lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 12 May 2008 09:01:49 -0400
From: "Jesse Bacon" <dread.roberts@...il.com>
To: full-disclosure@...ts.grok.org.uk, nadengine@...glemail.com
Subject: Re: Full-Disclosure Digest, Vol 39, Issue 25

To get rid of spoofed internal emails you need to use iptables at your
routers and firewalls to disable SMTP (TCP25) traffic from any host other
than your dedicated mail servers.  Set a default policy of DENY for SMTP
traffic and then an ALLOW declaration for each of the mail servers in your
organization.  Additionally disable telnet login for your mail server.  The
use of a security product such as Security Blanket TM (www.trustedcs.com) on
your in-house linux machines will help as well.   As for the issue with
spoofed external e-mails using internal addresses I recommend looking for
security measures  that are  home-brewed.  For example  you could create  a
transparent gig that  contains  a  security code  and embed it in the
signature  of all e-mails originating within your infrastructure.  Then use
a simple script to check for the existence of that file upon receipt.  If
the email does not contain that file then drop before delivery.  Also you
could require PGP signatures.
-Jesse


>
> Message: 13
> Date: Mon, 12 May 2008 09:25:42 +0300
> From: "shadow floating" <nadengine@...glemail.com>
> Subject: [Full-disclosure] exchange server spam problem
> To: full-disclosure@...ts.grok.org.uk
> Message-ID:
>        <5c1b7500805112325r7df9ec86gc9323621a15f0687@...l.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> I ve been recently found many supicious emails sent from the internet
> to the internal clients using the sender address as a legitimate email
> address of one of the internal users, do you know how to configure
> exchange server to stop such emails (by authenticating users before
> sending for example),....I also suffer from internal email spoofing
> that users send each other with spoofed internal emails....any help
> would do.
> thanks alot
>
>
>
> ------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> End of Full-Disclosure Digest, Vol 39, Issue 25
> ***********************************************
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