Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Full-Disclosure Digest, Vol 39, Issue 25

From: "Jesse Bacon" <dread.roberts () gmail com>
Date: Mon, 12 May 2008 09:01:49 -0400
To get rid of spoofed internal emails you need to use iptables at your
routers and firewalls to disable SMTP (TCP25) traffic from any host other
than your dedicated mail servers.  Set a default policy of DENY for SMTP
traffic and then an ALLOW declaration for each of the mail servers in your
organization.  Additionally disable telnet login for your mail server.  The
use of a security product such as Security Blanket TM (www.trustedcs.com) on
your in-house linux machines will help as well.   As for the issue with
spoofed external e-mails using internal addresses I recommend looking for
security measures  that are  home-brewed.  For example  you could create  a
transparent gig that  contains  a  security code  and embed it in the
signature  of all e-mails originating within your infrastructure.  Then use
a simple script to check for the existence of that file upon receipt.  If
the email does not contain that file then drop before delivery.  Also you
could require PGP signatures.
-Jesse




Message: 13
Date: Mon, 12 May 2008 09:25:42 +0300
From: "shadow floating" <nadengine () googlemail com>
Subject: [Full-disclosure] exchange server spam problem
To: full-disclosure () lists grok org uk
Message-ID:
       <5c1b7500805112325r7df9ec86gc9323621a15f0687 () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

I ve been recently found many supicious emails sent from the internet
to the internal clients using the sender address as a legitimate email
address of one of the internal users, do you know how to configure
exchange server to stop such emails (by authenticating users before
sending for example),....I also suffer from internal email spoofing
that users send each other with spoofed internal emails....any help
would do.
thanks alot



------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

End of Full-Disclosure Digest, Vol 39, Issue 25
***********************************************


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: