Solved

Exchange Server 2013 allows outside systems to send mail as internal users

Posted on 2014-04-12
3
659 Views
Last Modified: 2014-04-13
Dear Support,

I have a new customer with Exchange 2013 and they are receiving email to their internal mailboxes that is addressed as if it came from other employees in the organization.  I know that this can be fixed in Exchange 2010 by using the command:

Get-ReceiveConnector "Default Frontend" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission

I have run this command in Exchange 2013 and it removed the permission but I can still telnet from an outside system and send emails to internal users as if from internal users.  I have restarted the MS Exchange Transport service and this did not solve the problem.

What I would like to know is if this command is no longer relevant in Exchange 2013?  If this is so how would I go about preventing outside systems from creating emails that look like they came from internal users?  If this command should still work does this mean that the Exchange Server has other problems that are not evident?  Like I said this customer is new and I have little back ground on the system.  I am hesitant to jump down the rabbit hole of windows updates and other measures until I know that the command is valid.  I was asked to focus only on this one issue.

Thanks
0
Comment
Question by:AndrewEckstrom
  • 2
3 Comments
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 250 total points
ID: 39996511
I've read in other forums that this is some kind of "bug" ... It doesn't work like it should for others either ... That being said, the workaround they found was to create a new receive connector and define it as a Hub Transport and not a Front-End Transport... That did the trick to solve the issue... Maybe it helps you?
0
 

Author Comment

by:AndrewEckstrom
ID: 39996894
Dear spravtek,

That suggestion has solved the immediate problem.  Since this solution appears to not be part of Microsoft's best practices are there any steps that I need to take into consideration to make sure that the connector does not open unexpected security holes?

Thanks
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39996952
Hi AndrewEckstrom,

I don't think there will be any issues with this no, though normally it should indeed not be configured like this ... I haven't come across any official documentation either, when I get the change I'll try to ask one of the Exchange guru's I know if he knows more... But that takes a while.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question