Exchange 2010 email spoofing prevention

windows-server-2008 exchange-2010 spam spoofing
9,884

Everyone on this question seems to have completely ignored the also good practice of enforcing SPF (you could also use DKIM).

Your zone file should have an SPF record and it should specify only the Public IP Address of your Exchange server is allowed to send email from your domain.

Enable SPF enforcement and you're done. You won't be receiving emails spoofing your domain.

If you don't know if you have an SPF record or don't know what's in it now is a good time to become familiar with mxtoolbox.com.

Yes make sure your Exchange server is not an open relay but only doing that will not solve your problem. For that, setup SPF.

Share:
9,884

Related videos on Youtube

holian
Author by

holian

Updated on September 18, 2022

Comments

  • holian
    holian almost 2 years

    Masters,

    Unfortunately we got some spam mail which seems to be coming from our own domain.

    I found some article which all says to remove Anonymous login from internet receive connector

    (http://exchangepedia.com/2008/09/how-to-prevent-annoying-spam-from-your-own-domain.html)

    I think i something misunderstood about those articles, because if i remove the Anonymous connection e-mails did not receive from external address (like gmail - Diagnostic-Code: SMTP; 530 5.7.1 Client was not authenticated)

    Some pictures about our configuration:

    enter image description here enter image description here enter image description here enter image description here

  • holian
    holian about 10 years
    First i made a new test receive connector. Than i remove via powershell from that test connector. Than i check the permission group task. I saw that the box is unticked. I tought i can simply untick from the default connector too. I test via powershell as you suggest, but could you help how to add back the permission if something wrong?
  • Thomas
    Thomas about 10 years
    well, if you create a new connector you'll have to configure it to be the same as the "original" one. probably, exchange will prohibit that, saying that such a connector already exists. the easiest test would be to take screenshots of every tab in your original connector, change the permission via powershell and if something goes wrong, delete the connector and create a new one with the same settings. but if this is a production system, you could end up rejecting legitimate mail. if possible try it on a test machine or at night time.
  • holian
    holian about 10 years
    On the test connector (permission group tab ticked) i run the command without Remove-Adpermission and i got this for output: SBS\Devices NT AUTHORITY\ANON... False False. After that i run the command again with "Remove Permission" and than i checked the Permission Group tab. The Anonymous User unticked. But i will test on the default connector at night. Maybee that checkbox has not the same effect as the command.
  • Thomas
    Thomas about 10 years
    No, that PowerShell command just changes one specific permission for one specific user for one specific connector. The checkbox in the GUI affects all Anonymous users. So no, it's not the same. You must keep the checkbox checked or you reject all external mails.
  • holian
    holian about 10 years
    ok. but after i run the command the checkbox will be unticked!
  • Thomas
    Thomas about 10 years
    hmmm. I can't test that right now, because I haven't got an Exchange server. I'm not quite sure how the GUI determines the setting of the checkbox. It could also be that the ExtendedRights settings got changed in Exchange 2010. The article you were referring to is assuming Exchange 2007, you have 2010; and from what I see in an SBS environment. Though unlikely, the SBS version of Exchange could be slightly different, especially with active directory permissions.
  • holian
    holian about 10 years
    Could you suggest anything?
  • Thomas
    Thomas about 10 years
    hm, serverfault is starting to get angry because of our lengthy discussion ;) but to your problem: I haven't done that for a while now. I prefer to do such things on the network border/dmz or externally with a dedicated mailrelay (I use Postfix on Debian). There it'll do the spam, virus, spoof checking. In my opinion it's cleaner and easier to configure and doens't take that much resources. Sorry to not being able to help you more. But without an Exchange server to test that, it's very hard to give helpful advice. Perhaps some other IT gurus here can help you?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to Disable in bulk AD user account using excel
Outbound message getting 554 rejecting banned content from Postini
Server 2008 R2, Exchange 2010, WMI error event 10
Exchange 2010, Event 3145 MSEXCHANGEREPL error
Exchange 421 4.4.2 Connection dropped due to ConnectionReset
Windows Small Business Server 2008 and Exchange 2010
Setting SCL value on emails in exchange 2010
Configuring DNS & MX records for exchange 2010
Exchange 2010: NDR with strange addresses when sending mail internally
Exchange Server 2010 OWA "Couldn't find a base theme"