<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Prevent Spam From Your Own Domain in Exchange 2007

Published on
20,734 Points
8,634 Views
6 Endorsements
Last Modified:
Awarded
Community Pick
One of the biggest bug-bears with spam is the spam that comes from (or supposedly comes from) random_username@yourdomain.com or even your_username@yourdomain.com. This is known as spoofed mail and is a common technique that spammers use to try to get mail past Anti-Spam software.

From the Anti-Spam logs on my own server in the last 24-hours, I have received 1,974 emails (out of 17,432 in total) where the sender domain matched the recipient domain. This is about 11.3% of all mail that hit my server, so it is a relatively large problem. Factor that up to a year’s worth of mail and you get 720,510 a year.

To prevent this from happening on an Exchange 2007 server, you simply need to remove a specific permission that allows anonymous senders to use your internal domain name(s) in the Mail From section of an email. If anyone tries to do this (anonymous users only) they will receive a “550 5.7.1 Client does not have permissions to send as this sender” message.

The syntax to remove the permission should be entered as follows in the Exchange Management Shell:

Get-ReceiveConnector “My Internet Receive Connector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

Open in new window


(You need to change the “My Internet Receive Connector” part in the above syntax to reflect your own Receive Connector Name)

Having run this command successfully, test using Telnet to your mail server from an external computer and see what happens if you try to send mail as one of your internal domain names.

To Test:
telnet mail.yourdomain.com 25
ehlo yourdomain.com
mail from:<you@yourdomain.com>

You should see the following response after entering the Mail From: line above:
"550 5.7.1 Client does not have permissions to send as this sender"

Spoofed mail from random_username@yourdomain.com or even your_username@yourdomain.com should now no longer be an issue to you or your other users.

N.B. If you have internal photocopiers and other hardware that needs to relay via your Exchange 2007 server and you cannot configure them with a username / password, then removing the above permissions will prevent you from relaying and will cause you problems.

If after removing the permission, you have issues with copiers or similar hardware, you can simply replace the removed permission by entering the following command in the Exchange Managment Shell:

Get-ReceiveConnector “My Internet Receive Connector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Add-ADPermission

Open in new window


(You need to change the “My Internet Receive Connector” part in the above syntax to reflect your own Receive Connector Name)
6
Comment
5 Comments

Expert Comment

by:ian-pearce
Hi
Can you do something similar with Exchange 2003?
Thanks
0
LVL 76

Author Comment

by:Alan Hardisty
0
LVL 5

Expert Comment

by:jlg89
Note that this tip won't prevent other domains from receiving spoofed email that claims to be from your domain. There is no foolproof method of prevention, but verification technologies like SPF and DomainKeys are very helpful.
0
LVL 6

Expert Comment

by:Flipp
I am looking at this for a customer who is receiving spoofed email from their own domain. We have a number of Connectors, but the only Internet Facing Connector is to our cloud filtering service with Trend Micro by way of only allowing range of their IPs.
In this scenario do I still need to follow above to stop this spoofing?
0
LVL 6

Expert Comment

by:Flipp
Also on above ..... Permission Groups is set to 'Anonymous Users' and nothing else.

Single Server (SBS 2008)
0

Featured Post

Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Join & Write a Comment

This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month