locked
Anonymous users unchecked from Default connector but Anonymous user can still use it RRS feed

  • Question

  • I have unchecked Anonymous users from Default connector but when I check the AD permissions then the Anonymous user is still listed and it can still send mail from authoritative domain.

    What does the check-mark do then?

    Tuesday, May 1, 2018 11:14 AM

Answers

  • Anonymous means it will receive unauthenticated SMTP, i.e. accept and email FROM gmail.com to YOURDOMAIN.com

    **Please don't forget to mark as helpful or answer**

    • Marked as answer by Jozef Woo Wednesday, May 2, 2018 8:55 AM
    Tuesday, May 1, 2018 11:47 AM
  • I have noticed that with one Exchange 2010 installation, removing the checkmark removes all extendedrights for the Anonymous Logon except a few like ms-Exch-Create-Public-Folder (which is weird but maybe that's worry for later).

    However, I also had one case where removing the Anonymous users checkmark via the GUI still left this extendedright: ms-Exch-SMTP-Accept-Authoritative-Domain-Sender and because of this "relay" to internal users would still work if I would use an accepted domain address.

    I don't know why it behaves like this. I would except that the checkmark would have the same effect on all 2010 installations :-s

    • Marked as answer by Jozef Woo Wednesday, May 2, 2018 8:55 AM
    Wednesday, May 2, 2018 7:31 AM

All replies

  • Anonymous means it will receive unauthenticated SMTP, i.e. accept and email FROM gmail.com to YOURDOMAIN.com

    **Please don't forget to mark as helpful or answer**

    • Marked as answer by Jozef Woo Wednesday, May 2, 2018 8:55 AM
    Tuesday, May 1, 2018 11:47 AM
  • Hi, thanks. That's my understanding as well.

    But sending e-mail from a domain-joined Windows desktop by using Telnet (for instance) would still be considered anonymous right? Because no credentials are explicitly provided in the telnet commands/SMTP conversation.

    Tuesday, May 1, 2018 6:11 PM
  • Correct, but it depends which sending domain you specify, if you try to send AS yourdomain.com it will fail as this is spoofing

    **Please don't forget to mark as helpful or answer**

    Wednesday, May 2, 2018 7:08 AM
  • I have noticed that with one Exchange 2010 installation, removing the checkmark removes all extendedrights for the Anonymous Logon except a few like ms-Exch-Create-Public-Folder (which is weird but maybe that's worry for later).

    However, I also had one case where removing the Anonymous users checkmark via the GUI still left this extendedright: ms-Exch-SMTP-Accept-Authoritative-Domain-Sender and because of this "relay" to internal users would still work if I would use an accepted domain address.

    I don't know why it behaves like this. I would except that the checkmark would have the same effect on all 2010 installations :-s

    • Marked as answer by Jozef Woo Wednesday, May 2, 2018 8:55 AM
    Wednesday, May 2, 2018 7:31 AM
  • If I try this from external yes, but not if I try this from the internal network right? 
    Wednesday, May 2, 2018 7:31 AM
  • Both external and internal would behave the same as you are providing no authentication in your telnet session either way.

    **Please don't forget to mark as helpful or answer**

    Wednesday, May 2, 2018 8:18 AM