Full Disclosure mailing list archives
Re: Full-Disclosure Digest, Vol 39, Issue 25
From: "Jesse Bacon" <dread.roberts () gmail com>
Date: Mon, 12 May 2008 09:01:49 -0400
To get rid of spoofed internal emails you need to use iptables at your routers and firewalls to disable SMTP (TCP25) traffic from any host other than your dedicated mail servers. Set a default policy of DENY for SMTP traffic and then an ALLOW declaration for each of the mail servers in your organization. Additionally disable telnet login for your mail server. The use of a security product such as Security Blanket TM (www.trustedcs.com) on your in-house linux machines will help as well. As for the issue with spoofed external e-mails using internal addresses I recommend looking for security measures that are home-brewed. For example you could create a transparent gig that contains a security code and embed it in the signature of all e-mails originating within your infrastructure. Then use a simple script to check for the existence of that file upon receipt. If the email does not contain that file then drop before delivery. Also you could require PGP signatures. -Jesse
Message: 13 Date: Mon, 12 May 2008 09:25:42 +0300 From: "shadow floating" <nadengine () googlemail com> Subject: [Full-disclosure] exchange server spam problem To: full-disclosure () lists grok org uk Message-ID: <5c1b7500805112325r7df9ec86gc9323621a15f0687 () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 I ve been recently found many supicious emails sent from the internet to the internal clients using the sender address as a legitimate email address of one of the internal users, do you know how to configure exchange server to stop such emails (by authenticating users before sending for example),....I also suffer from internal email spoofing that users send each other with spoofed internal emails....any help would do. thanks alot ------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ End of Full-Disclosure Digest, Vol 39, Issue 25 ***********************************************
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Full-Disclosure Digest, Vol 39, Issue 25 Jesse Bacon (May 12)