Exchange 2013 Spam Problem

Hello ,


I have an Exchange 2013 Installation with the onboard antispamfilters enable . I have problems with a lot of users that complain they receive spam email from their self.

I have enabled sender id filtering and also all the filters of Exchange 2013 but spoofed emails keep comming. Any ideas ?

Thanks
Anestis PsomasSystem and Network AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vijaya Babu SekarAssociate Ops ManagerCommented:
you can block your domain in your Email gateway only.

Please Note:  if you blocked in exchange server end. mail will not receive


Thanks
0
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Hi ,

What do you mean only in Email gateway only ?

Thanks
0
Vijaya Babu SekarAssociate Ops ManagerCommented:
can you tell me external email gateway or smart host server or cloud like Symantec message lab cloud ?

if you block the external email gateway of your self domain. you will not get spam mail from your self domain

Thanks
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Anestis PsomasSystem and Network AdministratorAuthor Commented:
We dont have an external email gateway. This is a single Exchange 2013 installation with the microsoft antispam filters enabled.
0
Vijaya Babu SekarAssociate Ops ManagerCommented:
that is not best practices to map MX record directly to Exchange server. Can you tell me. where is your mx record ?
0
Anestis PsomasSystem and Network AdministratorAuthor Commented:
This is an Exchange 2013 so an edge server as a role does not exist. Do you thing i must change something in my infastructure ?

Thanks
0
Vijaya Babu SekarAssociate Ops ManagerCommented:
ok fine. you can add the blocked sender list (domain) in your Edge server. so that you can avoid self sender's spam

Thanks.
0
Simon Butler (Sembee)ConsultantCommented:
@vijayhackers "that is not best practices to map MX record directly to Exchange server"

Who says that? I have never seen that said as the "best practise". 85% of my implementations have the MX record going straight to Exchange and I don't have a single problem. I trust Exchange a lot more than I trust a lot of third party fitlering companies.

Sender ID etc is no good unless you have your own domain setup correctly.
You need to put in SPF records in to the DNS. If your internal DNS domain name matches your external then you will also need SPF records on your internal DNS.

It may well be that the built in filters aren't good enough, they don't work for everyone and you need to depliy a third party tool. The problems will be finding one that supports Exchange 2013.

Simon.
0
Vijaya Babu SekarAssociate Ops ManagerCommented:
@sembee2, When i replied the post, i didnt know, edge server is located in his environment. that is the reason i told it is not best practice to map the mx record directly to Exchange server

Hope you understand, what i am try to say. !!!


Thanks
0
Simon Butler (Sembee)ConsultantCommented:
He didn't say there was an Edge server.
"This is an Exchange 2013 so an edge server as a role does not exist."

Simon.
0
Md. MojahidCommented:
Check, if senderreputation is set (get-senderreputationconfig)

Set-SenderReputationConfig -Enabled $true
0
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Hello to all ,

Simon i was hoping to hear from you !!

SPF Records are checked and all in place .

Also SenderReputation is enabled.
0
Simon Butler (Sembee)ConsultantCommented:
To be clear, you have SPF records in both your internal AND external DNS?

Simon.
0
Anestis PsomasSystem and Network AdministratorAuthor Commented:
You are right , i have only in my external DNS

So , i must also put SPF Records in my Internal DNS . You mean in my domain controller ?

I must enter the local IP Address of my Exchange server ?

Thanks a lot Simon
0
Simon Butler (Sembee)ConsultantCommented:
If your email domain is the same as your WINDOWS domain, then you need to have SPF records internally for Exchange to use it.

Simon.
0
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Exchange is in my windows domain that is domain.eu .Also we have add a domain alias for domain.gr . This domain alias is the one that exchange uses for email . So, i must add an SPF Record ?

Thanks
0
Simon Butler (Sembee)ConsultantCommented:
Do a manual lookup from the Exchange server and see what is returned.

In a command prompt:

nslookup (press enter)
set type=txt (press enter)
example.com

If your SPF records are setup correctly, then you should get them back.
If they are not, or you have an internal zone for example.com then you will get nothing bakc and you will have to enter them in to your internal zone so Exchange can see them.

Simon.
0
Anestis PsomasSystem and Network AdministratorAuthor Commented:
It return nothing so i will create them in my internal zone. I must create exactly the same record  as i have in my external DNS ?

Thanks Simon and sorry for all this questions but i have a very little knowledge for Exchange and DNS Records about .
0
Simon Butler (Sembee)ConsultantCommented:
That depends.
If you have systems internally that are sending to your Exchange server then you may have to include those. Therefore the internal record could look different, including your internal subnet for example. That is perfectly normal, as it means internal systems are not caught in the filter.

Simon.
0
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Thanks Simon ,

I have create all the SPF records needed . Unfortunately problem with spoofed emails continue.

Do you now if Exchange2013 can use DNSBL lists ? Like Spamhaus and spamcop . Maybe if i add them it can stopped this emails .

Thanks
0
Simon Butler (Sembee)ConsultantCommented:
There is no blacklist functionality in Exchange 2013.
Therefore if you want to use a blacklist you will have to use a third party tool.
My tool of choice here would be Vamsoft ORF. http://vamsoft.com/
It can do a lot more than just use blacklists.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.