locked
How to Configure My Exchange Server 2013 is only can be send emails from my domain.. RRS feed

  • Question

  • Hello, 

    How to configure My Exchange Server 2013 is only can be send emails from my domain ?

    because when I see on mail queue, there is another untrusted domain send from my exchange server to external domain.

    Thanks.

    Monday, June 20, 2016 8:37 AM

Answers

  • Hi,

    For your question, I want to confirm:
    1. Have you deploy some open relay connector?
    2. Can those queued message deliver succeed?

    Please run below command to determine which receive connector are open relay connector:
    Get-ReceiveConnector | Get-ADPermission | Where {$_.User -Like '*anon*' -And $_.ExtendedRights -Like 'ms-Exch-SMTP-Accept-Any-Recipient'} | FL Identity,User,ExtendedRights

    If it returns some connector, please run below command to remove relay permission:
    Get-ReceiveConnector "Anonymous Relay" | Remove-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

    More details about Allow anonymous relay on Exchange servers, for your reference:
    https://technet.microsoft.com/en-us/library/mt668454%28v=exchg.150%29.aspx


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Tuesday, June 21, 2016 9:13 AM
    Moderator

All replies

  • You may need to just add your domain to accepted domain list in Mail Flow section of EAC. Any other non-authoritative domain will not be allowed from exchange to send the email though.

    Monday, June 20, 2016 9:33 AM
  • Yes I know, but I get many queue from untrusted domain to external domain that send emails from my server.
    Tuesday, June 21, 2016 2:02 AM
  • Hi,

    For your question, I want to confirm:
    1. Have you deploy some open relay connector?
    2. Can those queued message deliver succeed?

    Please run below command to determine which receive connector are open relay connector:
    Get-ReceiveConnector | Get-ADPermission | Where {$_.User -Like '*anon*' -And $_.ExtendedRights -Like 'ms-Exch-SMTP-Accept-Any-Recipient'} | FL Identity,User,ExtendedRights

    If it returns some connector, please run below command to remove relay permission:
    Get-ReceiveConnector "Anonymous Relay" | Remove-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

    More details about Allow anonymous relay on Exchange servers, for your reference:
    https://technet.microsoft.com/en-us/library/mt668454%28v=exchg.150%29.aspx


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Tuesday, June 21, 2016 9:13 AM
    Moderator
  • Hello ,

    1.Make sure there is no open relay on the devices which is configured in your MX records .Use the tool Mxtoolbox to check the open relay status .

    2.Secondly make sure your smarthost is doing the reverse dns check for all the incoming SMTP connections from the external world .

    3.Then to avoid spoofing of your own domain suffix by spammers , please make sure you have SPF records  for your domain .Nowadays most of the mail servers are doing the SPF check , so such case if any of the unauthorized server sends a mail by using your own domain suffix , then the mail server in the recipient end will reject the mails by doing the SPF check. 

    Please contact your ISP and they will help you out in creating the records in the Public DNS .


    Thanks & Regards S.Nithyanandham

    Wednesday, June 22, 2016 5:14 AM
  • Hello,

    The relay status is unable to relay

    I already set the spf record of my domain

    and I get many queue on my exchange server, like this...

    Identity: EMS04\31118\635655159951
    Subject: Re: Aumente seu Pênis Naturalmente (até 10cm - Você precisa conhecer este método)
    Internet Message ID: <9e038868-4454-43b2-9d3f-7b6e09583d99@CAS01.exchange.lintasarta.net>
    From Address: eqpg3@hotmail.com
    Status: Ready
    Size (KB): 5
    Message Source Name: SMTP:Default EMS04
    Source IP: 198.20.83.179
    SCL: 1
    Date Received: 28/06/2016 15:22:29
    Expiration Time: 30/06/2016 15:22:29
    Last Error: 421 RP-001 (BAY004-MC4F29) Unfortunately, some messages from 182.23.64.200 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors.
    Queue ID: EMS04\31118
    Recipients:  aline_arx@hotmail.com;2;2;[{LRT=};{LED=421 RP-001 (BAY004-MC4F29) Unfortunately, some messages from 182.23.64.200 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors.};{FQDN=};{IP=}];0;CN=Outbound Internet Email,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Exchange LintasArta,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exchange,DC=lintasarta,DC=net;0 jubukan@hotmail.com;2;2;[{LRT=};{LED=421 RP-001 (BAY004-MC4F29) Unfortunately, some messages from 182.23.64.200 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors.};{FQDN=};{IP=}];0;CN=Outbound Internet Email,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Exchange LintasArta,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exchange,DC=lintasarta,DC=net;0 alexandre_epm@hotmail.com;2;2;[{LRT=};{LED=421 RP-001 (BAY004-MC4F29) Unfortunately, some messages from 182.23.64.200 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors.};{FQDN=};{IP=}];0;CN=Outbound Internet Email,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Exchange LintasArta,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exchange,DC=lintasarta,DC=net;0 aljunior25@hotmail.com;2;2;[{LRT=};{LED=421 RP-001 (BAY004-MC4F29) Unfortunately, some messages from 182.23.64.200 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors.};{FQDN=};{IP=}];0;CN=Outbound Internet Email,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Exchange LintasArta,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exchange,DC=lintasarta,DC=net;0

    Wednesday, June 29, 2016 2:07 AM
  • Hi,

    Please try the suggestion as I mentioned above.

    Base on the queue message, it indicate that message from 182.23.64.200 trigger the limitation of receive connector with MessageRateLimit parameter.

    Please ensure IP address 182.23.64.200 is valid for your domain, if not please add it to blacklist.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Sunday, July 10, 2016 6:42 AM
    Moderator