Domain checking

This topic contains 10 replies, has 4 voices, and was last updated by  Anonymous 8 years, 11 months ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts

  • ]SK[
    Member
    #146226

    I have a customer who’s exchange server seems to be allowing mail to be send from a recipient from non-existant domains such as “[email protected]”.

    Is there any way for exchange to test if a domain actually exists before allowing mail to pass onto users?


    Anonymous
    #368589

    Re: Domain checking

    I remember i was looking this up long time again when we had the same problem as your client. This url will help greatly : http://technet.microsoft.com/en-us/magazine/2006.12.sidf.aspx?pr=blog

    Below is some information from the site for people who doesnt like clicking links (that includes me too :p)

    Many identification and filtering technologies have been developed in response to the growing threat of spam. To be effective, they rely on asking certain questions about each e-mail message, suchas who sent it. Unfortunately, the fundamental question of who sent the message is not always easy to answer. E-mail is typically sent over the Internet without any authentication of the sender or the computers acting on the sender’s behalf. The fact is, sending an e-mail message while pretending to be someone else is simple, and there is no automated method of detecting spoofed messages.

    Configuring Sender ID

    In Exchange Server 2007, the Sender ID agent can be enabled on servers that have the Edge Transport role installed. If the Sender ID agent is enabled, it will filter messages that are coming through the receive connectors-all incoming (from external sources) non-authenticated traffic will be subject to Sender ID processing.


    ]SK[
    Member
    #310737

    Re: Domain checking

    Thanks, it’s enabled from what I can see. I have changed it though to reject the message rather than just add the information to the email headers. Shall see if that helps.


    joeqwerty
    Moderator
    #303070

    Re: Domain checking

    SenderID doesn’t AFAIK have any bearing on email going through your server. SenderID is a mechanism to combat spam going to your server. If you have someone relaying through the server then SenderID is not going to help.

    You need to make sure the server is not an open relay.

    Could this be one of the users sending email from an iPhone or other mobile device?


    ]SK[
    Member
    #310738

    Re: Domain checking

    It’s mail coming from an external source. Here’s an example…

    >,”220 mail.externaldomain.com Microsoft ESMTP MAIL Service ready at Fri, 4 Dec 2009 10:53:24 +0000″,
    < ,EHLO desktop,
    >,250-mail.externaldomain.com Hello [xxx.xxx.xxx.xxx],
    >,250-SIZE 10485760,
    >,250-PIPELINING,
    >,250-DSN,
    >,250-ENHANCEDSTATUSCODES,
    >,250-STARTTLS,
    >,250-AUTH,
    >,250-8BITMIME,
    >,250-BINARYMIME,
    >,250 CHUNKING,
    < ,MAIL FROM: ,
    *,08CC42047B5E76D1;2009-12-04T10:53:25.557Z;1,receiving message
    >,250 2.1.0 Sender OK,
    < ,RCPT TO: ,
    >,250 2.1.5 Recipient OK,
    < ,DATA,
    >,354 Start mail input; end with .,

    The server passes all open relay tests. It’s odd though these non-FQDN’s seem to bypass the servers anti-spam software from what I can tell.


    joeqwerty
    Moderator
    #303072

    Re: Domain checking

    OK, I misunderstood your original post. Emails are coming in from what you believe to be bogus domains to recipients on the exchange server, right? In that case SenderId might help. SenderID doesn’t validate the domain (AFAIK there’s no mechanism that checks the validity of a domain) but SenderID can validate that the sending MTA is listed as an “authorative” sending MTA for the sending domain. Be careful how you configure the SenderID options as many legitimate domains don’t have SPF records and you could wind up blocking legitimate email.


    Anonymous
    #368590

    Re: Domain checking

    I do agree with joeqwerty as there will be alot of false positives with senderID. We faced the same problem. Not all domains have required sfp records in place. :)


    ]SK[
    Member
    #310739

    Re: Domain checking

    Yeah I don’t think Exchange is configured that way. From what I read from the above article the exchange server will reject messages if mail is coming from a domain which does have SPF configured but the incoming mail received doesn’t match the SPF. In other words it doesn’t resolve my problem. In any case, mail is still coming from “[email protected]” type emails but the anti-spam does look to be flagging them as spam. Seems the odd one still escapes though.


    joeqwerty
    Moderator
    #303074

    Re: Domain checking

    Yeah, unfortunately there’s no sure-fire, 100% accurate antispam solution. You’ll always have a few that slip through.

    #363711

    Re: Domain checking

    You may need to invest in some third party anti-spam software if you are finding the levels of spam are too high for your users. Exchange 2007 doesn’t do a bad job for many organisations but third party software may go one step further to eliminate spam, including the type you face. You can normally get 30, 60 day trials, might be worth giving a few a go and see how you get on.

    Shaun


    ]SK[
    Member
    #310740

    Re: Domain checking

    I have Anti-Spam. It is trapping some mail it seems. Some though seems to get though and end up erroring. For some reason the Exchange then wants to return the failed mail. Which of course it can’t.

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.