Send From allows all users to "spoof" other users in Global Address List

If you use the From box when sending an email it allows 
you to choose any user from the Global address list and 
send an email as that person.  No delegation is set up 
and I do not see any security to prevent this.  How can I 
stop users from Spoofing other users. 

Thanks. 
0
anonymous (74722)
6/28/2004 8:14:07 PM
exchange.admin 57650 articles. 2 followers. Follow

2 Replies
341 Views

Similar Articles

[PageSpeed] 38

sorry, I figued it out. I suffered from premature 
posting. 

 
>-----Original Message-----
>If you use the From box when sending an email it allows 
>you to choose any user from the Global address list and 
>send an email as that person.  No delegation is set up 
>and I do not see any security to prevent this.  How can 
I 
>stop users from Spoofing other users. 
>
>Thanks. 
>.
>
0
anonymous (74722)
6/28/2004 8:33:12 PM
Check the permissions on the store iteself (on the Security tab).  Does any 
all-encompassing group (such as Everyone) have Send As rights listed there?

Regards,
Colby

-- 
Please do not send e-mail directly to this alias.  This alias is for 
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights.


"Ryan" <anonymous@discussions.microsoft.com> wrote in message 
news:228a601c45d4c$77763630$a401280a@phx.gbl...
> If you use the From box when sending an email it allows
> you to choose any user from the Global address list and
> send an email as that person.  No delegation is set up
> and I do not see any security to prevent this.  How can I
> stop users from Spoofing other users.
>
> Thanks. 


0
colbyh (100)
6/28/2004 8:38:32 PM
Reply:

Similar Artilces:

Spoofed?
Below is an email one of my clients recieved. I right clicked on the email and then options: Microsoft Mail Internet Headers Version 2.0 Received: from mgear.com ([xxx.xx.xx.xx] RDNS failed) by xx.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 21 Jan 2005 12:31:23 -0700 Date: Fri, 21 Jan 2005 11:49:33 -0800 Message-Id: <10501211149.AA92016365@mgear.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: "Postmaster" <postmaster@mgear.com> Sender: <postmaster@mgear.com> To: <my email address> Subject: Undeliverable Mail X...

SBS 2003 and ISA 2004 spoof attack
Application event log on sbs 2003 (patched to date) with ISA 2004 is filling up with the following warnings every 10 seconds : Microsoft Firewall Packet filter Event id: 15108 ISA Server detected a spoof attack from Internet Protocol (IP) address 192.168.2.4. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. Often the address listed is 0.0.0.0, but can be almost any subnet (including our own) This seems to coincide with VPN acce...

How to track down spoofed e-mails
A customer of mine is currently having someone sending out e-mail from one or more 3rd party e-mail relay servers not related to his domain where they're putting some made up or dictionary name in the reply to field followed by his domain name. Many times the person in the reply to field doesn't even exist. So when the message comes back, it gets delivered to the postmaster account. For the people that actually receive the e-mail, they think it came from my customers domain, so he's getting a lot of nasty replies asking to be taken off the list. The 2003 Exchange server is als...

Allowing a spoofed address in exchange
I am working with exchange 2003 and an external web app. The web app needs to send messages to addresses within my exchange server, but sends the mail from their servers but masks the address as one of ours. As this looks nice for the recipients the reverse DNS lookup blocks this. I found where to disable the RDNS setting, but I don't want to do this for every instance obviously. Any words of wisdom out there. Thanks. tyler On 9 May 2006 09:26:36 -0700, "tylerw" <tylerw@charter.net> wrote: >I am working with exchange 2003 and an external web app. The web app >need...

Exchanage 2K3... Help with an odd setup... Spoofing address'
Hello there, I wonder if anyone can answer a question with routing/sending mail in slightly odd exchange setup. Basically what I have is two networks A & B each with their own domain, Domain.A and Domain.B, both hidden behind the same firewall (different interfaces, and IP ranges). Each domain has it�s own exchange server (E5.5. on A and E2K3 on B.). Network A sends mail to network B by looking up its MX just like any other host on the internet and vica versa. This is quite simple and works as you�d expect. What I have had happen is a need has arisen for a tiny group of users (r...

Email address spoofed? How?
With this new virus running wild on the net, I'm sure everyone is looking for answers today. If anyone knows, I would like to know how this virus spoofs email addresses? It started today with NDR's being returned with bogus return addresses, but know we are getting emails returned with legitimate email addresses and we are not sending these messages to the receipiants. If I didn't send it, how is this virus getting my email address? Does this mean I have the virus? NAV Corp Edition has the latest def. file and after doing a virus sweep on our system, it can up clean. What...

