HOW TO ;Prevent a…

最新推荐文章于 2024-03-07 19:21:40 发布
最新推荐文章于 2024-03-07 19:21:40 发布
阅读量441 收藏
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/suzathlan/article/details/54890321
版权



One of themore annoying types of spam is the one that seems to be coming fromyour own domain; or worse— from your own email address! Of course,users from your own domain don’t generally spam each other— unlessyou’re using one of the free web-based email services. And most ofus don’t spam ourselves.

Obviously, thisis coming from a spammer who has spoofed your email address, orthat of someone else from your domain.Unfortunately, SMTP—the protocol that allows mail clients and servers to exchangeemail, allows headers to be spoofed easily.

In ExchangeServer 2007, AcceptedDomains tell Exchange which domains toaccept email for. If a domain – e12labs.com inthis example, exists as an AcceptedDomain, there is no reason external senders should use thatdomain in the MAIL or FROM headers.

You may haveremote POP3/IMAP4 users who use SMTP to send mail. However, suchsessions should be authenticated, and preferably use a separateReceive Connector.

Thanks to theextensive TransportPermissions model in Exchange 2007, we caneasily prevent such spam. Receive Connectors havethe ms-exch-smtp-accept-authoritative-domain-sender permissionwhich dictates whether an Accepted Domain can be used inthe MAIL or FROM headers.External/internet hosts submit mail to your server withoutauthentication, as anonymous senders. To prevent anonymous sendersfrom sending mail using your domain(s), we need to removethe ms-exch-smtp-accept-authoritative-domain-sender permissionassigned to them.

Use the followingcommand to remove the ms-exch-smtp-accept-authoritative-domain-senderpermissionfrom NTAuthority\Anonymous Logon oninternet-facing Receive Connector(s):

Get-ReceiveConnector “My Internet ReceiveConnector” |Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where{$_.ExtendedRights -like“ms-exch-smtp-accept-authoritative-domain-sender”} |Remove-ADPermission

Once thispermission is removed, when anonymous senders try to submit mailusing your Accepted Domain(s), here’s how the SMTP conversationgoes:

220 E12Postcard.e12labs.com Microsoft ESMTP MAIL Service ready atWed, 3 Sep 2008 06:22:43 -0700
helo
250 E12Postcard.e12labs.com Hello [172.31.0.170]
mailfrom:jadams@e12labs.com
5505.7.1 Client does not have permissions to send as thissender

Exchange stoppedspoofing of P1/envelope headers. Let’s continue the session and tryto spoof the P2 headers (the ones inthe DATA part of the message) — maybethat’ll work!

mailfrom:someone@someotherdomain.com
250 2.1.0 Sender OK
rcpt to:jadams@e12labs.com
250 2.1.5 Recipient OK
data
354 Start mail input; end with .
from:jadams@e12labs.com
subject: Header spoofing

This is how wespoof headers, spoof headers.

.
5505.7.1 Client does not have permissions to send as thissender
quit
221 2.0.0 Service closing transmission channel

As you can see,removing the ms-exch-smtp-accept-authoritative-domain-sender permissionstops spoofing of your domains in both envelope (P1) and message(P2) headers.

Whennot to remove the permission?
Is there a scenario where one should not removethe ms-exch-smtp-accept-authoritative-domain-sender permissionfrom NTAuthority\Anonymous Logon? Yes, on Receive Connectors usedby internal or trusted SMTP hosts (such ascopiers/scanners and applicationservers) that submitmail withoutauthentication.

But you do havethese internal/trusted hosts submitting to a separate ReceiveConnector, don’t you?

