How to block spoofed email from email local domain

All replies

• 

  

  1

  Sign in to vote

  Have you checked messaged header where the email originated from?

  You need to implement SPF+DKIM+DMARC to avoid fraud and spoof emails.

  To avoid people telnet to your server and send email to other domains, you need to enable recipient agent filter:

  To check if your server is using the AddressBook for validation run the following command:

  Get-AcceptedDomain | Format-List Name,AddressBookEnabled

   It should provide you with a list of all accepted domains and if the AddressBook is enable or not. If by any chance Exchange is not Authoritative and the AddressBook is disabled then enable it with:

  Set-AcceptedDomain <name of accepted domain> -AddressBookEnabled $true

  Or, to enable for all domains (caution, make sure you are not relaying any domains before running this)

  Get-AcceptedDomain | Set-AcceptedDomain -AddressBookEnabled $true

  Now you should have Recipient Filter on your Mailbox Server and AddressBook enabled on your domain. However, if you test this now, it probably still will not work. That is because Validation is still disabled.

  To check the status of validation run the following

  Get-RecipientFilterConfig | FL Enabled,RecipientValidationEnabled 

   It should return that Recipient Filter is enable, but validation is not

  Enabled: True
  RecipientValidationEnabled : False

  3. To enable validation run the following Set-RecipientFilterConfig -RecipientValidationEnabled $true
   
  4. Restart the Exchange Transport service

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

  • Marked as answer by Phuong, Nguyen Van Thursday, August 24, 2017 1:19 AM

  Wednesday, August 23, 2017 11:54 AM
• 

  

  5

  Sign in to vote

  https://msexchangemaster.blogspot.com/2017/06/exchange-2013-is-relaying-spam.html

  
  

  Please click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

  • Marked as answer by Phuong, Nguyen Van Thursday, August 24, 2017 1:24 AM

  Wednesday, August 23, 2017 4:41 PM
• 

  

  0

  Sign in to vote

  Dear Off2work,

  Many thanks. I configured SPF however I have not been  implement DKIM+DMARC not yet configure. Please me send link or guide configure DKIM+DMARC for System Mail Exchange 2016.

  I will try to follow tasks your guide check in exchange (1,..2,3, 4) in below.

  Many thanks

  
  

  • Edited by Phuong, Nguyen Van Thursday, August 24, 2017 1:39 AM

  Thursday, August 24, 2017 1:23 AM
• 

  

  1

  Sign in to vote

  Hi,

  DMARC is only a DNS record and DKIM is only available if you use Exchange Online. For On-premise you will have to use 3rd part spam provider. You could also install some 3rd part and I think there are some available through GitHub. Its not recommended if its a big company, then better to look for spam provider that supports it.

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

  • Marked as answer by Phuong, Nguyen Van Friday, December 7, 2018 1:50 PM

  Thursday, August 24, 2017 6:09 AM
• 

  

  0

  Sign in to vote

  Many thanks Off2Work 

  Friday, August 25, 2017 2:25 AM