Monday, May 7, 2007

Stop E-mail Spoofing on your Mail Server.



I have seen more often these days, people asking about how to stop spammers, or make Exchange a little bit stronger for defending itself for this endless spam war. Receiving blank messages or spam makes a business valuable time and resources waste, and top of that we have to deal with angry managers and unhappy users. I have decided to put some notes together for those who need some guides in order to achieve my goal of making Exchange a little bit more secure and strong.


Goals and Objectives listed below.

1. Use antivirus and spam software with your exchange, I am little bias and like Trend Micro in this matter, Trend is doing great job, if you are corporate than you may want to implement hardware solution, Iron port, Barracuda, end etc.


2. Use IMF Microsoft Intelligent Message Filter, it is FREE


3. Enable Sender filtering (follow reading this article I will illustrate this)


4. Enable Filter messages with blank senders


5. Enable Drop connection if address matches filter


6. Add your own domain (whole domain into Block list) I know this will sound weird (- : This won't cause any mail interruption, even though it sounds like it, basically it will stop someone is spoofing a valid address from your company and sending message back inside your Authoritative SMTP domain and making it look like it came from inside

4.Make sure you do not have application within your network; this might break some of the applications which are relaying exchange to send inbound or outbound e-mails 7.


5. Enable Recipient filtering


8. Enable Filter recipients who are not in the Directory


9. Add regularly spammers either Whole domain (@smapmer.com) or single e-mail address (smapmer@spam.com) into block list


10. Download Exchange tools and RUN again your server to make sure it is secure and healthy and you followed Microsoft best practices


Click here for all tolls


Microsoft Exchange Best Practices Analyzer


Microsoft Exchange Troubleshooting Assistant




Henrik Walter with simple plain style, one of my favorite


Microsoft SMTP tar pit feature for Microsoft Windows Server 2003


Enable SMTP Tar pitting Ben Winzenz explains A Collection of Random Thoughts


We are almost done. A good exchange administrator should check to make sure Spam software is getting updated; as well as file signature is up to date. You don't want to wake up when your boss come to office and telling at you, what is going on I am getting a lot of spams. Prepare a good documentation of your own environment; make sure your e-mails Queues are not growing up fast. Turn on some of the basic maintenance Alerts build in exchange. Watch a lot of Webcast/Podcast Exchange 2003 and 2007 series from TechNet. Also Visit Harold Blog Site




Best Regards

Oz Ozugurlu


No comments: