Announcement

Collapse
No announcement yet.

Spam from internal emails

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spam from internal emails

    Hi All-

    I've done some searches and haven't found quite what I'm looking for- so I apologize if this is right under my nose... but...

    I'm running Exchange 2003 on Windows Server 2003 and am in the middle of migrating to Exchange 2007 on Windows Server 2008.

    The problem I'm running into (unrelated to the migration) is that users are receiving spam from clever spammers using the recipient's email address as the "from".

    For example, my email address "[email protected]" is getting spam FROM "[email protected]".

    I did some poking around and discovered that even though my server is not allowing email relaying (you need to authenticate to send email outside of mydomain.com), it does allow sending within my domain without authentication.

    So, this allows anyone who has an email address of someone within my organization to send that person an email using their own email address --- or even some other email address as long as it ends with @mydomain.com.

    How can I restrict this? I noticed that with some other email applications, this is still allowed although the server is smart enough to notice these email and put them in junk.

    In my mind this is a major security hole, anyone with some words of wisdom or a direction to point me towards?

    Thanks!

  • #2
    Re: Spam from internal emails

    Not a security hole at all. This is how SMTP email is designed to work.
    All spam is spoofed and using the same domain as the recipient is one of the oldest spammers tricks. It is also hard to stop effectively, because of the amount of the "send to friend" which effectively spoof the email.

    If you have an antispam application it should be dealing with these as any other spam. Ensure that you haven't white-listed your own domain (which is why the spammers do it). If you aren't using an antispam application then you will need to look at putting one in place.

    There are no settings you can apply to a native Exchange server without third party software that will stop these kinds of messages - they are just spam.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Spam from internal emails

      Hi

      Check this setting,

      SMTP Protocol > Properties > Access > Authenticate > Users
      Under this only authenticated users SHUD have ONLY submit permission.
      verify this option
      Thanks & Regards
      v-2nas

      MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
      Sr. Wintel Eng. (Investment Bank)
      Independent IT Consultant and Architect
      Blog: http://www.exchadtech.blogspot.com

      Show your appreciation for my help by giving reputation points

      Comment


      • #4
        Re: Spam from internal emails

        Since you worte you are migrating to E2007: If you are using a Edgeserver you can implement the SPF record for your domain and activate the setting to reject failed SPF checks. This will effectivly stop those kind of spams.

        Comment


        • #5
          Re: Spam from internal emails

          Thank you all very much for your replies, you have given me some great insight into how to solve this problem.

          I had anti-spam installed on the 2003 installation but it expired, and since I'm migrating to 2007 I didn't renew. I adjusted some of the built-in anti-spam functions of Exchange 2003 but they are just not cutting it, obviously.

          I plan to implement an edge server with our new 2007 setup, and I'm glad to hear that I can block these kinds of spams using it.

          Regardless, I intend to shop around and can spend money if needed to implement a good anti-spam solution on the Exchange 2007 server when it goes live. Does anyone have any suggestions? We were running Trend-Micro Client Server Messaging Security on Exchange 2003 and it was OK, but not great.

          Thanks again

          Comment


          • #6
            Re: Spam from internal emails

            SPF records I find are close to useless. If you use them as a hard failure then you will find that you are dropping a lot of email. Edge servers are also a waste of time in my opinion, I can achieve almost the entire feature set with third party products for much less than an Exchange licence (the only that I cannot is aggregated safe senders list, but I wouldn't trust users to control that anyway).

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: Spam from internal emails

              I have come up with a simple way to fix this. Similar to keyword verification, set everyone to have a signature and they are required to include the signature on all emails. Even if they don't include their names, put in place a keyword.
              Then require all emails from that domain require this keyword. I don't have exchange server, but we use this in email filtering.
              I already know I'm not that bright. Please be constructive. Only give your 2cents if it helps. Don't be condesending or demeaning. It doesn't make you look smart. You just look like an arse.
              Chris Robertson
              The Computer Doctor

              Comment

              Working...
              X