Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Seguridad MDaemon IP Shield Improved PDF

    Hochgeladen von

    Lázaro Maykel Charbonier González
    31 Ansichten4 Seiten
    IP Shield is a security feature in MDaemon that protects local accounts by preventing malicious users from spoofing, or pretending, to be a local user on your server. It works by pairing an IP address / IP range with your local domain. If a sending user claims to be user of a domain entered into IP Shield then the user must be sending their message from the supplied IP address. By default any authenticated SMTP sessions will not have IP Shield applied to them

    Originalbeschreibung:

    Originaltitel

    Seguridad MDaemon IP Shield Improved.pdf

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    IP Shield is a security feature in MDaemon that protects local accounts by preventing malicious users from spoofing, or pretending, to be a local user on your server. It works by pairing an IP address / IP range with your local domain. If a sending user claims to be user of a domain entered into IP Shield then the user must be sending their message from the supplied IP address. By default any authenticated SMTP sessions will not have IP Shield applied to them

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    31 Ansichten4 Seiten

    Seguridad MDaemon IP Shield Improved PDF

    Hochgeladen von

    Lázaro Maykel Charbonier González
    IP Shield is a security feature in MDaemon that protects local accounts by preventing malicious users from spoofing, or pretending, to be a local user on your server. It works by pairing an IP address / IP range with your local domain. If a sending user claims to be user of a domain entered into IP Shield then the user must be sending their message from the supplied IP address. By default any authenticated SMTP sessions will not have IP Shield applied to them

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 4

    StopEmailSpoofingUsingMDaemons

    ImprovedIPShieldFeature

    WhatisIPShield?
    IPShieldisasecurityfeatureinMDaemonthatprotectslocalaccountsbypreventingmalicioususers
    fromspoofing,orpretending,tobealocaluseronyourMDaemonserver.IPShieldworksbypairingan
    IPaddress/IPrangewithyourlocaldomain.Ifasendinguserclaimstobeauserofadomainentered
    intoIPShieldthentheusermustbesendingtheirmessagefromthesuppliedIPaddress/IPrange.Below
    isanexampleofanIPShieldentry.
    Yourdomain.com192.168.0.*
    *****Besuretoreadtheimportantnotesattheendofthisarticle.

    Whatdoestheaboveexamplemean?
    IfasendinguserisclaimingtobeauseroftheYourdomain.comdomainthentheymustbesendingtheir
    messagefromthe192.168.0.*IPrange.

    WhatiftheuserisnotcomingfromtheIPaddress/IPrangespecifiedandtheyare
    avaliduser?
    EnablingSMTPauthenticationintheusersemailclientwillbypasstheIPShieldsecuritycheck.By
    defaultanyauthenticatedSMTPsessionswillnothaveIPShieldappliedtothem.

    IPShieldStandardBehaviour
    IPShieldisappliedtothedomainnamegivenintheMAILFROMcommandduringtheSMTPsession.
    BelowisanexampleofarejectionthatfailedtomeettherequirementsofIPShield.
    Tue
    Tue
    Tue
    Tue
    Tue
    Tue
    Tue
    Tue
    Tue
    Tue

    2012-06-26
    2012-06-26
    2012-06-26
    2012-06-26
    2012-06-26
    2012-06-26
    2012-06-26
    2012-06-26
    2012-06-26
    2012-06-26

    14:17:12:
    14:17:12:
    14:17:14:
    14:17:14:
    14:17:14:
    14:17:14:
    14:17:14:
    14:17:14:
    14:17:14:
    14:17:24:

    Accepting SMTP connection from [173.239.156.252:11063] to [173.239.156.253:25]


    --> 220 mail.robobak.ca ESMTP MDaemon 12.5.6; Tue, 26 Jun 2012 14:17:12 -0400
    <-- ehlo mike
    --> 250-mail.robobak.ca Hello mike, pleased to meet you
    --> 250-ETRN
    --> 250-AUTH LOGIN CRAM-MD5 PLAIN
    --> 250-8BITMIME
    --> 250-STARTTLS
    --> 250 SIZE
    <-- MAIL FROM:<mike@yourdomain.com>

    Tue
    Tue
    Tue
    Tue
    Tue

    2012-06-26
    2012-06-26
    2012-06-26
    2012-06-26
    2012-06-26

    14:17:24:
    14:17:26:
    14:17:26:
    14:17:26:
    14:17:26:

    --> 530 Authentication required to send mail from 173.239.156.252


    <-- quit
    --> 221 See ya in cyberspace
    SMTP session terminated (Bytes in/out: 50/296)
    ----------

