Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Exchange 2007 SP1 Spoofing

  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2007 SP1 Spoofing

    my setup:
    all servers(dns, sql, iis, exch...) win2k3 r2 64bit (uk english)
    exchange 2007 sp1 64bit(migrated from 2003)

    anyone either internally or externally can create an outlook email(pop, imap...) account using a username/mailbox address and the mail servers (external)fqdn. they cant receive but they can send from anyone they choose eg mail looks like its from the managing directors email but its from joe bloggs. no passwords are required.

    if the "require all senders auth..." is ticked no external mail is received to the mailbox.

    scl etc works perfectly for every other message type but these spoof smtp sends always get through.

    all connectors are set to either basic/tls authentication

    any ideas how to stop this???

    S. (MCSA:Messaging 2003)

  • #2
    Re: Exchange 2007 SP1 Spoofing

    changed the send connector to do tls(domain auth) as well as mx lookup and internally asks for password now

    (things change here magically)
    Last edited by shimon2008; 21st April 2008, 14:39. Reason: spelling


    • #3
      Re: Exchange 2007 SP1 Spoofing

      ok guys this is not good(mashu lo tov)

      adding domainauth as above sorted it for internal users, external users can still send on behalf of anyone in the company! without even a hint of passwords

      anyone any ideas?

      (if i typed ch*rah would i get into trouble?eyn bayah em ha'machshev o ha'reshet, rack ze???ma asiti, ma yosey?)


      • #4
        Re: Exchange 2007 SP1 Spoofing

        There are two things that I can think of
        1. Anyone can spoof a sender address for any domain. SMTP is completely insecure. SO are you sure these messages are actualy coming from your domain or are they just spam (or someone doing it on purpose?)

        2. You are allowing relaying for your SMTP server. Exchange is not open by default so it could just be a config issue.

        These might be a good read, plus links

        and for your final question, if you have to ask...

        Please read this before you post:

        Quis custodiet ipsos custodes?