locked
Scan outbound Emails by exchange server SCL RRS feed

  • Question

  • Hi, I am using MS exchange server 2016  as DAG condition. we are using third-party email scanner for incoming email . also have some rule to check with SCL in admin center. we keep our outbound mx to internet. we have two hundred user who using email on PC, Ios and android. recently i have found any of the user are spreading spam, we don't find out where is been created, as a result i got some blacklisting in SMTP IP. i want to stop this kind of incident by scan every outgoing email by server. so my question is is there any way to do this by Exchange server? 

    Thank you!

    Raihan

    Monday, April 1, 2019 3:28 PM

All replies

  • Hi, I am using MS exchange server 2016  as DAG condition. we are using third-party email scanner for incoming email . also have some rule to check with SCL in admin center. we keep our outbound mx to internet. we have two hundred user who using email on PC, Ios and android. recently i have found any of the user are spreading spam, we don't find out where is been created, as a result i got some blacklisting in SMTP IP. i want to stop this kind of incident by scan every outgoing email by server. so my question is is there any way to do this by Exchange server? 

    Thank you!

    Raihan

    send outbound messages through you "third-party email scanner"  as well
    Monday, April 1, 2019 6:18 PM
  • Hi Raihan, 

    How do the spam messages spread? Are they delivered to internal users or external users?

    Please check if the spam messages have any common contents, like the same subject or words in the message body. In my per experience, you could set up a transport rule to filter the spam. Detailed settings you could see the below screenshot.




    What's more, the message might also come from spammers who have spoofed your internal users' email address. The SMTP protocol allows mail clients and servers to exchange email, message headers to be spoofed easily. To prevent anonymous senders from sending mail using your domain, you could remove the ms-exch-smtp-accept-authoritative-domain-sender permission in receive connector, which dictates whether an Accepted Domain can be used in the MAIL or FROM headers. Run the following command to remove the permission from NT Authority\Anonymous Logon on internet-facing Receive Connector.

    Get-ReceiveConnector “Internet-facing ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

    More details you could see the link below:

    https://exchangepedia.com/2008/09/how-to-prevent-annoying-spam-from-your-own-domain.html

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. 

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Edited by ThinkCenter Tuesday, April 2, 2019 7:56 AM
    • Proposed as answer by ThinkCenter Monday, April 8, 2019 9:12 AM
    Tuesday, April 2, 2019 7:42 AM
  • I am also planing to do this. but my concern is to learn how can server prevent this by itself. thanks for your reply :)
    Tuesday, April 2, 2019 10:23 AM
  • I am also planing to do this. but my concern is to learn how can server prevent this by itself. thanks for your reply :)
    Exchange itself has only the basic anti-malware/anti-spam capabilities, so I would not rely on it.  :)
    Tuesday, April 2, 2019 11:05 AM
  • Hi Kelvin Deng,

    Thank you so much for replying with information, we have already created transport rule to check organizational emails, unfortunately this things maybe not serving purpose, but the command line we will  try this after check if there any difficulties before disabling. i will knock you if i find any problem to do this. 

    Thanks again.

    raihan


    Wednesday, April 3, 2019 6:17 AM
  • Hi Raihan Kazi, 

    Thank you for your reply.

     

    After you get the consequence, please feel free to let me know if you need any other help.

     

    Have a nice day!

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Edited by ThinkCenter Wednesday, April 3, 2019 7:28 AM
    Wednesday, April 3, 2019 7:18 AM
  • Hi Raihan Kazi,

     

    Just checking in to see if above information was helpful.

     

    If you have solved your problem, please don't forget to mark it as answer. This may help more people with similar

    problems. Thanks for your understanding.

     

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, April 8, 2019 9:11 AM
  • Hi Raihan Kazi,,

     

    Sorry to interrupt your again.

     

    I just want to check the current status of your question.

    Is there any update or any other assistance I could provide on this issue? 

     

    Please feel free to mark responses as the answer and/or vote them helpful as appropriate.

    Thank you for your understanding and patience! 

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by ThinkCenter Sunday, May 5, 2019 2:40 PM
    Monday, April 22, 2019 9:52 AM