none
Backscatter issue with MS Exchange 2013 RRS feed

  • Question

  • Hi all,
    some days ago we have problem to send some e-mails:
    We have seen using mxtoolbox.com that Microsoft Exchange public IP is listed in backscatterer.org
    After that I have checked Queue Viewer using Exchange Toolbox.There are many mails with empty "from address".

    Does exist an Exchange solution to fight BackScatter?

    Thanks
    Federico

    Friday, June 19, 2020 10:57 AM

All replies

  • Hi all,
    some days ago we have problem to send some e-mails:
    We have seen using mxtoolbox.com that Microsoft Exchange public IP is listed in backscatterer.org
    After that I have checked Queue Viewer using Exchange Toolbox.There are many mails with empty "from address".

    Does exist an Exchange solution to fight BackScatter?

    Thanks
    Federico

    Don't accept messages to non-existent recipients in Exchange

    What you you using for anti-spam?

    Otherwise, consider using the Edge role in Exchange to handle this

    https://docs.microsoft.com/en-us/exchange/recipient-filtering-on-edge-transport-servers-exchange-2013-help

    Friday, June 19, 2020 11:28 AM
    Moderator
  • Dear Andy David,

    thanks for your reply.

    >> What you you using for anti-spam?

    There is a firewall with antispam software.

    I connected to Exchange Server, open PowerShell Exchange Management console and I have typed this command:

    Set-RecipientFilterConfig -RecipientValidationEnabled:$true

    https://www.experts-exchange.com/articles/4257/Exchange-2007-2010-Backscatter-and-how-to-resolve-it.html

    Thanks for your suggestion and documentation link.




    Friday, June 19, 2020 12:24 PM
  • Hi FedericoCoppola,

    Have you enabled anonymous relay on your receive connector?

    You can run the following command to check:

    Get-ReceiveConnector | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Recipient"}

    If the connector is listed, remove the permission or add a remote IP restriction for it:

    Remove-ADPermission "connector name" -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights ms-Exch-SMTP-Accept-Any-Recipient

    Also, try to setup SPF/DKIM for your domain:https://www.esecurityplanet.com/applications/how-to-set-up-implement-dmarc-email-security.html

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards, 

    Eric Yin


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, June 22, 2020 6:50 AM
  • Dear Andy David,

    thanks for your reply.

    >> What you you using for anti-spam?

    There is a firewall with antispam software.

    I connected to Exchange Server, open PowerShell Exchange Management console and I have typed this command:

    Set-RecipientFilterConfig -RecipientValidationEnabled:$true

    https://www.experts-exchange.com/articles/4257/Exchange-2007-2010-Backscatter-and-how-to-resolve-it.html

    Thanks for your suggestion and documentation link.




    You can only use that if you are using the Edge role as I mentioned before.

    If this is enabled on a mailbox server it will cause dropped mail!

    https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/recipient-filtering-procedures?view=exchserver-2019

    Although the Recipient Filter agent is available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected. If you install the antispam agents on a Mailbox server, the Recipient Filter agent is enabled by defaul

    Monday, June 22, 2020 12:40 PM
    Moderator
  • Hi,
    thanks for all replys.

    [PS] C:\Windows\system32>Get-ReceiveConnector | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.Extend
    edRights -like "ms-Exch-SMTP-Accept-Any-Recipient"}
    
    Identity             User                 Deny  Inherited
    --------             ----                 ----  ---------
    SVR-EXCH2K13\Anon... NT AUTHORITY\ANON... False False


    I know that SPF/DKIM has been configured yet for my domain.

    You can only use that if you are using the Edge role as I mentioned before.

    Thanks for this information!

    I will continue to work to block this issue on Microsoft Exchange.
    Can help a Exchange Update installation?

    Best regards
    Federico

    Monday, June 22, 2020 1:19 PM
  • Hi,
    thanks for all replys.

    [PS] C:\Windows\system32>Get-ReceiveConnector | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.Extend
    edRights -like "ms-Exch-SMTP-Accept-Any-Recipient"}
    
    Identity             User                 Deny  Inherited
    --------             ----                 ----  ---------
    SVR-EXCH2K13\Anon... NT AUTHORITY\ANON... False False


    I know that SPF/DKIM has been configured yet for my domain.

    You can only use that if you are using the Edge role as I mentioned before.

    Thanks for this information!

    I will continue to work to block this issue on Microsoft Exchange.
    Can help a Exchange Update installation?

    Best regards
    Federico

    No, I dont think so. You will need to use an Edge role server or 3rd party anti-spam solutions.

    Monday, June 22, 2020 3:02 PM
    Moderator
  • Hi,

    I'm here to confirm with you if your issue has been resolved. If the problem is successfully solved, you can share your solution and mark them or the helpful reply as answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

    Regards,

    Eric Yin


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, June 26, 2020 1:24 AM