Educause Security Discussion mailing list archives

Re: Filtering outgoing email

From: Jeremy Mooney <jmooney.edulists () GMAIL COM>
Date: Tue, 23 Jun 2009 12:06:23 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gary Flynn wrote on 6/23/09 10:52 :

Joe Vieira wrote:

We do two things here.

Both of which work VERY well, both are free and have been super reliable.

the first of which is
http://code.google.com/p/anti-phishing-email-reply/ the use of this.


Has anyone incorporated this into an Exchange or Mirapoint
environment? Our Exchange admin is running into limits and
I'm wary about Mirapoint filter limits.


Yes, we have it integrated into Exchange. A script creates dynamic
contact objects for anything listed as seen within a timeframe, which is
then set as only allowing itself (authenticated) to send to it. Someone
attempting to send to it gets the general no permission to send to that
address message. The same concept could be set for a group dynamic
object (not dynamic group) rather than contact if you wanted to redirect
them rather than block.

With a sanitized $address and $laddress, and connected as an address
that can create and modify contact objects in the desired OU:

 $ldap->add( "CN=$address,OU=Phishing Blocks,DC=example,DC=com",
                 attr => [
                 'cn'    => $address,
                 'displayName'   => $address,
                 'name'  => $address,
                 'mail'  => $address,
                 'mailNickname'  => $laddress,
                 'objectClass'   =>
['top','person','organizationalPerson','contact','dynamicObject'],
                 'entryTTL'      => 15552000,
                 'proxyAddresses'        =>
["SMTP:$address","smtp:$laddress\@example.com"],
                 'targetAddress' => "SMTP:$address",
                 'msExchHideFromAddressLists'    => 'TRUE',
                 'msExchRequireAuthToSendTo'     => 'TRUE']);

 $ldap->modify( "CN=$address,OU=Phishing Blocks,DC=example,DC=com",
                 replace => [
                 'authOrig'      => ["CN=$address,OU=Phishing
Blocks,DC=example,DC=com"]]);


The separate modify for authOrig is due to AD needing the object to
exist before it can created the linked value. Hope this helps.

- --
Jeremy Mooney
ITS - Bethel University
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iF0EARECAB0FAkpBC48WGGhrcDovL3N1YmtleXMucGdwLm5ldAAKCRBiEJEZ/xdg
ls4UAJ9wSi9ptynEQrJQmL7Ist7T1UzNOQCdFBYE0pcHUxlLvR80XTO0F8PioHw=
=qW4G
-----END PGP SIGNATURE-----

Current thread:

Filtering outgoing email Kellogg, Brian D. (Jun 23)
- <Possible follow-ups>
- Re: Filtering outgoing email Pete Hickey (Jun 23)
- Re: Filtering outgoing email Gregg, Christopher S. (Jun 23)
- Re: Filtering outgoing email Joe Vieira (Jun 23)
- Re: Filtering outgoing email HALL, NATHANIEL D. (Jun 23)
- Re: Filtering outgoing email Gary Flynn (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Charles Seitz (Jun 23)
- Re: Filtering outgoing email Joe Vieira (Jun 23)
- Re: Filtering outgoing email Jeremy Mooney (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Irish, Adrian L (Jun 23)
- Re: Filtering outgoing email Jesse Thompson (Jun 24)
- Re: Filtering outgoing email Todd Clementz (Jun 24)