:address1@internal.com">address1@internal.com</a>> (forged)</b></div><div>Message-ID: <????@<a href="http://mail.beetobee.it">mail.beetobee.it</a>></div>
<div>Date: </div><div>X-TCE-MailScanner-ID: BE94320722.89A9A</div><div>X-TCE-MailScanner: Found to be clean</div><div>X-TCE-MailScanner-SpamScore: sss</div><div>X-TCE-MailScanner-From: <a href="mailto:www-data@beetobee.it">www-data@beetobee.it</a></div>
<div>X-Spam-Status: No</div><div>Return-Path: <a href="mailto:www-data@beetobee.it">www-data@beetobee.it</a></div><div>X-MS-Exchange-Organization-AuthSource: <a href="http://Maia.tce.pa">Maia.tce.pa</a></div><div>X-MS-Exchange-Organization-AuthAs: Anonymous</div>
<div><br></div><div>We have SPF configured but I think it only protects envelope sender address.</div><div><br></div><div>Thanks in advance,</div><div><br></div>-- <br>Thiago Bemerguy<br><a href="mailto:thiagobemerguy@gmail.com" target="_blank">thiagobemerguy@gmail.com</a>
</div></div>