Secure the SMTP virtual server : difference Between the From and the user login ...

TheMSsForum.com: The Microsoft Software Forum

Hello,
I try to secure a virtual SMTP server with Exchange 2003 that enable only a
security group to send email.
But i notice that the user that is connected to the smtp server could send a
mail with a FROM mail that is not like his login name. For example : the
user B is enable to send mail with this virtual smtp server BUT he can put
another mail address (A@mydomain.com) in the outlook accouting... He could
send mail "FROM" our director for exemple..

Is there a way to strongly secure this SMTP server ??

Thanks a lot ....
Top

Re: Secure the SMTP virtual server : difference Between the From and the user login ... by Bharat

Bharat
Thu Sep 22 08:47:04 CDT 2005

That's a problem with smtp protocol - it wasn't designed with security in
mind, like everything else in the ip stack, and nobody thought usage would
grow to such proportions. Mail headers can be forged easily.

How do you make sure the mail that says it's from the director is actually
from him? You'd have to use S/MIME - issue certificates to users and have
them send digitally signed messages.
--
Bharat Suneja
MCSE, MCT
--------------------------------


"Me" <yo@msf.fr> wrote in message
news:%23ttFVg0vFHA.2312@TK2MSFTNGP14.phx.gbl...
> Hello,
> I try to secure a virtual SMTP server with Exchange 2003 that enable only
> a security group to send email.
> But i notice that the user that is connected to the smtp server could send
> a mail with a FROM mail that is not like his login name. For example : the
> user B is enable to send mail with this virtual smtp server BUT he can put
> another mail address (A@mydomain.com) in the outlook accouting... He could
> send mail "FROM" our director for exemple..
>
> Is there a way to strongly secure this SMTP server ??
>
> Thanks a lot ....
>
>


Top

Re: Secure the SMTP virtual server : difference Between the From and the user login ... by Lanwench

Lanwench
Sat Sep 24 09:37:24 CDT 2005



In news:%23ttFVg0vFHA.2312@TK2MSFTNGP14.phx.gbl,
Me <yo@msf.fr> typed:
> Hello,
> I try to secure a virtual SMTP server with Exchange 2003 that enable
> only a security group to send email.
> But i notice that the user that is connected to the smtp server could
> send a mail with a FROM mail that is not like his login name. For
> example : the user B is enable to send mail with this virtual smtp
> server BUT he can put another mail address (A@mydomain.com) in the
> outlook accouting... He could send mail "FROM" our director for
> exemple..
> Is there a way to strongly secure this SMTP server ??
>
> Thanks a lot .

You've posted this twice in here, and also elswhere. You have a reply in
here, and elsewhere....

Please don't multipost - if you need to post to multiple groups, it's best
to crosspost instead, by posting a single message to a handful of relevant
groups (separate the NG names with commas) so that everyone can follow the
thread. Thanks :-)

See http://www.blakjak.demon.co.uk/mul_crss.htm


Top