This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

email appliance and external SMTP access and spoofing

So I have a Sophos email appliance, and I have people connecting via telnet on port 25 and spoofing emails looking like they are coming from the internal domain to the internal domain. What changes can I make to combat this.

I know that by nature SMTP is open and un-authenticated, but can I setup a rule that wildcards any internal domain address (ie. MAIL FROM: mrbig@internaldomain) to RCPT TO: helplessuser@internaldomain.com.

so that if someone connects from the outside and does this, that it does not allow?

tks...

tad

This thread was automatically locked due to age.

0 JasonWong over 13 years ago

Hello Tad,
You can create and additional policy rule that uses either a watchlist or possibly a hostname/ip address. The next step would be to use the message attributes to determine what criteria you would want to match.
Ie.
If you wanted to match for a specific host/gw address you can use the Source IP or Source Hostname. So if the hostname/ip's are not from within your network you could trigger the policy rule.
So for your example you could mark all those hosts that you would normally accept internal mail connections from in the list and those that don't you could tell the policy to quarantine or discard.
:8499
Cancel
Vote Up 0 Vote Down

Cancel