Spoofed address?
Hi, I have a user getting tons of NDR's as a result of what we believe is a spammer spoofing his address. Is there anything I can do to help this guy? Thanks, Dan On Tue, 12 Jul 2005 11:43:01 -0700, Dan <Dan@discussions.microsoft.com> wrote: >Hi, > I have a user getting tons of NDR's as a result of what we believe is a >spammer spoofing his address. Is there anything I can do to help this guy? >Thanks, >Dan What are you using for Anti-SPAM software? We have a GREAT anti spam service named Postini. The problem is that if I tell it to block NDR's ...

How to track down spoofed e-mails #2
A customer of mine is currently having someone sending out e-mail from one or more 3rd party e-mail relay servers not related to his domain where they're putting some made up or dictionary name in the reply to field followed by his domain name. Many times the person in the reply to field doesn't even exist. So when the message comes back, it gets delivered to the postmaster account. For the people that actually receive the e-mail, they think it came from my customers domain, so he's getting a lot of nasty replies asking to be taken off the list. The 2003 Exchange server is als...

need help with fighting spoofing
Sorry, I do not have a lot of exchange experience, so I need to ask a silly question. How do you stop users from getting flooded with "undeliverable messages" where someone has spoofed their address, other than using a filter in their outbox? You can't. It's not within your control. IF my server decides to bounce undeliverable mails back to the "sender", even though the "sender" is a forged address, thers is nothing YOU can do about it. -- Sincerely, D�j� Ak�m�l�f�, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is ...

Spoof Login dialog
I am receiving a spoof login for MSN, asking "Type your MSN member ID and password to connect to this Internet site. I cannot find the URL that it is going to. After cancelling, it returns in a few minutes. The dialog title is "Sign In" and it displays on the taskbar with an Outlook Icon. Any idea how to block or get rid of this thing? It is persistant, and getting past Norton Internet Security. Aradhana Singh I am assuming (hoping...) you did not type anything in ! You should find the URL in your History file, the URL would help alot to figure out what it is. Tedd --...

Stop spoofing on Exchange 2000
Hi, Currently my mails are hosted by external parties but i have an Exchange 2000 SP4 with POPcorn to download all the mails to Exchange. There's alot of spoof mail coming to users Outlook. Is there any way i can block the spoof mail on Exchange or i need to get the guy who host my mail to do it? Thanks. You need to get a Spam filter or service. The easiest way would probably be to get your email host provider to handle this. If you upgrade Exchange Server 2003 you could use Intelligent Message Filter (IMF) for this purpose. http://www.microsoft.com/exchange/partners/2003/antivir...

Eliminating spoofed rejection messages
I think I know the answer to this but I should finally ask. Users occasionally get messages that look like a message they sent was rejected (spam blocker, invalid address...) but the user knows that they didn't send the original message. Sometimes the message was sent to a domain we are familiar with (client, friend...) and sometimes it's completely foreign to us. Is there any way to; 1) Stop the messages from being sent that appear to have come from my users? 2) Eliminate these false rejection notices? A good anti-spam system can reject some of these. The ones that are ver...

Having problem with spoofing email
Our users just received multiple email from different users outside the company. In the To: line, it shows his user name correctly but when he print those email, the To: line was showing somebody else name on the print out. Is there a way to block this behavior? I'm using E2k3. For some reason our spam (postini) didn't pick up these emails. Thank you, Could you please post the message in raw format (including the mail headers) Petch wrote: > Our users just received multiple email from different users outside the > company. In the To: line, it shows his user name cor...

If I am being spoofed, what to do ?
For the second consecutive week I receive messages that MYORG.ORG is involved in spamming activities. The IP address 152.168.60.211 in fact belongs to my IP address range (it should be a workstation range), but I can't currently find it as active in my internal DNS or DHCP servers. Based on the information below, is there anything that I can do make sure my system is clean ? I do not allow relay on the Exchange servers . ----Original Message----- From: pinder@pcpartner.net [mailto:pinder@pcpartner.net] Sent: Monday, December 27, 2004 9:57 AM To: mycompany@mycompany.com; POSTMASTER...

good product to prevent spoofing and relaying
What is a good appliance that can offload the load and disable spoofing and relaying from my Exchange server? http://www.msexchange.org/tutorials/MF005.html have at look at this! ths will show you how to shut off relaying for un-authorised servers with spoofing have a look at the mail headers, where does the email come from? internally or externally? simon "BigHaig" <haigo@xxxxx.com> wrote in message news:MXXng.1737$NP4.738@newsread1.news.pas.earthlink.net... > What is a good appliance that can offload the load and disable spoofing > and relaying from my Exch...

How to Stop E-mail Spam Spoofing?...
Outlooks 2003 does a great job of filtering out spam...very impressive. However now I am getting spoofed spam, where the spammer uses my e-mail as their return e-mail..leading to tons of bounce-backs to my account. Outlook does not see it as spam, because it's just a bounce-back delivery problem. Any suggestions? I know if I block it, if I even can, Outlook will also block legitimate bounce-backs to me from incorrect addresses, which I almost can live with to get rid of the huge slew of spoofed stuff. Any help would be great...I went through the Microsoft support site but did not ...

