0

my apologies if this question was asked and answered previously.

we have Exchange 2013 email server. We have been seeing some of the emails are coming from outside but using our own domain name which should not be. any email coming from outside using our domain name must not get processed and rejected at the first place when arrives in our server. I looked into some of the posts and generally found to remove "ms-exch-smtp-accept-authoritative-domain-sender" property of "NT AUTHORITY\Anonymous Logon" security principal from internet receive connector.

This solution was given to below forum:

How can I prevent spoofed emails from outside thats using my internal accepted domain

My question is:

(1) if I remove that permission, do I need to restart my receive connector?

if the above does not work, there is another solution suggested to block own domain and then remove ms-Exch-SMTP-Accept-Any-Sender for anonymous use and then restart receive connector

Powershell

Set-SenderFilterConfig -BlockedDomains mydomain.com

Set-SenderFilterConfig -InternalMailEnabled $true

Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission

(2) my questions is, if I do this, after restart of receive connector, will this affect our internal applications and devices emails sending which are anonymous like copiers/scanners and other internal applications inside our LAN?

(3) if it does affect and within-LAN anonymous internal emails are stopped, do I need to create a separate receive connector for LAN and allow Anonymous log-on? whats the command or procedure to do that?

(4) How can I simulate the issue (receiving email from outside but with our domain address), so I can be sure the solution is actually working?

Thanks for your replies to help resolving my issue.

Community
  • 1
arifr
  • 41
  • 3
  • 9
  • Does your DNS zone include `SPF`, `_dmarc` and `DKIM` records (as it should)? – Julie Pelletier May 27 '16 at 05:46
  • I am not sure if it has, I can check. But I was more looking at a global settings to reject/block emails which are not actually originated from our domain but has our domain name in email address. I believe there should be a settings in Exchange to make this work, this is a ideal and basic setup – arifr May 27 '16 at 06:02
  • The problem is greater than your question. An outside entity should not be allowed to send messages from your domain. That is what you should address by setting the proper protection and configuring them in your Exchange server as well. – Julie Pelletier May 27 '16 at 06:04
  • hi Julie, as you said about SPF, _dmarc and DKIM, i couldn't find anything on our DNS zone. where exactly should I look it for? and if I need to set it up, is there any step-by-step guide or something I can probably get some help? thanks for your reply. – arifr Jun 02 '16 at 05:11
  • The SPF and DMARC records need to be put in your DNS zone, and then you need to follow guides to get DKIM into your Exchange setup and also make it validate SPF records. Use Google to find tutorials. – Julie Pelletier Jun 02 '16 at 05:15
  • hi @Julie, further we found, there is already an spf record of our domain in public DNS zone. the exchange servers we have is clustered and inside our domain and firewall. I also added same SPF record in our internal DNS server which is also our DC, but i think it does not matter. there are two SPF record in internet DNS. for mydomain.com it has 'v=spf1 a:mail.mydomain.com a:exchnageserver1.mydomain.com mx:mydomain.com -all' for mail.mydomain.com it has: 'v=spf1 mx -all' – arifr Jun 10 '16 at 00:37

0 Answers0