![]() I'm frustrated because this bug is being actively exploited, and I have to trust my CFO to stay smart and not act on suspicious e-mails from the boss. GFI tells me that they are looking at the problem, but it is the correct behavior for MailEssentials to act on the x-header. If you use MailEssentials, you can test my theory by creating a similar EML file in notepad, then dropping it in the inetpub\mailroot\Pickup folder on your SMTP gateway. Exchange and Outlook ignore the x-sender and display the MIME information ( As long as the x-sender address passes SPF and blacklist checks, the e-mail will sail right through to the inbox. However, if I swap the top two lines so that From is below x-sender, MailEssentials will only parse the x-sender information. The following e-mail will get stopped by the antispoofing filter in MailEssentials because mail from is rejected unless it comes from a whitelisted IP address: From: wire transfer If the name matches with the name of a local user, then Anti-Spoofing should verify if the sender's email address matches with the email address of the local user with the same name as configured in Active Directory. GFI MailEssentials is supposed to prevent this kind of spoofing, but after messing around creating EML files in Notepad I've figured out how it's happening. GFI Anti-Spoofing should also check the name along with the email address for incoming emails. ![]() ![]() Someone in Nigeria is sending my CFO e-mails that look like they're from our CEO.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |