none
SMTP gets open after Anonymous users allowed under Default Frontend

    Question

  • Hello

    under Receive connectors > default frontend, if i allow Anonymous users (port 25), then it also allows local and external users to send emails without authentication (using smtp and port 25 on their desktop outlook).

    means any one can use my server as outgoing server (smtp)

    If i uncheck, Anonymous then it also stops all incoming mails from external world.

    How do i stop this open smtp.

    pls help

    Friday, March 9, 2018 7:36 AM

All replies

  • Hello

    under Receive connectors > default frontend, if i allow Anonymous users (port 25), then it also allows local and external users to send emails without authentication (using smtp and port 25 on their desktop outlook).

    means any one can use my server as outgoing server (smtp)

    If i uncheck, Anonymous then it also stops all incoming mails from external world.

    How do i stop this open smtp.

    pls help


    Use a SMTP gateway and set the allowed remote IPs on that connector to just the IPs of the gateway.
    Friday, March 9, 2018 2:55 PM

  • Use a SMTP gateway and set the allowed remote IPs on that connector to just the IPs of the gateway.

    I did not get this. SMTP gateway in exchange? how can i do this?

    pls let me know

    Saturday, March 10, 2018 5:11 AM

  • Use a SMTP gateway and set the allowed remote IPs on that connector to just the IPs of the gateway.

    I did not get this. SMTP gateway in exchange? how can i do this?

    pls let me know


    Use another server ( IIS/SMTP) , Microsoft Edge or 3rd party or hosted in the cloud like EOP.
    Saturday, March 10, 2018 2:09 PM
  • Hi sanketgroup,

    Thanks for contacting our forum.

    From your description, if you check the anonymous, the local and external can use this connector without auth. For local users we can remove the extended permission on this receive connector with the command below:

    Remove-ADPermission "default exch13" -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

    For external users make sure you’ve checked the settings below:

    Hope it helps.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, March 12, 2018 11:23 AM
    Moderator
  • Hi sanketgroup,

    Thanks for contacting our forum.

    From your description, if you check the anonymous, the local and external can use this connector without auth. For local users we can remove the extended permission on this receive connector with the command below:

    Remove-ADPermission "default exch13" -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

    For external users make sure you’ve checked the settings below:

    Hope it helps.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Anonymous is needed if internet mail is going through that connector

    Monday, March 12, 2018 3:43 PM
  • Hi sanketgroup,

     

    Any update now?

    If the above suggestion helps, please be free to mark it as answer.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, March 22, 2018 1:56 AM
    Moderator