Thread Info
  • State Suggested Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 19 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 48342 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block emails spoofed p2 headers

JimKoerner
I am looking to block emails where the FROM in the P2 header is being spoofed using our email addresses.  I can kill these off at the exchange server by removing the ms-exch-smtp-accept-authoritative-domain-sender on the Internet facing domain connector.  Is there a way to kill these via "Email Protection"?  If I add our domain in the "Sender Blacklist" does this look at the P2 header or only the P1 like SPF?

P1 header
mail from: someone@someotherdomain.com
rcpt to: user1@mydomain.com
data

P2 header
from: user1@mydomain.com (problem)
to: user2@mydomain.com
Subject: P1 and P2 headers are different
The P1 and P2 headers will be different in this message.

Thanks,
                 Jim


This thread was automatically locked due to age.
Parents
  • 0

    Hey Jim, 

    I'm having the same issue with spoofed emails using the FROM in the P2 header, so I decided to kill them by removing the ms-exch-smtp-accept-authoritative-domain-sender permissions on my receive connector. But now UTM is not able to send Quarantine reports, as UTM sends the reports to that receive connector using one of our email addresses and Exchange is rejecting them now.

    How are you handling the Quarantine reports after changing those permissions on the Exchange receive connector?

    Thanks!

  • 0 in reply to computersupport

    This is a reply to an old post, but adding this now for others who stumble into the discussion again.

    Not sure why UTM could not send quarantine reports.   It should be configured to long onto your mail server with credentials

    Managment... Notifications... Advanced... Authentication (checked, followed by a username and password).   The username there should be consistent with the sender name on the Notification... General tab.

    Alternatively, you configure an Exchange Receive Connector to filter on IP Address instead of authentication, then put the UTM Address into the allowed list.

Reply
  • 0 in reply to computersupport

    This is a reply to an old post, but adding this now for others who stumble into the discussion again.

    Not sure why UTM could not send quarantine reports.   It should be configured to long onto your mail server with credentials

    Managment... Notifications... Advanced... Authentication (checked, followed by a username and password).   The username there should be consistent with the sender name on the Notification... General tab.

    Alternatively, you configure an Exchange Receive Connector to filter on IP Address instead of authentication, then put the UTM Address into the allowed list.

Children
No Data
Unfiltered HTML