Domain spoofing
Hi, I run an Exchange 2003 SP1 (soon to become SP2) \ Windows 2003 SP1 server for a company. I host email for two publicly registered domains. We also use a spam filter located on the same physical server upstream from the email server. For our purposes, this configuration works acceptably. I have SPF records for both domains with softfail enabled -- both companies websites are hosted outside of my network. Recently, users in one of the domains informed me that their inboxes were overwhelmed with a number of NDRs and bouncebacks from various external email systems. Their domain had been...

Undeliverable: system administrator spoof???
Recently 2 users have been getting messages that appear to be from our own exchange server indicating that a message they supposedly sent to themselves failed because the user does not exist. Obviously the users never sent these messges. I am trying to make sense of this to at least have some sort of explaination of how/where these messages are coming from. We have symantec AV enterprise ed. on all computers connected to the domain. no viruses appear to be on the inside. I believe it is simply a spam email worm externally that is spoofing one of our email addresses. I am concerned becaus...

Spam Domain spoofing with POP pickup
Hi, We're have serious problems (using SBS 2003) at the moment with some lovely spammer spoofing our domain name in the from field to emails sent to incorrect addresses at our domain. e.g. the email is addressed to aaa1@mydomain, and has cc's for aa2@mydomain, aa3@mydomain, aa4@mydomain. The from is xyz@mydomain. We are currently using a POP pickup program via GFI to get the email in. Exchange is then examining these emails, and sending them back out, with the CC's. This then comes back in again etc etc. We hit 651MB on our ISP mail box in a few hours last week ! I've l...

spoofing #2
Hi: when i view my groupshied reporting of recently scanned items it shows that my user account is sending out email that i have not sent. Whats up and how do i stop it Thanks Donna Virus, spyware, spam zombie on your workstation? I have mcafee running on all clients all the time, but you still have to run full manual scans to catch things. "donnam" wrote: > Hi: > when i view my groupshied reporting of recently scanned items it shows that > my user account is sending out email that i have not sent. Whats up and how > do i stop it > Thanks Donna donnam <do...

Exchange 2003 allowing spoofed identities, please help.
Well... my exchange 2003 server is allowing spoofed identities (within the same domain) from an external SMTP connection. example: HELO MAIL From: <chrisl@mydomain.net> RCPT To: <johndoe@mydomain.net> DATA From: chrisl@mydomain.net Subject: email problem test - delete To sum up, I can send an email as myself to anyone in my company without being asked for authentication from any connection. How do I fix this? I've tried unchecking "allow anonymous connections" in the smtp tab, but as I suspected, that disables all incoming email from the world. Any help wou...

Stopping Spoofing
What can we do to stop our mail server from being used in spoofing (the Received from portion lists our server but the IP address is not ours) other than SPF? I mean, can we configure anything on our E2K3 server? From what I understand, SPF is done with the public DNS records, is that correct? Our ISP maintains these, I am finding out if they support SPF. We are not being used as a relay (that hole is closed and I just checked the RBL lists anyway). Thanks, Joan On Mon, 24 Jan 2005 16:37:03 -0500, "Joan" <joane@discussions.microsoft.com> wrote: >What can we do to...

How can I block email spoofing our domain?
We are getting emails immitating our domain to our domain. They look internal, but their being mailed from the outside. Example: From: fakeadmin@ourdomain.com to correct@ourdomain.com How can I make sure the external emails with our domain are not allowed in from the outside. I do not want people think they are getting an email from admin@ourdomain.com Thanks, vex Hello I don’t think is there is any solution for spoofing Anyway if you find one please post; I am sure you make some people happy… Regards, Shai Netanel -- "CB" wrote: > We are g...

Spoofing
Somebody is spoofing my email address and my email box is filled with NDR. What can I do about spoofing on Exchange 2003 or do I need to change my email address? Is there someway I can find out who is using my email address? Thanks. Dan -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SPF could help a little...depending on how many are using it. Jason "Dan Slaby" <dslaby3@comcast.net> wrote in message news:O4sM0FnxEHA.3096@tk2msftngp13.phx.gbl... > Somebody is spoofing my email address and my email box is filled > with NDR. What can I do about spoofing on Exchange...

Spam Realy, or Address Spoofing?
Hey All, Ive recently deployed a Exchange 2003 server, and it's all been happy days since. In the past few days though, Ive been getting some "System Administrator" returned email messages, with emails that no one from here has sent. Im pretty sure that Ive tightened all the nuts and bolts on the scurity side of things (in saying that, anyone that can think of any settings that people usually miss, please let me know and Ill check), but Im a little concerned that some nasty person may well be using my server to relay spam mail, which would not be cool... The only other ...