Sign in
 
HomeOnline20132010Other VersionsLibraryForumsGalleryEHLO Blog
TechCenter >
Why Exchange Server not Secure ???

Discussion Why Exchange Server not Secure ???

  • Sunday, January 20, 2013 5:06 PM
     
     
    Sign In to Vote
    0
    Hi Experts,

    This is a basic question related to Exchange server not specific to Versions like 2003,2010...
    Today i create Exchange server 2003 for R&N purpose in my LAN and give it to Domain name @microsoft.com and create under one fraud email id like " Futurezone@microsoft.com" with password
    and after i sent one mail from "Futurezone@microsoft.com" to other domain
    like my @Gmail.com id (ks@gmail.com).
    Just Wierd..Mail is going and i got mail from @microsoft id on my @gmail id.

    After that i tried all Existing popular Domain names for sending mail through given below Domains,
    1. @cisco.com
    2. @msexchange.org
    3. @yahoo.com
    4. @polycom.net

    I am able to send mail through all above domains which i have configured with Exchange server.

    How is it possible ? Plz Explain what Reason behind this ?

    How can we stop it, so that nobody can use other domain's email
    for sending Purpose  ??



    KS

     

All Replies

  • Sunday, January 20, 2013 7:49 PM
     
     
    Sign In to Vote
    0
    On Sun, 20 Jan 2013 17:06:43 +0000, KuldeepMCSA wrote:
     
    >Hi Experts, This is a basic question related to Exchange server not specific to Versions like 2003,2010... Today i create Exchange server 2003 for R&N purpose in my LAN and give it to Domain name @microsoft.com and create under one fraud email id like " Futurezone@microsoft.com" with password and after i sent one mail from "Futurezone@microsoft.com" to other domain like my @Gmail.com id (ks@gmail.com). Just Wierd..Mail is going and i got mail from @microsoft id on my @gmail id. After that i tried all Existing popular Domain names for sending mail through given below Domains, 1. @cisco.com 2. @msexchange.org 3. @yahoo.com 4. @polycom.net I am able to send mail through all above domains which i have configured with Exchange server. How is it possible ? Plz Explain what Reason behind this ? How can we stop it, so that nobody can use other domain's email for sending Purpose ?? KS
     
    It's really up to the domain owner to deal with this, and also the
    operator of the receiving MTA. Address spoofing is can be detected
    with either SPF or SenderID.
     
    If you don't allow anonymous SMTP connections on your SMTP server and
    you don't allow authenticated senders to use any SMTP address except
    their own, and you don't assign any primary SMTP addresses other than
    those you "own" on objects in your AD you should be okay on the
    sending side.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
     
  • Monday, January 21, 2013 6:13 AM
     
     
    Sign In to Vote
    0

    Hi Rich,

    "If you don't allow anonymous SMTP connections on your SMTP server and
    you don't allow authenticated senders to use any SMTP address except
    their own, and you don't assign any primary SMTP addresses other than
    those you "own" on objects in your AD you should be okay on the

    sending side."  

    Plz explain these lines in simple way with example so that i can easily understand

    Second thing, I am able to send mail using @microsoft.com that means

    Micorosoft not configured own Mail server properly or securely...

    How can i secure my Domainname @BigBol.com

    so that Nobody can use my domain name for sending mail .

    plz tell me  Configuration with step by step procedure....

    KS






    • Edited by KuldeepMCSA Monday, January 21, 2013 7:07 AM
    •  
     
  • Tuesday, January 22, 2013 3:37 AM
     
     
    Sign In to Vote
    0
    On Mon, 21 Jan 2013 06:13:24 +0000, KuldeepMCSA wrote:
     
    >Hi Rich,
    >
    >"If you don't allow anonymous SMTP connections on your SMTP server and you don't allow authenticated senders to use any SMTP address except their own, and you don't assign any primary SMTP addresses other than those you "own" on objects in your AD you should be okay on the
    >
    >sending side."
    >
    >Plz explain these lines in simple way with example so that i can easily understand
     
    The simple explanation is that you need to secure your server.
     
    You also need to understand that SMTP is an insecure protocol. It
    wasn't designed with security as a goal.
     
    >Second thing, I am able to send mail using @microsoft.com that means
    >Micorosoft not configured own Mail server properly or securely...
     
    It has nothing at all to do with Microsoft's servers. It has to do
    with the receiving MTA not using SPF or SenderID.
     
     
    >How can i secure my Domainname @BigBol.com
    >so that Nobody can use my domain name for sending mail .
     
    You can't prevent that. All you can do is inform others of the IP
    addresses that you authorize to send e-mail on behalf of your domain.
    You cannot force them to use that information.
     
    >plz tell me Configuration with step by step procedure....
     
    http://openspf.org
    http://www.microsoft.com/senderid
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
     
  • Tuesday, January 22, 2013 5:58 AM
     
     
    Sign In to Vote
    0

    Hi Rich,

    As you stated, 

    You can't prevent that. All you can do is inform others of the IP
    addresses that you authorize to send e-mail on behalf of your domain.
    You cannot force them to use that information.
     

