Solved

Prevent spoofing of internal domain

Posted on 2014-10-05
7
61 Views
Last Modified: 2016-06-14
Is there anything internally on the Exchange side that I can do to prevent the spoofing of our internal mail domain.  We have been getting some emails appearing to come form internal users to other internal users.  Upon inspection of the suspicion email the mail from looks legitimate but the but the actually reply address and return path are external internet addresses.

Is there a setting on the receive connector I can use to prevent this?  Should annoymous but allowed or disallowed on the receive connectors for example?
0
Comment
Question by:georgedschneider
  • 3
  • 2
7 Comments
 
LVL 8

Expert Comment

by:tshearon
ID: 40362077
You want to be careful not to remove anonymous from all of your receive connectors lest you stop getting any outside mail at all. What you probably want to do is make sure you have set up an SPF record for your domain and have some type of anti-spam solution in place. This article right from this site should help.

www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27965646.html
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40362364
What are you using for message hygiene? A lot of appliances and cloud providers will reject any messages claiming to be from the internal domain but coming from an external source.

As Tshearon pointed out an SPF record can help as well.
0
 

Author Comment

by:georgedschneider
ID: 40364352
Couldn't you use something similar to the following which will remove rights to the anonymous user on the the receive connector to prevent spoofing of the internal domain coming form the outside:



Get-ReceiveConnector “Inbound Email” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:georgedschneider
ID: 40364366
To answer the previous question I'm using Exchange Online Protection for message hygiene currently.
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40364371
Get-ReceiveConnector “Inbound Email” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

I have seen this documented a lot out there but never used it. The big question is why is Exchange Online Protection allowing the domain spoofing through. Never seen that on any of my EOP clients. Have you placed a ticket with EOP?

Also, make sure you are only accepting mail from EOPs IPs.
0
 

Author Comment

by:georgedschneider
ID: 40374006
Let me reach out to EOP to see why this got past.  I agree this shouldn't have happened.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question