locked
Spoofed Emails within Domain RRS feed

  • Question

  • I've recently upgraded from Exchange 2010 to Exchange 2016.

    We started to get spoof emails along the lines of, UserA@atmydomain.co.uk emailing UserB@atmydomain.co.uk requesting cash payments etc. As you can imagine, this wasn't good for business! So; I set the following on the 2010 Enviroment;

    Get-ReceiveConnector My Internet ReceiveConnector | Get-ADPermission -user NT AUTHORITY\Anonymous Logon | where {$_.ExtendedRights -like ms-exch-smtp-accept-authoritative-domain-sender} | Remove-ADPermission

    This stopped outside users from spoofing mail internally. Now that we've migrated to 2016, they've started again.

    My question; Is there a way to stop this in Exchange 2016? It seems as though if I disable the above on the Default FrontEnd (Servername), it stops ALL external mail from coming in.

    Thanks,

    Wednesday, February 10, 2016 4:31 PM

Answers

  • Hi,

    Please configure Anti-Spam for Exchange and enableSender Filter agent to block domain, also enable sender filter for internal. For example:

    Set-SenderFilterConfig -BlockedDomains atmydomain.co.uk
    Set-SenderFilterConfig -InternalMailEnabled $true

    Also, please remove "ms-Exch-SMTP-Accept-Any-Sender" permission from internet receive connector, otherwise it will bypass the SenderFilter settings:

    Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission

    Add "ms-Exch-SMTP-Accept-Any-Sender" permission for open relay connector and ensure it bypass the SenderFilter settings for anonymous users:

    Get-ReceiveConnector "name of your LAN Open Relay connector" | add-ADPermission -user "NT AUTHORITY\Anonymous Logon" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender"

    More details about it, please refer to: https://technet.microsoft.com/en-us/library/bb124354(v=exchg.160).aspx


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    • Marked as answer by Allen_WangJF Wednesday, February 24, 2016 2:17 AM
    Thursday, February 11, 2016 8:01 AM

All replies

  • Forgive me if I'm wrong but that doesn't answer anything bar it doesn't work in later versions of Exchange 2013.
    Wednesday, February 10, 2016 8:34 PM
  • Hi,

    Please configure Anti-Spam for Exchange and enableSender Filter agent to block domain, also enable sender filter for internal. For example:

    Set-SenderFilterConfig -BlockedDomains atmydomain.co.uk
    Set-SenderFilterConfig -InternalMailEnabled $true

    Also, please remove "ms-Exch-SMTP-Accept-Any-Sender" permission from internet receive connector, otherwise it will bypass the SenderFilter settings:

    Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission

    Add "ms-Exch-SMTP-Accept-Any-Sender" permission for open relay connector and ensure it bypass the SenderFilter settings for anonymous users:

    Get-ReceiveConnector "name of your LAN Open Relay connector" | add-ADPermission -user "NT AUTHORITY\Anonymous Logon" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender"

    More details about it, please refer to: https://technet.microsoft.com/en-us/library/bb124354(v=exchg.160).aspx


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    • Marked as answer by Allen_WangJF Wednesday, February 24, 2016 2:17 AM
    Thursday, February 11, 2016 8:01 AM
  • Hi,

    I'm having issue with the internal LAN open relay connector. Adding "ms-Exch-SMTP-Accept-Any-Sender" permission to it doesn't seems to work. The emails that go through this open relay got filtered by SenderFilterConfig.

    Update: If I add "ms-exch-bypass-anti-spam", then it'll work. But I'm trying to avoid this. Any idea how to resolve this?

    Thursday, May 26, 2016 4:20 PM
  • I find that using,

    Set-SenderIdConfig -SpoofedDomainAction Reject

    should be the best method to prevent spoofed emails. However, it seems to reject mails sent from both external and internal network even after I executed,

    Set-SenderIdConfig -InternalMailEnabled $false
    and as the problem I stated above,
    Get-ReceiveConnector "name of your LAN Open Relay connector" | add-ADPermission -user "NT AUTHORITY\Anonymous Logon" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender"

    doesn't bypass the spoofing check on the "name of your LAN Open Relay connector". I still need to use,

    Get-ReceiveConnector "name of your LAN Open Relay connector" | add-ADPermission -user "NT AUTHORITY\Anonymous Logon" -ExtendedRights "ms-exch-bypass-anti-spam"




    Friday, May 27, 2016 2:34 AM