[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Email Spoofing

To: "Tom Fox" <tom@xxxxxxxxxx>
Subject: Re: [suse-security] Email Spoofing
From: "Dirk Schreiner" <dirk.schreiner@xxxxxxx>
Date: Wed, 21 Jul 2004 21:08:28 +0200
Cc: <suse-security@xxxxxxxx>
Delivered-to: mailing list suse-security@xxxxxxxx
Importance: normal
In-reply-to: <BD2425E0.2CEB%tom@xxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
Priority: normal
References: <BD2425E0.2CEB%tom@xxxxxxxxxx>
Thread-index: AcRvVkeoouSR+th9R6aA9Ad/8pJlrw==
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.4) Gecko/20030624

Hi *,


Tom Fox schrieb:

I¹d take a look at this URL:

1.  Enforce reverse DNS lookups on the connecting IP address.


And Block almost any road warrior using dialup.

2.  RBL subscriptions, for what those are worth.


Oh, Block the Rest ;-)


Another option (not necessarily recommended) is to force the "from" domain
to match the reverse lookup completed on the connecting IP address.  This
will break many email attempts from legitimate sources because the SMTP
servers don't necessarily belong to the sending domain (MX gateway services,
for instances).


Right.

-----Original Message-----
From: Eric Kahklen [mailto:eric@xxxxxxxxxxx]
Sent: Wednesday, July 21, 2004 11:08 AM
To: suse-security@xxxxxxxx
Subject: [suse-security] Email Spoofing

We are using Suse 9.0 Professional.  I am getting email that is claiming
to be from my domain and the Posfix logs confirm it is from an outside

IP.


Oh, why don`t you just block incomming SMTP Traffic
if the from: claims to be inside.
This is easy to configure.

Use ssl encrypted and accounted SMTP for allowed users.
(Road-Warriors)

You just need two IP, or two Ports and two instances
of postfix.

And you are RFC conform.

Greetings

DirkTRIA IT-consulting GmbHJoseph-Wild-Straße 2081829 MünchenGermanyTel: +49 (89) 92907-0Fax: +49 (89) 92907-100http://www.tria.de--------------------------------------------------------

working hard | for your success

--------------------------------------------------------

Registergericht MünchenHRB 113466USt.-IdNr. DE 180017238Steuer-Nr. 802/40600Geschäftsführer:Hubertus Wagenhäuser

--------------------------------------------------------

Nachricht von:dirk.schreiner@xxxxxxxNachricht an:tom@xxxxxxxxxx, suse-security@xxxxxxxx# Dateianhänge: 0Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten.Vielen DankThe information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately.Thank you

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

References:
- Re: [suse-security] Email Spoofing
  - From: Tom Fox

Prev by Date: Re: [suse-security] Email Spoofing
Next by Date: Re: [suse-security] Email Spoofing
Previous by thread: Re: [suse-security] Email Spoofing
Next by thread: Re: [suse-security] Email Spoofing
Index(es):
- Date
- Thread