Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
797
Views
5
Helpful
2
Replies

sender spoof security problems

5aaaaaaaa11
Level 1
Level 1

‎01-14-2016 01:21 AM

telneting to Ironport external address on port 25,HELO and I am able to send mail to Success。

For example: mail from:CEO@mydomain.com   rcpt to: any@mydomain.com. 

Or mail from:any@any.com  rcpt to: any@mydomain.com

This is a huge security hole, but I dont know how to fix it.

Labels:
0 Helpful
2 Replies 2

Jrod
Level 1
Level 1

‎01-14-2016 02:06 PM

Try the ESA technotes:http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-tech-notes-list.html

ESA Spoofed Mail Filtering

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117796-problemsolution-esa-00.html

Mathew Huynh
Cisco Employee
Cisco Employee

‎01-14-2016 05:31 PM

Hello,


This would be seen as normal port 25 traffic for SMTP communication if you did a port 25 connection.

Spoofing can be managed with the article Jared has high-lighted.

Also it is suggested to enable LDAP recipient validation to further protect your domain from emails going to senders which do not exist in your domain.

I would advise to go to the Online Help Guide on your ESA (GUI > Help and Support > Online Help)

Look for LDAP accept -- the guide will provide detailed information on this function and deployment for added security.

Regards,

Matthew

0 Helpful
Customers Also Viewed These Support Documents