IT Consultant Group

 View Only
  • 1.  Outbound mail spoofing

    Broadcom Employee
    Posted Apr 01, 2014 02:45 AM

    Dear ALL,

    We are facing an issue of outgoing mail spoofing,


    Genuine outgoing mail domain:

    Spoof outgoing mail domain:


    We wanted to block those spoof mails on SMG which are going outside other than

    Thanks in advance.


    Pravin Loke

  • 2.  RE: Outbound mail spoofing

    Posted Apr 02, 2014 04:24 AM

    If either the recipient or sender domain is not part of your environment, the SMG should not relay it.  That is the definition of an open relay.  Please refer to the below best practice article for configuration pointers and testing for open relay:

    Assuming the mail is not actually being routed via your SMG, but rather is just being sent out directly, I'd personally start with amending your FW rules and go from there to be honest.  What I mean is:

    • only your mail server(s) is/are allowed to send mail out via the the SMG, and
    • that only the SMG is allowed to send mail out at all, so that
    • only authorised devices can send out mail

    I'd also recommend checking out the logs on your FW to determine if anything other than your mail server is connecting out on port 25, and to find out why they are doing so (i.e. is it infected, is it a legitimate mailer process that has been hijacked to spoof mail, etc).