-
September 8th, 2005, 04:44 PM
#11
SMTP is a very, nieve protocol. It trusts that you are who you say you are, which from a security (or spam) point of view is BAD. You can turn on SMTP authentication which will require users to authenticate before being able to send. Clients will need to be reconfigured to authenticate. You obviously can't block port 25, or you won't be able to send and receive email, but you should restrict your server from relaying from any IP that is not in your network. This will prevent outsiders from relaying through your server. I don't know the exact steps to do this on your specific server, but atleast the concepts should be the same.
-
September 8th, 2005, 04:45 PM
#12
Member
Originally posted here by morganlefay
Our mail server has email tracking....all internal email.
Maybe yours does too??
MLF
Yes, I think so.
Steve said blocking port 25 will solve the problem if it's from inside, how to do that?
ÍòǧÊÀ½ç¶àÆæÃºÆå«ÓîÖæÊ®ÍòÎÊ¡£
¹Â¶ÀºÚ¿ÍÀë¾ýÈ¥£¬Óû°é¹éÏçÖйúºì¡£
-
September 8th, 2005, 04:49 PM
#13
What is your mail server, most can be configured to only accept a from address that is within a list of allowed domains:
Eg someone@yourdomain.com is ok but someone@anotherdomain.com would be rejected.
However what is very difficult to stop is someone forging the_bos@yourdomain.com.
Consider using some form of authentication on the smtp server (local network side) so that a user must be validated
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
September 8th, 2005, 04:52 PM
#14
Originally posted here by mikema
Steve said blocking port 25 will solve the problem if it's from inside, how to do that?
That's not what I meant, and is not relevant to your situation.
What I was assuming was the your mail server was only handling internal mail but was accessable from outside.
Your situation is stopping internal users from forging internal from address to SE a password etc.
You need to consider user authentication on the internal NIC of your mailserver.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
September 8th, 2005, 04:52 PM
#15
Originally posted here by mikema
Yes, I think so.
Steve said blocking port 25 will solve the problem if it's from inside, how to do that?
If you block port 25, you won't be able to send or receive email. Port 25 is how email servers talk to each other, and how they accept new mail.
When you send an email, it is first sent to your SMTP server via port 25. Then the server connects to the server listed in the MX record of the receiving domain and sends it to that server via port 25. As you can see, having this port open is very much needed.
-
September 8th, 2005, 05:04 PM
#16
Member
Originally posted here by steve.milner
That's not what I meant, and is not relevant to your situation.
What I was assuming was the your mail server was only handling internal mail but was accessable from outside.
Your situation is stopping internal users from forging internal from address to SE a password etc.
You need to consider user authentication on the internal NIC of your mailserver.
Steve
Sorry Steve, I misunderstood.
SO I will suggest to my VP, fire them or configure user authentication.... need find more information...
ÍòǧÊÀ½ç¶àÆæÃºÆå«ÓîÖæÊ®ÍòÎÊ¡£
¹Â¶ÀºÚ¿ÍÀë¾ýÈ¥£¬Óû°é¹éÏçÖйúºì¡£
-
September 8th, 2005, 06:00 PM
#17
I guess it comes down to user name and password authentication
usernames and passwords aren't going to help prevent mail being sent
As I cannot send mail or open my bosses mail...unless I use the admin account...or his account and I would need his password to do that
As for spoofing a "from address"....the email can then be tracked back to the original sender and then dealt with from there.
Unless the sarcasm I sensed wasn't really there but I doubt that.
Just was wondering why I was singled out...
I guess I am just plain misunderstanding the original question.......as with other people
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
September 11th, 2005, 01:19 PM
#18
Junior Member
Originally posted here by mikema
Sorry Steve, I misunderstood.
SO I will suggest to my VP, fire them or configure user authentication.... need find more information...
Ok here's what I understand of your situation. You are worried about people connecting to your port 25 and forging emails? Correct me if I'm wrong.
I'm pretty sure you can set a timing thing so if someone stops typing for a set amount of seconds it will automatically disconnect them from the server. If someone does manage to forge and email, depending on what email program you use, you should be able to find the X-Originating-IP which should be the IP address from the computer that sent the forged mail, then you should be able to track down that IP and report it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|