locked
Anonymous users - receive connector RRS feed

  • Question

  • Hi All,

    I checked and come to know that Anonymous users is checked Client & Default receive connector on my Exchange Server 2010.

    is it ok to leave the default settings ? 



    TheAtulA

    Friday, June 30, 2017 8:57 AM

Answers

  • Allen ,

    Correctly, the "Anonymous Users" should be checked unless the inbound message from Internet will fails.

    what I understood here is 

    you mean that : it is Ok to to have checked the settings for "Anonymous Users" . If we un-check this then mails we will not be receiving emails coming from Internet (external Domains)

    I ran the first command but not output received.


    TheAtulA


    Correct. Anonymous users means messages not from Exchange. It doesn't mean you are an open relay. If you just leave things alone - by default you are not an open relay.
    • Proposed as answer by Niko.Cheng Friday, July 7, 2017 9:50 AM
    • Marked as answer by - Atul Monday, July 10, 2017 11:07 AM
    Monday, July 3, 2017 12:14 PM

All replies

  • Hi All,

    I checked and come to know that Anonymous users is checked Client & Default receive connector on my Exchange Server 2010.

    is it ok to leave the default settings ? 



    TheAtulA


    Of course. Any reason you want to change those?
    Friday, June 30, 2017 11:34 AM
  • Just wanted to make sure that my server is not open for relay

    TheAtulA

    Friday, June 30, 2017 12:29 PM
  • Just wanted to make sure that my server is not open for relay

    TheAtulA


    No, if you leave the default settings ,then you wont be.
    Friday, June 30, 2017 5:28 PM
  • Hi,

    Correctly, the "Anonymous Users" should be checked unless the inbound message from Internet will fails.

    However, to prevent send message without authentication (for example: spoof an internal user send message to internal user), we need to remove "ms-exch-smtp-accept-authoritative-domain-sender" permission from anonymous user.

    1. List open relay connector:
    Get-ReceiveConnector | Get-ADPermission |  Where {$_.User -Like '*anon*' -And $_.ExtendedRights -Like 'ms-Exch-SMTP-Accept-Any-Recipient'} | FT Identity, User, ExtendedRights
    2. Remove permission:
    Get-ReceiveConnector "Connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission

    Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Niko.Cheng Friday, July 7, 2017 9:51 AM
    Monday, July 3, 2017 6:14 AM
  • Allen ,

    Correctly, the "Anonymous Users" should be checked unless the inbound message from Internet will fails.

    what I understood here is 

    you mean that : it is Ok to to have checked the settings for "Anonymous Users" . If we un-check this then mails we will not be receiving emails coming from Internet (external Domains)

    I ran the first command but not output received.


    TheAtulA

    Monday, July 3, 2017 8:54 AM
  • Allen ,

    Correctly, the "Anonymous Users" should be checked unless the inbound message from Internet will fails.

    what I understood here is 

    you mean that : it is Ok to to have checked the settings for "Anonymous Users" . If we un-check this then mails we will not be receiving emails coming from Internet (external Domains)

    I ran the first command but not output received.


    TheAtulA


    Correct. Anonymous users means messages not from Exchange. It doesn't mean you are an open relay. If you just leave things alone - by default you are not an open relay.
    • Proposed as answer by Niko.Cheng Friday, July 7, 2017 9:50 AM
    • Marked as answer by - Atul Monday, July 10, 2017 11:07 AM
    Monday, July 3, 2017 12:14 PM