none
Unauthenticated internal user (local lan) also can send mails all users.

    Question

  • Running exchange server 2013

    internal users (any user) are able send email to mail server. Without Authenticating. I have check even if the user is not in the active directory also mail is been forworded. I want only authenticated users to send email Internal users. 

    As users will be using ms outlook or owa which will be using domain authentication.

    Could please tell hw to block unauthenticated users frm send email internal users

    Tuesday, May 2, 2017 9:06 AM

All replies

  • If a user is connecting to a mailbox, he or she is authenticating.  The authentication may be pass-through, i.e., based on the Windows logon credentials.

    If you configure a mailbox so that only authenticated users can send to it, then you will block mail from the Internet to that mailbox.  Is that what you want?

    Look at Set-Mailbox -RequireSenderAuthenticationEnabled.

    https://technet.microsoft.com/en-us/library/bb123981(v=exchg.150).aspx


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, May 3, 2017 1:52 AM
    Moderator
  • Hello,

    Do you mean that an anonymous user can use telnet to send message as other mailbox?

    As you asked in other thread, we can remove ms-exch-smtp-accept-authoritative-domain-sender permission for anonymous logon.
    For your convenience:
    1. Determine which receive connectors in the organization are open relay connectors:
    Get-ReceiveConnector | Get-ADPermission | 
    Where {$_.User -Like '*anon*' -And $_.ExtendedRights -Like 'ms-Exch-SMTP-Accept-Any-Recipient'} | FT Identity,User,ExtendedRights
    2. Prevent others pretend send message:
    Get-ReceiveConnector "Anonymous relay connector" | 
    Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | 
    where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermissio

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 3, 2017 10:56 AM
    Moderator
  • @IRFAN_MV, does this issue solve after remove ms-exch-smtp-accept-authoritative-domain-sender permission for anonymous logon?

    If so, please be free to mark useful reply as answer. Thanks for your cooperation.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 13, 2017 2:11 PM
    Moderator