Recipe10.8.Controlling Anonymous Address Resolution

Recipe 10.8. Controlling Anonymous Address Resolution

Problem

You want to reduce the possibility of outside parties spoofing sender addresses.

Solution

Using a graphical user interface to control address expansion in Exchange 2000

Open the Registry Editor (regedit.exe).
Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeTransport
If the Parameters subkey exists, select it. If not, right-click MSExchangeTransport and select New Key.
Key to add it.
DWORD Value to create a new value named ResolveP2. Give it the appropriate flag value:

0x08

Tells Exchange to resolve the From header in incoming mail

0x10

Tells Exchange to resolve the To and CC header fields

0x20

Tells Exchange to resolve the Reply-To field

By default, Exchange will attempt to resolve all these headers, but by changing the flag value you can force it to ignore certain headers.
Quit the Registry Editor.
Stop and restart the SMTP virtual server to which you added this key.

To set the ResolveP2 flag in Exchange Server 2003:

Launch the Exchange System Manager (Exchange System Manager.msc).
In the left pane, expand the appropriate Administrative Groups container, and then expand the Servers container.
Locate the target server and expand its Protocols container and the SMTP node beneath it.
Right-click the Default SMTP Virtual Server node and select Properties.
Switch to the Access tab and click the Authentication button. The Authentication dialog, shown earlier in Figure 10-1, will appear.
Click the Resolve anonymous E-mail checkbox and click OK.

Discussion

When incoming SMTP mail arrives at an Exchange server, it is sometimes desirable to check SMTP addresses in the headers against the global address list. This allows mail sent from paul@robichaux.net to appear as "Paul Robichaux" in the mailboxes of other users in our organization. However, it also allows spoofed mail that claims to be from within the organization to have its headers resolved so that the mail looks more legitimate. The implementation and behavior of this feature varies between Exchange 2000 and Exchange Server 2003.

Exchange 2000: You must add the ResolveP2 registry key but you can control which specific headers it attempts to resolve. This is useful because you might not want some headers resolved. One example: if you send mail from a mailbox that has multiple SMTP addresses, the outbound mail will always have the mailbox display name on it. That means that recipients who originally mailed to one SMTP address can get responses from another, completely different, address.
Exchange Server 2003: For each incoming SMTP message, Exchange Server 2003 tracks whether the message was submitted anonymously or by an authenticated user or connection. Authenticated messages always have their headers resolved; the Resolve anonymous E-mail checkbox described in step 6 controls whether or not resolution occurs on anonymously submitted messages.

Header resolution only applies to messages that are passed into the message store via SMTP. If messages are submitted via SMTP and directly delivered to another system via an SMTP transport, Exchange will not modify the headers. Because the header resolution relies on matching the SMTP address with extended user MAPI properties in Active Directory, the message must first be passed into the information store for resolution to take place.

Remember that the value of this setting applies only to individual SMTP virtual servers. Microsoft recommends that you disallow anonymous resolution on any machine that accepts SMTP traffic from the Internet, so if you want to allow header resolution for some of your messages, you may need to create additional virtual servers.