When did Anonymous permission include ms-exch-smtp-accept-authoritative-domain-sender? RRS feed

  • Question

  • I have deployed an Edge Exchange 2007 SP2 w/ Rollup 3 server and noticed this permission (ms-exch-smtp-accept-authoritative-domain-sender) is granted to anonymous when the Anonymous users is checked on a receive connector. When I remove the permission the checkbox becomes unchecked but since the other permissions are still present it doesn't affect anything. I do not desire anonymous to have the ms-exch-smtp-accept-authoritative-domain-sender extended right since this opens up relay and domain spoofing. My question is when did this change? I have previously deployed Edge Exchange 2007 servers and this permission was not part of the default set of permissions and I had to go in and grant the right manually to allow relaying for authoriative domain.
    Thursday, April 1, 2010 9:41 PM


All replies

  • My understanding is that this has always been a default permission set for the Anonymous group.

    http://technet.microsoft.com/en-us/library/aa996395%28EXCHG.80%29.aspx - lists the permissions associated with each group.


    • Marked as answer by Mattchess2005 Friday, April 2, 2010 1:05 AM
    Thursday, April 1, 2010 9:46 PM
  • Thanks for the reference.
    Friday, April 2, 2010 1:05 AM
  • Glad I could help


    Friday, April 2, 2010 9:27 AM
  • I don't think this has been the case in the past.

    This permission started showing up on our Default receive connectors, AND in the GUI, the Anonymous permission for the Default receive connector is UNChecked!!!

    The other week I used powershell to remove "ms-Exch-SMTP-Accept-Authoritative-Domain-Sender" from the Default receive connector, but today it has come back!

    Monday, February 11, 2013 6:15 PM