Announcement

Collapse
No announcement yet.

Domain checking

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain checking

    I have a customer who's exchange server seems to be allowing mail to be send from a recipient from non-existant domains such as "[email protected]".

    Is there any way for exchange to test if a domain actually exists before allowing mail to pass onto users?
    Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

  • #2
    Re: Domain checking

    I remember i was looking this up long time again when we had the same problem as your client. This url will help greatly : http://technet.microsoft.com/en-us/m...f.aspx?pr=blog

    Below is some information from the site for people who doesnt like clicking links (that includes me too )

    Many identification and filtering technologies have been developed in response to the growing threat of spam. To be effective, they rely on asking certain questions about each e-mail message, suchas who sent it. Unfortunately, the fundamental question of who sent the message is not always easy to answer. E-mail is typically sent over the Internet without any authentication of the sender or the computers acting on the sender's behalf. The fact is, sending an e-mail message while pretending to be someone else is simple, and there is no automated method of detecting spoofed messages.

    Configuring Sender ID

    In Exchange Server 2007, the Sender ID agent can be enabled on servers that have the Edge Transport role installed. If the Sender ID agent is enabled, it will filter messages that are coming through the receive connectors-all incoming (from external sources) non-authenticated traffic will be subject to Sender ID processing.

    Comment


    • #3
      Re: Domain checking

      Thanks, it's enabled from what I can see. I have changed it though to reject the message rather than just add the information to the email headers. Shall see if that helps.
      Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

      Comment


      • #4
        Re: Domain checking

        SenderID doesn't AFAIK have any bearing on email going through your server. SenderID is a mechanism to combat spam going to your server. If you have someone relaying through the server then SenderID is not going to help.

        You need to make sure the server is not an open relay.

        Could this be one of the users sending email from an iPhone or other mobile device?

        Comment


        • #5
          Re: Domain checking

          It's mail coming from an external source. Here's an example...

          >,"220 mail.externaldomain.com Microsoft ESMTP MAIL Service ready at Fri, 4 Dec 2009 10:53:24 +0000",
          <,EHLO desktop,
          >,250-mail.externaldomain.com Hello [xxx.xxx.xxx.xxx],
          >,250-SIZE 10485760,
          >,250-PIPELINING,
          >,250-DSN,
          >,250-ENHANCEDSTATUSCODES,
          >,250-STARTTLS,
          >,250-AUTH,
          >,250-8BITMIME,
          >,250-BINARYMIME,
          >,250 CHUNKING,
          <,MAIL FROM: <[email protected]>,
          *,08CC42047B5E76D1;2009-12-04T10:53:25.557Z;1,receiving message
          >,250 2.1.0 Sender OK,
          <,RCPT TO: <[email protected]>,
          >,250 2.1.5 Recipient OK,
          <,DATA,
          >,354 Start mail input; end with <CRLF>.<CRLF>,

          The server passes all open relay tests. It's odd though these non-FQDN's seem to bypass the servers anti-spam software from what I can tell.
          Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

          Comment


          • #6
            Re: Domain checking

            OK, I misunderstood your original post. Emails are coming in from what you believe to be bogus domains to recipients on the exchange server, right? In that case SenderId might help. SenderID doesn't validate the domain (AFAIK there's no mechanism that checks the validity of a domain) but SenderID can validate that the sending MTA is listed as an "authorative" sending MTA for the sending domain. Be careful how you configure the SenderID options as many legitimate domains don't have SPF records and you could wind up blocking legitimate email.

            Comment


            • #7
              Re: Domain checking

              I do agree with joeqwerty as there will be alot of false positives with senderID. We faced the same problem. Not all domains have required sfp records in place.

              Comment


              • #8
                Re: Domain checking

                Yeah I don't think Exchange is configured that way. From what I read from the above article the exchange server will reject messages if mail is coming from a domain which does have SPF configured but the incoming mail received doesn't match the SPF. In other words it doesn't resolve my problem. In any case, mail is still coming from "[email protected]" type emails but the anti-spam does look to be flagging them as spam. Seems the odd one still escapes though.
                Last edited by ]SK[; 4th December 2009, 15:58.
                Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                Comment


                • #9
                  Re: Domain checking

                  Yeah, unfortunately there's no sure-fire, 100% accurate antispam solution. You'll always have a few that slip through.

                  Comment


                  • #10
                    Re: Domain checking

                    You may need to invest in some third party anti-spam software if you are finding the levels of spam are too high for your users. Exchange 2007 doesn't do a bad job for many organisations but third party software may go one step further to eliminate spam, including the type you face. You can normally get 30, 60 day trials, might be worth giving a few a go and see how you get on.

                    Shaun

                    Comment


                    • #11
                      Re: Domain checking

                      I have Anti-Spam. It is trapping some mail it seems. Some though seems to get though and end up erroring. For some reason the Exchange then wants to return the failed mail. Which of course it can't.
                      Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                      Comment

                      Working...
                      X