Stoping malicious email sent from inside domain to outside using all in one server (HT-CAS-MBX) connected through non-windows Smarthost

Posted on 2009-04-23
Last Modified: 2013-11-30
Hi All,

When I do a simple test of telnet to my mail server, i just realize that it allows me to send email like this scenario:

from inside to outside: to
from inside to inside: to (while sending in fake payrise email to myself :-| )

how to make the sen connector more secure by not allowing those attack ?

Any idea would be appreciated.

Question by:jjoz
    LVL 7

    Assisted Solution

    LVL 24

    Accepted Solution

    Check the Exchange 2007 section.

    LVL 24

    Assisted Solution

    Alternatively, you can see whether your email server is an open relay by using this website.
    LVL 1

    Author Comment

    Rajith, thanks for the reply

    from the test I've found that the reverse DNS is not correct

    Reverse DNS FAILED!  This is a problem.

    is there a way of how to fix this ?
    LVL 1

    Author Comment

    To Rammstein,

    When i query the send queue using get-message I've found that the
    MessageSourceName =  SMTP:Receive Connector
    SourceIP = My Own Smarthost IP

    I've created SPF for this cause and for the smtp authentication (Receive connector authentication)
    1. Transport Layer Security
    2. Basic Authentication
    3. Exchange Server authentication
    4. Integrated Windows authentication
    5. Externally Secured (for example, with IPsec).
    all of them left unchecked.

    I wonder what should i enabled / check on the EMC | Server Configuration | Hub Transport | Receive Connectors on both Authentication and Permission groups tab ?
    LVL 65

    Assisted Solution

    You cannot stop someone sending an email with the From address of anything you like to another address inside the network. If you could then you would be able to stop spam in its tracks.

    However the first scenario of sending email from one address not on your network to another address not on your network should not be happening. That would indicate that your server is an open relay. It is quite hard to make the server in to an open relay, so do ensure that the check you have done actually does deliver the email.

    Reverse DNS would have nothing to do with it, so that isn't a fix, but is something that you should check.

    LVL 1

    Author Comment


    I just realized that using a transport rule is so powerful to stop mail relay attack,
    see the attached rule that I've just created:


    Internal SPAM prevention
    Rule Comments: Spam relay attack rule.
    Apply rule to messages
    from users Outside the organization
       and sent to users Outside the organization
    log an event with Spam Relay attack !
       and prepend the subject with [SPAM]: 
       and redirect the message to Administrator
    Summary: 1 item(s). 1 succeeded, 0 failed. 
    Elapsed time: 00:00:00
    Internal SPAM prevention
    Exchange Management Shell command completed:
    set-TransportRule -Name 'Internal SPAM prevention' -Comments 'Spam relay attack rule.' -Conditions 'Microsoft.Exchange.MessagingPolicies.Rules.Tasks.FromScopePredicate','Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SentToScopePredicate' -Actions 'Microsoft.Exchange.MessagingPolicies.Rules.Tasks.LogEventAction','Microsoft.Exchange.MessagingPolicies.Rules.Tasks.PrependSubjectAction','Microsoft.Exchange.MessagingPolicies.Rules.Tasks.RedirectMessageAction' -Exceptions  -Identity 'Internal SPAM'
    Elapsed Time: 00:00:00

    Open in new window

    LVL 7

    Assisted Solution

    LVL 1

    Author Closing Comment

    thanks for your suggestion guys !

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Learn more about how the humble email signature can be used as more than just an electronic business card. When used correctly, a signature can easily be tailored for different purposes by different departments within an organization.
    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    This video discusses moving either the default database or any database to a new volume.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now