anonymous emails in exchange

Dear All,

We have Exchange 2010 SP2. enabled anonymous on receive connector. Any user can use telnet and send email by using any email address.

I want to check which emails are coming as anonymous and without authentication with Exchange server ?

How can we filter those emails ?

regards
Kanchana_SilvaAsked:
Who is Participating?
 
Simon Butler (Sembee)ConsultantCommented:
There is nothing in the header that will tell you. Enabling logging on the Connector might give you some more information, but if you are receiving a lot of email then the logs will be huge.

You need to be clear on what you are seeing.
It is perfectly normal for any user to be able to telnet to your server and send an email to any internal user with the from address being anything they like. That is why spam is such a problem.
It isn't normal for a user to be able to telnet to your server, use any email address as the from field and email any other email address EXTERNAL to your server. That means you are an open relay and will get blacklisted.

Simon.
0
 
ZamZ0Commented:
Have you tried the MS Exchange Monitoring Management  Pack?

http://technet.microsoft.com/en-us/library/ee758059(v=exchg.140).aspx
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Default Receive Connectors do not have "anonymous" access enabled. Open the properties of the Custom Receive connector and under the network tab, you'll see "Receive mail from remote servers" all of the IP listed below this has the ability to send mail anonymously.


Will.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Kanchana_SilvaAuthor Commented:
Hello all
They have enable anonymous on the connector.
They want to find out which emails are relay through exchange server without authentication.
Regards
0
 
Kanchana_SilvaAuthor Commented:
Hello Simon,

We did not open anonymous for external. There is Mail gateway for external emails.

I have enabled the tracking logs.
But I cannot find , how to find anonymous emails ?
0
 
Simon Butler (Sembee)ConsultantCommented:
If you haven't enabled anonymous on Exchange then there is no way for internal users to send email via the server unless they authenticate. However there is nothing to stop them from connecting to your gateway to send the email.

As I wrote though, I don't think there is any way to find them because the information simply isn't recorded.

Simon.
0
 
Kanchana_SilvaAuthor Commented:
I have not enabled it for only External.

When we go to receive connector and Permission tab, We have enabled the anonymous.
So any internal User can send email using others via telnet or any 3rd party.

I need to know if there any way to track this email ? If there is no way please let me know ?

regards
0
 
DMTechGrooupCommented:
How long do you need to know this information?  If it is for a short period.. turn on verbose logging and look at your logs.. It will give you IP address of the sending machine.

If it is a long term situation then verbose logging is not the answer.
0
 
Simon Butler (Sembee)ConsultantCommented:
As I have already said, there is no way to track the email or stop it from happening. If there was spam wouldn't be an issue.
What youa re talking about is spoofing and while there are measures that can reduce it, there is nothing you can do to complete stop it.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.