none
Exchange 2013 -Prevent Spam emails from outside but with my internal domain name

    Question

  • my apologies if this question was asked and answered previously.

    we have Exchange 2013 email server. We have been seeing some of the emails are coming from outside but using our own domain name which should not be. any email coming from outside using our domain name must not get processed and rejected at the first place when arrives in our server. I looked into some of the posts and generally found to remove "ms-exch-smtp-accept-authoritative-domain-sender" property of "NT AUTHORITY\Anonymous Logon" security principal from internet receive connector.

    This solution was given to below forum:

    http://serverfault.com/questions/741501/how-can-i-prevent-spoofed-emails-from-outside-thats-using-my-internal-accepted-d

    My question is:

    (1) if I remove that permission, do I need to restart my receive connector?

    if the above does not work, there is another solution suggested to block own domain and then remove ms-Exch-SMTP-Accept-Any-Sender for anonymous use and then restart receive connector

    Powershell
    
    Set-SenderFilterConfig -BlockedDomains mydomain.com
    
    Set-SenderFilterConfig -InternalMailEnabled $true
    
    Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission

    (2) my questions is, if I do this, after restart of receive connector, will this affect our internal applications and devices emails sending which are anonymous like copiers/scanners and other internal applications inside our LAN?

    (3) if it does affect and within-LAN anonymous internal emails are stopped, do I need to create a separate receive connector for LAN and allow Anonymous log-on? whats the command or procedure to do that?

    (4) How can I simulate the issue (receiving email from outside but with our domain address), so I can be sure the solution is actually working?

    Thanks for your replies to help resolving my issue.

    Friday, May 27, 2016 5:53 AM

All replies

  • Consider deploying a third-party antispam server, appliance or cloud service.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Friday, May 27, 2016 5:00 PM
    Moderator
  • Hi,

    1.   No, re-enable receive connector at most.

    2.   It depends on your configuration. Generally, we create special receive connectors for copiers/scanners.

    Check if 'open reply' is configured in your receive connector.

    https://technet.microsoft.com/en-us/library/mt668454%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

    By the way, just remove that permission to check this issue. If it affects your mail flow, re-add it.

    Best Regards.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Lynn-Li
    TechNet Community Support

    Monday, May 30, 2016 7:30 AM
    Moderator
  • I tried this, but the configuration change also started to block internal anonymous emails (emails from scanners, internal applications). so Ii had to revert it back. now I am checking to find correct SPF record for my domain, and create it in our public DNS zone. I already have two SPF records in internet-DNS, but its showing "SPF record depreciated".

    below are current SPF records already present but showing as depreciated. emails are sent from @mydom.com in address.

    spf:mydom.com is "v=spf1 a:mail.mydom.com a:mailservername.mydom.com mx:mydom.com -all"

    spf:mail.mydom.com is "v=spf1 mx –all"

    I am not sure what will be a correct SPF record I need to create to stop/reject spoofed-domain emails.

    If anyone can advise, that will be appreciated.

    Monday, June 20, 2016 2:21 AM