Thanks Don. So in the creation process, since I only have one IP that should be sending e-mail, I can check the box saying that all the reverse DNS records for my domain resolve to outbound e-mail servers? Or could there be PTR records for my web servers as well?
Joe Heaton Employment Training Panel -----Original Message----- From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Monday, February 23, 2009 8:38 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue You appear to have a valid PTR at least for the IP this message came from. -----Original Message----- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Monday, February 23, 2009 7:47 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue In the reverse DNS section of this tool, do I need to check the box? I don't host my external DNS records, so I don't know what PTR records, if any, are out there. Joe Heaton Employment Training Panel -----Original Message----- From: Troy Meyer [mailto:troy.me...@monacocoach.com] Sent: Thursday, February 19, 2009 8:06 AM To: MS-Exchange Admin Issues Subject: RE: Incoming spoofed e-mail issue Although it isn't perfect, this link has been out on the list before and is a good way to generate an SPF if you are wondering where to start. http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wiz ard/ -troy -----Original Message----- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Thursday, February 19, 2009 6:52 AM To: MS-Exchange Admin Issues Subject: Re: Incoming spoofed e-mail issue +1. Although impossible to quantify, it can only help your situation. -- ME2 On Wed, Feb 18, 2009 at 7:22 PM, Don Andrews <don.andr...@safeway.com> wrote: > You might consider advertising an SPF record - cheap and little effort. No > guarantees except that it lets honest domains that check for it ignore > spoofed sends. > > > > ________________________________ > > From: Joe Heaton [mailto:jhea...@etp.ca.gov] > Sent: Wednesday, February 18, 2009 10:24 AM > > To: MS-Exchange Admin Issues > Subject: RE: Incoming spoofed e-mail issue > > > > Thomas, > > > > I think I've found a way to take care of some of this stuff. I have a > Watchguard firewall, which has a feature built in called an SMTP Proxy. > Within that, I can set a filter to deny any messages coming from specific > domains, or, as in this case, from specific country codes (.pl, .ru, etc). > > > > I just put it in place, so I'm hoping it's going to help the issue here. As > far as backscatter from within the US, I'm still working on that one... > > > > Joe Heaton > > Employment Training Panel > > > > From: Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org] > Sent: Tuesday, February 17, 2009 10:35 AM > To: MS-Exchange Admin Issues > Subject: RE: Incoming spoofed e-mail issue > > > > That's exactly what I'm battling right now Joe...if you look at the header you > will see the actual sender / originator. I couldn't give you a correct way > how to tackle this issue. But this backscatter has become a pain in the you > know what. > > > > From: Joe Heaton [mailto:jhea...@etp.ca.gov] > Sent: Tuesday, February 17, 2009 12:30 PM > To: MS-Exchange Admin Issues > Subject: Incoming spoofed e-mail issue > > > > I'm getting users who are getting lots of mail in their inbox every morning > that looks like it is coming from themselves. Looking at the headers, I see > various actual senders, many coming from domains ending in .ru, or .pl, > etc. Is there a way of blocking e-mails from these foreign domains? None > of my users have legitimate business with anyone in Russia, or Poland, or > any other foreign country. I tried setting this up under Sender Filtering, > by putting the following in, for example: *...@*.pl > > > > Is there a different way of putting this in? I notice that the instructions > for Sender Filtering says to block messages "claiming" to be from the > following:, but these messages are actually "claiming" to be from the user, > not what is actually in the header. Is there a different way of filtering > these messages? There's nothing in the subject line that is keying the IMF, > or my Symantec Mail Security for Microsoft Exchange. > > > > Joe Heaton > > AISA > > Employment Training Panel > > 1100 J Street, 4th Floor > > Sacramento, CA 95814 > > (916) 327-5276 > > jhea...@etp.ca.gov > > > > > > > > This email and any attached files are confidential and intended solely for > the intended recipient(s). If you are not the named recipient you should not > read, distribute, copy or alter this email. Any views or opinions expressed > in this email are those of the author and do not represent those of the Girl > Scouts of Southwest Texas. Warning: Although precautions have been taken to > make sure no viruses are present in this email, Girl Scouts of Southwest > Texas cannot accept responsibility for any loss or damage that arise from > the use of this email or attachments. > > > > > > > > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
