locked
Need to disable anonymous relay and create a receive connectors by allowing specific IP's RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello All,

    I have deployed Exchange server 2016 cluster setup recently and since i have created a anonymous relay on Exchange servers which i found a vulnerability for the organization.

    I followed below article to enable the anonymous relay:

    https://technet.microsoft.com/en-us/library/mt668454%28v=exchg.160%29.aspx?f=255&MSPPError=-2147217396

    However, I need to disable this open relay and create a dedicated receive connector to allow specific IP's to send emails.

    Kindly advice me to remove the open relay where all the users can relay emails where it has become a major threat.

    Appreciate your prompt response.

    Thanks and Regards,

    Dilshan

    Tuesday, December 13, 2016 6:51 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    do you want to restrict internal anonymous mail delivery or anonymous mail delivery to external via your exchange?

    For internal anonymous relay just remove anonymous from your receive connector and create a second one with the specific ip and anonymous enabled.

    If you wish external relaying: You can create your new receive connector and can use this script from technet gallery for enabling it for anonymous relay Toggle-ExternalRelayReceiveConnector


    Greetings

    Steve


    • Edited by AlphaRonin Tuesday, December 13, 2016 7:24 AM typos
    Tuesday, December 13, 2016 7:22 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    To disable open relay, remove permissions that you assigned to receive connector. For example:

    Get-ReceiveConnector "Anonymous Relay" | Remove-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

    And is that specific IP internal or external? If it's internal, create an A record in DNS. If it's external, when we create a receive connector for open relay, specify that IP address in Remote network settings lists. Then this receive connector will only receive emails from that IP. Refer to this document for more details.

    https://technet.microsoft.com/en-us/library/jj657467%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

    Best Regards,

    Lynn-Li
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by PK Sarangi Wednesday, December 14, 2016 6:15 AM
    Wednesday, December 14, 2016 4:52 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi, Dilshan.Saminda

    Is my suggestion above helpful for you? If you need any further help, please let mw know.

    Best Regards,

    Lynn-Li
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 20, 2016 3:08 AM