anonymous emails in exchange

Dear All,

We have Exchange 2010 SP2. enabled anonymous on receive connector. Any user can use telnet and send email by using any email address.

I want to check which emails are coming as anonymous and without authentication with Exchange server ?

How can we filter those emails ?

regards
Kanchana_SilvaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ZamZ0Commented:
Have you tried the MS Exchange Monitoring Management  Pack?

http://technet.microsoft.com/en-us/library/ee758059(v=exchg.140).aspx
Will SzymkowskiSenior Solution ArchitectCommented:
Default Receive Connectors do not have "anonymous" access enabled. Open the properties of the Custom Receive connector and under the network tab, you'll see "Receive mail from remote servers" all of the IP listed below this has the ability to send mail anonymously.


Will.
Kanchana_SilvaAuthor Commented:
Hello all
They have enable anonymous on the connector.
They want to find out which emails are relay through exchange server without authentication.
Regards
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Simon Butler (Sembee)ConsultantCommented:
There is nothing in the header that will tell you. Enabling logging on the Connector might give you some more information, but if you are receiving a lot of email then the logs will be huge.

You need to be clear on what you are seeing.
It is perfectly normal for any user to be able to telnet to your server and send an email to any internal user with the from address being anything they like. That is why spam is such a problem.
It isn't normal for a user to be able to telnet to your server, use any email address as the from field and email any other email address EXTERNAL to your server. That means you are an open relay and will get blacklisted.

Simon.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kanchana_SilvaAuthor Commented:
Hello Simon,

We did not open anonymous for external. There is Mail gateway for external emails.

I have enabled the tracking logs.
But I cannot find , how to find anonymous emails ?
Simon Butler (Sembee)ConsultantCommented:
If you haven't enabled anonymous on Exchange then there is no way for internal users to send email via the server unless they authenticate. However there is nothing to stop them from connecting to your gateway to send the email.

As I wrote though, I don't think there is any way to find them because the information simply isn't recorded.

Simon.
Kanchana_SilvaAuthor Commented:
I have not enabled it for only External.

When we go to receive connector and Permission tab, We have enabled the anonymous.
So any internal User can send email using others via telnet or any 3rd party.

I need to know if there any way to track this email ? If there is no way please let me know ?

regards
DMTechGrooupCommented:
How long do you need to know this information?  If it is for a short period.. turn on verbose logging and look at your logs.. It will give you IP address of the sending machine.

If it is a long term situation then verbose logging is not the answer.
Simon Butler (Sembee)ConsultantCommented:
As I have already said, there is no way to track the email or stop it from happening. If there was spam wouldn't be an issue.
What youa re talking about is spoofing and while there are measures that can reduce it, there is nothing you can do to complete stop it.

Simon.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.