Protect Users From Phishing Scams
Just because something "appears" to be from a legitimate sender doesn't make it so.
by Ben Schorr and Jim McBee
November 9, 2004
We've been getting some spam where the "From" address is either blank or has our own addresses in it. I don't have much budget right now; how do you recommend we deal with these?
Troy, Austin, Texas
Jim: User education is the first front on which you want to fight the spam battle. This includes educating users on scams, phishing, worms, Trojan horses, and keeping their addresses more private. If you cannot start using Exchange 2003 and the Intelligent Message Filter, I recommend using something such as Cloudmark's anti-spam system for Outlook (see Resources for the URL to find a free download).
Ben: As part of the education, your users must realize that unsolicited e-mail is part of life in the Internet age. They must understand that just because something "appears" to be from a legitimate sender does not necessarily mean that it is legitimate.
Is it OK to delete files in the Badmail folder on my Exchange server?
Nigel, Charlotte, N.C.
Ben: Yes, that's fine. Exchange MVPs sometimes recommend creating a batch file to delete those files, then creating a scheduled task to run that batch file on a regular basis.
Jim: In fact, Microsoft includes a script called the Badmail Deletion and Archiving tool on the latest version of the Windows 2003 tools (see Resources to learn where to you can download these tools).
I get Non-Delivery Receipt messages that read, "You do not have permission to send to this recipient. For assistance, contact your system administrator <myserver.mydomain.com #5.7.1>." Well, I'm the system administrator, and I'm stumped. Can you unstump me?
Jim: I'm not sure that "unstump" is a word, but we'll give it our best shot. If you're getting that Non-Delivery Receipt, you're probably also getting some 1709 and 1710 messages in your event viewer. Those errors are telling you that you're having authentication issues in your SMTP.
Ben: One of the more common reasons for this error is that you don't have the server configured to allow computers that authenticate successfully to relay. You'll find that setting in Exchange System Manager under Servers. Find your server under the Servers container, open Protocols, and open SMTP. Right-click on the SMTP Virtual Server and select Properties. Go to the Access tab, click on Relay, and you'll find an interesting checkbox (see Figure 1). Make sure that you have checked the "Allow all computers which successfully authenticate to relay, regardless of the list above." Never check the "All except the list below" checkbox if the SMTP virtual server is exposed to the Internet; this means you're creating an open SMTP relay.
Back to top