suzathlan
关注
OpenAI-gym how to implement a timer for a certain action in step()
suiusoar
09-23 899
OpenAI-gym 如何在 step() 中为某个动作实现一个计时器
How to Manage Photo Library Permission in iOS
09-01 931
PhotoKit授权问题,IOS授权设计
解决SMTPDataError: (550, ‘5.7.60 SMTPClient does not have permissions to send as this sender‘)
dqchouyang的专栏
07-07 9991
SMTPAuthenticationError,SMTPDataError
550 5.7.1 Client does not have permissions to send as this sender
m0_72840601的博客
04-12 1077
如果出现上述log,已经认证成功,但是无法成功发送邮件,很有可能是主机登录的账户和 spring.mail.username的设置的账户不一致导致的。
Jenkins Mail 设置
09-12 772
1 解决类似 office365 tls 安全 java -Djava.awt.headless=true -Dmail.smtp.starttls.enable=true  -jar jenkins.war --httpPort=8888 2 解决如下报错设置admin email   Manage Jenkins -> Configure System -> Jenkins Locati
【Vegas原创】outlook发送时,报550 5.7.1 client does not have permissions to send as this sender解决方法...
weixin_34007291的博客
04-26 1510
环境:exchange2007 outlook2007 AD 现象:老板要收外网邮件,但发送的时候需要用公司exchange来发。账户配置好后,一直报550 5.7.1 client does not have permissions to send as this sender错误。   解决方法:打开ad-》Microsoft Exchange Security Groups-》Exch...
邮件报 535 5.7.0 Error: authentication failed
SW_LCC的博客
04-06 9746
邮件发送认证失败,原因可能如下: (1)使用的账号,密码跟邮箱登陆的账号密码不一致。 (2)客户端授权码没有开启,可在邮箱设置查看客户端授权码,看POP3/SMTP服务和IMAP/SMTP服务是否开启 注意使用的主机名也要查看是否正确,否则会包550 5.7.1 Client does not have permissions to send as this sender 即使用了不存在或没权限的...
人工智能AI论文优选:AI简史A BRIEF HISTORY OF AI: HOW TO PREVENT ANOTHER WINTER
低调奋进
09-08 1580
声明:平时看些文章做些笔记分享出来,文章中难免存在错误的地方,还望大家海涵。平时搜集一些资料,方便查阅学习:http://yqli.tech/page/speech.html。如转载,请标明出处。欢迎关注微信公众号:低调奋进 A BRIEF HISTORY OF AI: HOW TO PREVENT ANOTHER WINTER (A CRITICAL REVIEW) 本文为Amirhosein Toosi,Andrea Bottino,Babak Saboury和Eliot Siegel在2021
How to Handle Licenses After Uninstallation to Prevent License Loss
# Uninstalling MATLAB and License Management: How to Handle Licenses Post-Uninstall to Prevent License Loss ## 1. Fundamentals of MATLAB Uninstallation Uninstalling MATLAB is the process of removing...
990-36产品经理:15 Most Common Cyber Attack Types and How to Prevent Them 15种最常见的网络攻击类型以及如何防范
最新发布
CSDNXXCQ的博客
03-07 919
网络攻击是指任何蓄意试图未经授权访问网络、计算机系统或设备,意图窃取、更改、暴露或破坏数据、应用程序或其他资产。这些攻击是由使用恶意软件、社会工程和密码盗窃等各种策略的威胁行为体实施的。毋庸置疑,网络攻击会扰乱业务运营;然而,在某些极端情况下,网络攻击也会导致业务运营彻底被毁。
com.sun.mail.smtp.SMTPSendFailedException: 550 5.7.0 DT:SPM
lilovfly的专栏
02-01 1万+
今天做一个邮件发送,在发送环节出错了,发现在控制台报错:com.sun.mail.smtp.SMTPSendFailedException: 550 5.7.0 DT:SPM,用的是网易的邮箱,查了好久没有找到答案,最后发现内容少可以发出去,原来这个错误是发送的html内容太多了,弄少点就好了,唉,花了我好久的时间,把数据弄少点搞定了。
邮件服务器响应为: 5.7.1 Client does not have permissions to send as this sender。
weixin_34032779的博客
02-27 2679
目前公司用的是Exchange2007,域控是Windows2008。 一直碰到一个问题,就是有部分账号经常出现NT AUTHORRITY/SELF 权限丢失 现象一:“管理代理发送权限”那个是空的,NT AUTHORRITY/SELF 不见了。 现象二:发送邮件时,邮件服务器响应为: 5.7.1 Client does not have permission...
com.sun.mail.smtp.SMTPSendFailedException: 550 Invalid User异常解决
热门推荐
牧羊少年
12-17 2万+
在编写发送邮件代码时候遇到以下异常 com.sun.mail.smtp.SMTPSendFailedException: 550 Invalid User ; nested exception is: com.sun.mail.smtp.SMTPSenderFailedException: 550 Invalid User false at com.sun.mail.smtp.SMTPT...
邮件常见的错误代码分析
weixin_33979363的博客
11-21 692
发邮件常见的错误代码分析按照下列;Q”代表问题,;A”代表解答。 Q:the server says:550 relaying mail to 〈〉 is not allowed Q:The server says:550 〈〉... relaying denied Q:the server says:550 5.7.1 relaying not permitted: A:使...
Spring Boot 发送邮件
cxslxy的博客
11-07 242
验证码:
发送邮件常见的错误和解决方法
weixin_33991418的博客
04-01 3450
2019独角兽企业重金招聘Python工程师标准>>> ...
关于exchange使用foxmail下的pop3无法发送邮件exchange模式正常
weixin_34177064的博客
11-02 745
这个问题也可以称呼为Exchange 中如何授予邮箱的代理发送权限今天有一个客户遇到了下面的问题。之后他找了网络上很多资料,都没能解决问题。我现在分享一下解决方法。使用exchange或者foxmail的pop3模式可以接收邮件,可是发送邮件却是会提示550.5.7.1 Client does not have permissions to send as this send...
邮箱不可用 550 User has no permission(JavaMail登不进邮件系统)
一条菜狗的博客
06-01 7275
当传入发送邮箱正确的用户名和密码时,总是收到到:550 User has no permission这样的错误, 其实我们用Java发送邮件时相当于自定义客户端根据用户名和密码进行登录,然后使用SMTP服务发送邮件。但新注册的163邮件默认是不开启客户端授权验证的(对自定的邮箱大师客户端默认开启), 因此登录总是会被拒绝,验证没有权限。解决办法是进入163邮箱,进入邮箱中心——客户端授权密码,...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值