locked
Exchange 2010 Send mail RRS feed

  • Question

  • We have Exchange setup but are running into an issue where anyone can spoof an email account from our domain and it goes out using SMTP through command prompt. I want to know if it is possible to set up Exchange so whenever anyone tries to send an email out from our domain it verifies the account exists and also looks for a password. This will prevent people from being able to send email pretending they are someone else. Here are accouple examples

    1) I can use josh.smith@help.com and send an email to john.jones@help.com and it goes through with no password required using smtp through command prompt both accounts exist but the sender is not really josh.smith.

    2) I can send an email from ken.john@help.com to john.jones@help.com but ken.john@help.com does not exist on the domain.

    Thanks

    Kevin


    • Edited by Amity Tech Wednesday, October 8, 2014 1:56 PM
    Wednesday, October 8, 2014 1:56 PM

Answers

  • There are two ways to do this - 1) you can configure your receive connectors to only allow messages from specific IP addresses, or 2) you can configure the ms-exch-smtp-accept-authoritative-domain-sender permission on the domain (use Get-ReceiveConnector “Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission to do this).  The first allows messages inbound from the Internet, which may be useful when people use their internal address for signing up on external websites.  The second blocks everything using your domain that's not authenticated.

    Wednesday, October 8, 2014 2:28 PM
  • Hi,

    According to the description, I notice that you are suffering Spoof. I suggest create SPF record. More details to see:
    Customize an SPF record to validate outbound email sent from your domain
    http://technet.microsoft.com/en-us/library/dn789058(v=exchg.150).aspx
    Sender ID Framework SPF Record Wizard
    http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
     
    Thanks

    Tuesday, October 14, 2014 3:19 AM
    Moderator

All replies

  • There are two ways to do this - 1) you can configure your receive connectors to only allow messages from specific IP addresses, or 2) you can configure the ms-exch-smtp-accept-authoritative-domain-sender permission on the domain (use Get-ReceiveConnector “Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission to do this).  The first allows messages inbound from the Internet, which may be useful when people use their internal address for signing up on external websites.  The second blocks everything using your domain that's not authenticated.

    Wednesday, October 8, 2014 2:28 PM
  • Thanks for the information I will give them a try.
    Thursday, October 9, 2014 11:20 AM
  • Hi,

    According to the description, I notice that you are suffering Spoof. I suggest create SPF record. More details to see:
    Customize an SPF record to validate outbound email sent from your domain
    http://technet.microsoft.com/en-us/library/dn789058(v=exchg.150).aspx
    Sender ID Framework SPF Record Wizard
    http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
     
    Thanks

    Tuesday, October 14, 2014 3:19 AM
    Moderator