    You mean to say, anyone or outsider person can create existing domain name

    in own Exchange server....and send mail through it with own public ip and there is

    no solution for that. I am not saying that nobody can send mail , here i am talking about

    authentication. Let's take example:

    I have Exchange Server with public ip (22.33.44.55) and MX record hosted

    for domain @Bigbol.com, that means i am legal user of this Domain. Now,

    Any Fraud Person made  Exchange server with domain name @Bigbol.com

    in own LAN with own Public ip (89.35.11.22) and no MX record hosted, 

    just for testing purpose and he is able to sending mail through @Bigbol.com.

    How to restrict other public ip with our trusted domainname, that is my question to you.......

    .

    Second question, I am getting lot of SPAM mails from different Domains.

    how can i protect my Exchange Mail server 2003, is it done through any internal SMTP

    settings of Mail server or We need to buy any Anti-Spam software.

    Plz suggest me best solution

    KS





    • Edited by KuldeepMCSA Tuesday, January 22, 2013 9:26 AM
    •  
     
  • Wednesday, January 23, 2013 2:13 AM
     
     
    Sign In to Vote
    1
    On Tue, 22 Jan 2013 05:58:17 +0000, KuldeepMCSA wrote:
     
    >As you stated, You can't prevent that. All you can do is inform others of the IP addresses that you authorize to send e-mail on behalf of your domain. You cannot force them to use that information.
    >
    >
    >
    >You mean to say, anyone or outsider person can create existing domain name
    >in own Exchange server....and send mail through it with own public ip and there is
    >no solution for that.
     
    Why limit the discussion to Exchange? If e-mail address spoofing was
    preventable there's be a helluva lot less spam.
     
    >>I am not saying that nobody can send mail , here i am talking about
    >authentication. Let's take example:
    >
    >I have Exchange Server with public ip (22.33.44.55) and MX record hosted
    >for domain @Bigbol.com, that means i am legal user of this Domain. Now,
    >Any Fraud Person made Exchange server with domain name @Bigbol.com
    >in own LAN with own Public ip (89.35.11.22) and no MX record hosted,
    >just for testing purpose and he is able to sending mail through @Bigbol.com.
     
    What about all those compromised PC's on the Internet? Shouldn't they
    be included in this, too?
     
    There is NOTHING that prevents ANYONE from sending e-mail using ANY
    domain in the MAIL FROM command. SMTP is an insecure protocol. It's
    that simple.
     
    >How to restrict other public ip with our trusted domainname, that is my question to you.......
     
    All you can do is publish your data in SPF format in your public DNS.
    Whether others will use that information is up to them. You can
    configure your server to use SPF and you won't receive any e-mail from
    IP addresses you haven't authorized in you two (v1 and v2) SPF TXT
    records. You should also publish a SPF record for each of your
    Internet-facing SMTP servers so HELO\EHLO data can be verified.
     
    >Second question, I am getting lot of SPAM mails from different Domains.
    >how can i protect my Exchange Mail server 2003, is it done through any internal SMTP
    >settings of Mail server or We need to buy any Anti-Spam software.
    >
    >Plz suggest me best solution
     
    If you're not running Exchange 2013 you can use Forefront Protection
    for Exchange Server and their Anti-Spam engine (Cloudmark). Or you can
    use FOPE or some other outsourced package. Or you can use a security
    appliance. Or you can use Linux and SpamAssassin.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
     
  • Wednesday, January 23, 2013 6:58 AM
     
     
    Sign In to Vote
    0

    Hi Rich,

    OK I got it, You mean to say, If i configured SPF record for my domain name & ip address then after

    nobody can use mydomainname(@Bigbol.com)  bogus email address without authentication.

    am i right ??

    I was confused bcoz Some of Bulk emailer companies send lot of emails without Authentication

    like this, means only enter email address in "FROM" field without password......

    KS

    • Edited by KuldeepMCSA Wednesday, January 23, 2013 7:16 AM
    •  
     
  • Wednesday, January 23, 2013 10:46 PM
     
     
    Sign In to Vote
    0
    On Wed, 23 Jan 2013 06:58:20 +0000, KuldeepMCSA wrote:
     
    >OK I got it, You mean to say, If i configured SPF record for my domain name & ip address then after
    >nobody can use mydomainname(@Bigbol.com) bogus email address without authentication.
    >am i right ??
     
    Not really.
     
    Just because you create the necessary SPF records doesn't mean that
    they'll be used universally. SPF and SenderID don't prevent anyone
    from *sending* anything. What they do is inform the world that the
    email address using your domain is only to be trusted if it arrives
    from an IP address you authorize.
     
    If a MTA doesn't use SPF or SenderID then whether you have SPF data
    published in a public DNS or not is irrelevant.
     
    >I was confused bcoz Some of Bulk emailer companies send lot of emails without Authentication
     
    So do you. ;-) Anonymous SMTP is how almost ALL e-mail is delivered on
    the Internet.
     
    >like this, means only enter email address in "FROM" field without password......
     
    I'm sorry, but you're badly confusing the control you have over YOUR
    server with the use of e-mail on the Internet.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
     
  • Friday, January 25, 2013 7:19 AM
     
     
    Sign In to Vote
    0

    Hi Rich,

    No Sorry plz......

    Thank you for your help! Much appreciated

    KS