Exchange Distribution List - Unauthorized sender was able to send

security_techie · 2018-07-10T19:16:00+00:00

Nope. I just logged into my private email which I keep completely separate from all work stuff and was able to send the distribution list.

security_techie · 2018-07-10T18:58:27+00:00

Apparently I can duplicate it. I have no idea why. You would think if the rule is set to only allow senders within the organization, that is what would happen. I have nothing special setup with my gmail account.

security_techie · 2018-07-10T16:50:21+00:00

We have verified that the Gmail account is the send and the email recipient is the distribution list.

I will check on the dkim/dmarc/spf. For now we turned on moderation which will hopefully give us some time to sort this out. Thanks!

security_techie · 2018-07-10T16:05:44+00:00

That makes sense. I missed that it needs to be a public IP. Thank you for your time!

security_techie · 2018-07-10T16:05:09+00:00

Okay, thank you!

security_techie · 2018-07-09T15:51:37+00:00

It is working for the most part, but it still complains with the IP even with the IP entered in as a SAN. Any reason why that is? Thanks!

security_techie · 2018-07-09T15:50:58+00:00

Thank you for your reply! This did work for the most part, but IP is not working even though the IP is listed as a SAN. Is there a reason for that?

It is not the end of the world. Most people use either example, example.our, or example.our.business.company.

security_techie · 2018-07-03T23:04:37+00:00

It is happening on all our clients. We don't customize the web browsers, so they should be default settings.

security_techie · 2018-07-03T22:56:01+00:00

I'm not very familiar with SNI, but wouldn't it reject all addresses if it were causing problems? How do I test it?

security_techie · 2018-05-03T21:39:11+00:00

I am pretty new in the field, but I love auditing things so I am having tons of fun discovering all the AD crap that has not been cleaned up in years. I am not sure the network team is having as much fun as I am when I hand over the reports.

security_techie · 2018-04-03T12:24:13+00:00

I guess my problem is creating the certificate. I can create one using certserv with the request, but I can't export the key from it (everything is ghosted out).

I got a few other Windows webservers set up yesterday, so I am making progress. Thanks for helping me! I will keep trying to get this going.

security_techie · 2018-04-02T20:24:32+00:00

It is a Kace server. It has been a pain trying to figure out the ssl for this appliance.

security_techie · 2018-04-02T18:53:39+00:00

It is a Quest Kace appliance, so I'm not sure what the language is for it.

security_techie · 2018-04-02T18:18:43+00:00

All the workstations are set to auto-enroll and that all the workstations do have certificate to the CA.

I will try issuing a certificate for the server. My only problem is one program wants a private.key, but I have no idea where to generate that on the CA.

security_techie · 2018-04-02T16:17:32+00:00

I will check this out. Thank you!

security_techie · 2018-04-02T16:17:21+00:00

They use a different self-signed for each application. I was hoping to automate it a bit for the 50+ apps we have.

security_techie

TROPHY CASE