    Aswecansee,thedomainnameusedintheMAILFROMcommandwasYourdomain.comsoMDaemon
    expectsthesessiontobecomingfromthe192.168.0.*IPrange.Sincethesessiondidnotcomefrom
    thisIPrangetheconnectionisrejectedwitha530Authenticationrequired...error.Thewordingofthe
    errorwillhopefullyletavaliduserknowtoenableauthenticationintheiremailclienttobeabletosend
    theirmessagetoMDaemon.
    IfyouhaveeverreceivedaspammessagethatappearedtobeFromandToyourselfthenyoumaybe
    wonderinghowthemessagewasacceptedbyMDaemonevenifyouwereusingIPShield.Most
    spammersaresmartenoughtoknownottousealocaladdressintheMAILFROMcommandbecause
    mostemailserversrequiresomeformofverificationinorderfortheemailservertoaccepttheiremail
    (i.e.requireSMTPauthentication).SothespammerwillgiveanexternaladdressintheMAILFROM
    command,whichMDaemoncannotapplyIPShieldto.
    ItsaftertheDATAcommandisgivenduringtheSMTPsessioniswhentheactualmessageisbeing
    transferredtotheserver.ThisiswheretheFrom,To,Subject,Dateheaders(andothers)alongwiththe
    bodyofthemessageareformed.HerethespammercanmakethemessageappeartobeFromandTo
    thelocaluser.
    Belowisascreenshotofatelnetsession.InthissessionImpretendingtobeanexternalsenderwhile
    formingboththeFromandToheaderstocontainthelocalusersaddress.

    UndertheoldIPShieldbehaviourthisemailisaccepted.Belowiswhatthisemaillookslikewhenviewed
    throughWorldClient.
    C&CSoftwareSolutionsIncwww.ccsoftware.ca

    Page2

    ImprovedIPShieldBehaviour
    Ifyouarestillwithme,andIhopeyouare,hereshowAltNimprovedtheIPShieldfeature.IPShield
    cannowbesettoalsolookattheFromheaderofanemailandapplyIPShieldtothedomainused.IP
    ShieldwillstilllookatthedomainnamegivenintheMAILFROMcommandbutnowitcanalsolookat
    theFromheader.SincetheFromheaderisformedaftertheDATAcommandisgivenwellseethe
    rejectionneartheendofthesession.
    BelowisascreenshotofatelnetsessionwhereMDaemonsIPShieldfeatureissettochecktheFrom
    header.

    WecanseethatMDaemonrejectedthisspoofedemailandtheerrorisabitdifferentwhichindicatesto
    theadminwhytheemailwasrejected.

    C&CSoftwareSolutionsIncwww.ccsoftware.ca

    Page3

    ***ImportantNotes***
    InordertobenefitfromtheIPShieldfeature,MDaemonmustbeacceptingemailfromexternalsources
    directly.ThismeansthattheMXrecordforyourdomainwillpointdirectlytoMDaemon.MDaemonhas
    tobeabletoseetheconnectingIPaddressoftheSMTPsessionsinordertoapplyitsIPShieldsettings.
    AltNTechnologiesimprovedtheIPShieldfeatureinMDaemonv12.5.0.Youmayneedtoupdateyour
    MDaemoninstallationinordertotakeadvantageofthisimprovedsecurityfeature.Youcandownload
    yourMDaemonupdatefromhere:http://www.ccsoftware.ca/mdaemon/download.cfm.
    ToturnontheIPShieldfeature,accesstheMDaemonGUIandclickSecurity|SecuritySettings|IP
    Shield.BelowisascreenshotoftheIPShieldoptionsonatypicalsetup.

    ThenewoptionthatwillgiveustheimprovedspoofcheckingisCheckFROMheaderaddressagainstIP
    Shield.ItisalsogoodtonoteherethatMDaemoncanusethe$LOCALDOMAIN$macro.Thisishandy
    forMDaemonserversthathavemultipledomainsconfiguredsothattheadmindoesnthaveto
    manuallyaddeverydomain.Theentriesyouseeintheabovescreenshotcanbemadeautomaticallyby
    MDaemonbyclickingtheDefaultbuttonontherighthandside.
    Feelfreetoaskusanyquestionsbydirectingthemtosupport@ccsoftware.ca.
    WerealwayshappytohelpyougetthemostfromyourMDaemonsoftware!
    C&CSoftwareSolutionsIncwww.ccsoftware.ca

    Page4

    Das könnte Ihnen auch gefallen