Re: Can source and IP in email header be spoofed and how to mitigate

I'm definitely not on a crusade in this matter. Risk assessment will vary with each individual organization's requirements. As Postfix offers excellent means of using both encryption and authentication, I have not yet come across a situation where relying on IP addresses alone was the sole option a

Re: Can source and IP in email header be spoofed and how to mitigate

On 29.07.16 15:50, Bill Cole wrote: > > > is there any chance that a whitelisted IP address [...] could > > > have been spoofed? > > > > Yes. Search for "IP address spoofing" in the search engine of your > > choice and you will find what you are looking for. > > By that standard, we are ruled by a

Re: Can source and IP in email header be spoofed and how to mitigate

> On Jul 29, 2016, at 12:07 PM, Ralph Seichter wrote: > > On 29.07.16 15:50, Bill Cole wrote: > is there any chance that a whitelisted IP address [...] could have been spoofed? >>> >>> Yes. Search for "IP address spoofing" in the search engine of your >>> choice and you will find wha

Re: Can source and IP in email header be spoofed and how to mitigate

On 29 Jul 2016, at 5:57, Ralph Seichter wrote: On 29.07.2016 09:29, Roger Goh wrote: is there any chance that a whitelisted IP address [...] could have been spoofed? Yes. Search for "IP address spoofing" in the search engine of your choice and you will find what you are looking for. By th

Re: Can source and IP in email header be spoofed and how to mitigate

On 29.07.2016 09:29, Roger Goh wrote: > is there any chance that a whitelisted IP address [...] could have > been spoofed? Yes. Search for "IP address spoofing" in the search engine of your choice and you will find what you are looking for. -Ralph

Re: Can source and IP in email header be spoofed and how to mitigate

Just a last post from me: is there any chance that a whitelisted IP address (whitelisted on our local email server for the remote to forward email to us as we plan to permit Tcp25 incoming for this whitelisted IP while the rest of the emails have to go to our ProofPoint) could have been spoofed?

Re: Can source and IP in email header be spoofed and how to mitigate

Sorry, let me elaborate a bit : We plan to have an interim setup where emails sent to us & HQ (in another country) has a global format ie a_u...@xxx.com. Currently emails sent to our HQ are in the form a_u...@xxx.com.au & to us are in the form a_u...@xxx.com.nz. So the plan (which is an interi

Re: Can source and IP in email header be spoofed and how to mitigate

> On Jul 27, 2016, at 11:24 PM, Roger Goh wrote: > > Can source (ie smtp.zzzbank.com.au & srvm02.zzzbank.com.au below) > & the IP addresses be spoofed? Your question is not sufficiently clearly stated. > Received: from smtp.zzzbank.com.au (10.98.2.87) by ZZZWVEXC01ZZ.bbb.com.au > (10.9.95.37

Re: Can source and IP in email header be spoofed and how to mitigate

On 27 Jul 2016, at 23:24, Roger Goh wrote: Our headquarter's email server auto-forward emails over to our email server & I have a concern: Can source (ie smtp.zzzbank.com.au & srvm02.zzzbank.com.au below) & the IP addresses be spoofed? Received: from smtp.zzzbank.com.au (10.98.2.87) by ZZZ

Re: [OT] Re: Can source and IP in email header be spoofed and how to mitigate

It can also be done with access lists in smtpd_mumble_restrictions: aAccept (by remote host IP address) ALL your legitimate servers; bReject everything else claiming to be one of your servers EXAMPLE main.cf: smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenti

Re: [OT] Re: Can source and IP in email header be spoofed and how to mitigate

On 2016-07-28 11:07, Roger Goh wrote: If the IP address is spoofed, how does firewall rejects it? In the case of MS Exchange, will implementing something like SPF (Sender Policy Framework) and Sender ID filtering help? no, if postfix see local sender domains on port 25 it should reject it all

Re: [OT] Re: Can source and IP in email header be spoofed and how to mitigate

If the IP address is spoofed, how does firewall rejects it? In the case of MS Exchange, will implementing something like SPF (Sender Policy Framework) and Sender ID filtering help? Sun On Thu, Jul 28, 2016 at 11:48 AM, David Benfell wrote: > On 07/27/2016 08:24 PM, Roger Goh wrote: > > Our he

[OT] Re: Can source and IP in email header be spoofed and how to mitigate

On 07/27/2016 08:24 PM, Roger Goh wrote: > Our headquarter's email server auto-forward emails over to our > email server & I have a concern: > Can source (ie smtp.zzzbank.com.au & > srvm02.zzzbank.com.au below) > & the IP addresses be s

Can source and IP in email header be spoofed and how to mitigate

Our headquarter's email server auto-forward emails over to our email server & I have a concern: Can source (ie smtp.zzzbank.com.au & srvm02.zzzbank.com.au below) & the IP addresses be spoofed? Received: from smtp.zzzbank.com.au (10.98.2.87) by ZZZWVEXC01ZZ.bbb.com.au (10.9.95.37) with z S