locked
sender user verification exchange 2013 RRS feed

  • Question

  • Hi,

    Hi,

    i HAVE exchange 2013 sp1, I have configure the   Receive connectors for internet,  but, any users can send email with my domain, exaMple:

    250-ex2013.domain.com Hello [192.168.***.***]

    mail from: <fakeuser@your_domain.com>

    250 2.1.0 Sender OK

    rcpt to: <VALIDuser@your_domain.com>

    550 5.1.1 OK

    Tuesday, September 27, 2016 1:25 AM

Answers

  • Hi,

    These are called spoofing emails: for the reasons of been spoofed please see : How Spammers Spoof Your Email Address (and How to Protect Yourself).

    We can also check the protocol for more information in below path(which receive connector, source server, etc.):

    C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpSend

    or

    C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ProtocolLog\SmtpSend

    You need to remove permission to bypass the sender address spoofing check by running:

    Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission

    If that doesn't solve the problem you should do the following:

    Block your own domain with:

        Set-SenderFilterConfig -BlockedDomains mydomain.com

        Set-SenderFilterConfig -InternalMailEnabled $true

     Remove ms-Exch-SMTP-Accept-Any-Sender for anonymous users with:

        Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission

    Allow open relay from LAN (if needed) with:

        Get-ReceiveConnector "name of your LAN Open Relay connector" | add-ADPermission -user "NT AUTHORITY\Anonymous Logon" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender"

    Please note: Make sure to restart transport service after those operations.

    We also need to do on different levels to prevent them, please refer to the following two articles:

    Block spoofed email - Part 1 | Exchange 2010 - 2016

    Block spoofed email - Part 2 | Exchange 2010 - 2016

    Please note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. And the changes made in the above blog is not supported officially by Microsoft.

    Hope it helps.

    BR.


    Jason Chao
    TechNet Community Support


    Please remember to mark the replies as an answer if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, September 28, 2016 5:24 AM
    Moderator

All replies

  • Hi,

    These are called spoofing emails: for the reasons of been spoofed please see : How Spammers Spoof Your Email Address (and How to Protect Yourself).

    We can also check the protocol for more information in below path(which receive connector, source server, etc.):

    C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpSend

    or

    C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ProtocolLog\SmtpSend

    You need to remove permission to bypass the sender address spoofing check by running:

    Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission

    If that doesn't solve the problem you should do the following:

    Block your own domain with:

        Set-SenderFilterConfig -BlockedDomains mydomain.com

        Set-SenderFilterConfig -InternalMailEnabled $true

     Remove ms-Exch-SMTP-Accept-Any-Sender for anonymous users with:

        Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission

    Allow open relay from LAN (if needed) with:

        Get-ReceiveConnector "name of your LAN Open Relay connector" | add-ADPermission -user "NT AUTHORITY\Anonymous Logon" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender"

    Please note: Make sure to restart transport service after those operations.

    We also need to do on different levels to prevent them, please refer to the following two articles:

    Block spoofed email - Part 1 | Exchange 2010 - 2016

    Block spoofed email - Part 2 | Exchange 2010 - 2016

    Please note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. And the changes made in the above blog is not supported officially by Microsoft.

    Hope it helps.

    BR.


    Jason Chao
    TechNet Community Support


    Please remember to mark the replies as an answer if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, September 28, 2016 5:24 AM
    Moderator
  • Hi,

     

    Would you please provide us with an update on the status of your issue? If the reply helped, if so, please help to mark as answer, it'll be helpful and easily to search for others, thanks for your time.

     

    Best regards,


    Jason Chao
    TechNet Community Support


    Please remember to mark the replies as an answer if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, October 6, 2016 8:33 AM
    Moderator