Re: Restricting Incoming Email in Exchange by From Address

[Greg Jones <grjones () gmail com>]

Tim et al,

Please see my original email.  Encryption is nice, but that's not what
I'm going for here. I am wanting to filter out forged From addresses. 
Lots of you have responded with a solution to filter based on From
addresses, but most of these solutions would filter legitimate email
as well.  Again, I want to reject emails that come in from the
Internet via SMTP that have mydomain.com in the From address.  But, I
want to allow emails that come from the Internet via Exchange since
the sender is effectively authenticated.

Using a sendmail/postfix server to handle SMTP traffic would work
(block any email with a From address of mydomain.com and just let
Exchange do it's thing since it won't go thru the sendmail/postfix
server).  But what I'm really look for here, is a way to do this in
Exchange itself; without another mail server.

Thanks

Greg

On 6/29/05, Tim Hayes <morphieus () earthlink net> wrote:
>  I understand wanting to limit the availability to send unencrypted email
> across the internet but unless you are setting up your imap/pop accounts
> with SSL you won't be resolving anything.
>
> You can setup recipient filter in the global policy and then apply this
> filter in the advanced interface properties of you SMTP virtual server.
>
> Unless you have a front end server with a dedicated SMTP connector, you may
> need to create an additional internal SMTP connector listening on another IP
> to allow systems management email to be distributed internally.
>
> An explaination of your messaging topology would be really helpful
>
> Regards,
>
> Tim
>
> -----Original Message-----
> From: Greg Jones [mailto:grjones () gmail com]
> Sent: Friday, June 24, 2005 11:06 AM
> To: Gaddis, Jeremy L.
> Cc: security-basics () securityfocus com
> Subject: Re: Restricting Incoming Email in Exchange by From Address
>
> That's exactly it.  The Brandon Lockhart email was good (using sendmail or
> qmail gateway to block it there).  But I wonder if this is possible in
> Exchange.
>
> Greg
>
> On 6/22/05, Gaddis, Jeremy L. <jlgaddis () ivytech edu> wrote:
> > I think some of you may be misunderstanding what the OP is wanting.
> >
> > To clarify, I believe he wants to configure Exchange so that it will
> > not accept mail from outside servers that say it's from hisdomain.com.
> > I could be wrong here, but that's what I gathered.  This would force
> > users to send e-mail directly through the Exchange server (either via
> > Outlook or OWA).  A user with a 3rd-party mail client connecting to
> > 25/TCP from home would not be able to send e-mail to an Exchange
> > recipient with a From: address of their work domain.
> >
> > -j
> >
> > --
> > Jeremy L. Gaddis   <jlgaddis () ivytech edu>
> > Special Projects Manager
> > Computer & Technology Services
> > Ivy Tech State College, Bloomington
> > 812.330.6156 (w)   812.797.6176 (m)
> >
> >
> > -----Original Message-----
> > From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com]
> > Sent: Tuesday, June 21, 2005 10:31 AM
> > To: Greg Jones; Steve
> > Cc: security-basics () securityfocus com
> > Subject: RE: Restricting Incoming Email in Exchange by From Address
> >
> > No additional security checking is involved here, but why not use the
> > Exchange General/Delivery Restrictions screen (Under user properties
> > in
> > AD) to limit who the user can receive email from? Domain or Proxy
> > server authentication to an OWA server should take care of the
> > authentication issue.
> >
> > -----Original Message-----
> > From: Greg Jones [mailto:grjones () gmail com]
> > Sent: Monday, June 20, 2005 6:03 PM
> > To: Steve
> > Cc: security-basics () securityfocus com
> > Subject: Re: Restricting Incoming Email in Exchange by From Address
> >
> >
> > Without explaining why, some of our employees require pop/imap access
> > to our exchange server from the Internet (they only need this for
> > receiving mail, and don't need smtp).   So when email from the
> > Internet comes in from a @mydomain.com address, I want to make sure
> > that whomever sent it is authenticated (using exchange), and reject
> > the traditional unauthenticated SMTP traffic when the From address is
> > a @mydomain.com address.  I will look at SPF more, but it seems to me
> > that what I'm trying to do should be pretty simple and effective.
> >
> > Thanks
> >
> > Greg
> >
> > On 6/20/05, Steve <securityfocus () delahunty com> wrote:
> > > Not sure I follow on the first part.  Your users can connect to your
> > > Exchange server via other clients like POP? If so, turn off POP/IMAP.
> >
> > > For spoofing/phishing check out using reverse DNS lookups with
> > > Exchange and/or SPF.  That will improve your overall email security.
> > >
> > > STEVE
> > > ----- Original Message -----
> > > From: "Greg Jones" <grjones () gmail com>
> > > To: <security-basics () securityfocus com>
> > > Sent: Saturday, June 18, 2005 12:30 PM
> > > Subject: Restricting Incoming Email in Exchange by From Address
> > >
> > >
> > > In Exchange (any version), I would like to disallow email coming
> > > from the Internet (smtp) that has a From address of my domain.  This
> > > would force our employees to use OWA or Exchange (via VPN of
> > > course).  This would help with phishing and worms that are fooling
> > > some of our employees (e.g., emails from admin () mydomain com).  Is this
> possible?
> > >  Greg