How to block spoofed emails on Exchanhge 2013

Needed to stop some of the ransomware that is spreading in the net.

Create your SPF records, listing the IP addresses. Try to avoid using “mx” in the SPF record, since it can cause issues with the SPF checking for your own domain. Use “-” for hardfail

domain.com. IN TXT “v=spf1 ip4:IP/mask -all”

Install the AntiSPAM agents

 $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

Set the action for Spoofed Domain as Reject

  Set-SenderIDConfig -SpoofedDomainAction  Reject

Example of a spoofing attempt blocked by the Agent

...
250 XRDST
mail from: john@domain.com
250 2.1.0 Sender OK
rcpt to: john@domain.com
250 2.1.5 Recipient OK
data
354 Start mail input; end with <CRLF>.<CRLF>
Subject: Spoofing test
.
550 5.7.1 Sender ID (PRA) Not Permitted


 

Advertisements