Solved

Prevent spoofing of internal domain

Posted on 2014-10-05
7
44 Views
Last Modified: 2016-06-14
Is there anything internally on the Exchange side that I can do to prevent the spoofing of our internal mail domain.  We have been getting some emails appearing to come form internal users to other internal users.  Upon inspection of the suspicion email the mail from looks legitimate but the but the actually reply address and return path are external internet addresses.

Is there a setting on the receive connector I can use to prevent this?  Should annoymous but allowed or disallowed on the receive connectors for example?
0
Comment
Question by:georgedschneider
  • 3
  • 2
7 Comments
 
LVL 8

Expert Comment

by:tshearon
ID: 40362077
You want to be careful not to remove anonymous from all of your receive connectors lest you stop getting any outside mail at all. What you probably want to do is make sure you have set up an SPF record for your domain and have some type of anti-spam solution in place. This article right from this site should help.

www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27965646.html
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40362364
What are you using for message hygiene? A lot of appliances and cloud providers will reject any messages claiming to be from the internal domain but coming from an external source.

As Tshearon pointed out an SPF record can help as well.
0
 

Author Comment

by:georgedschneider
ID: 40364352
Couldn't you use something similar to the following which will remove rights to the anonymous user on the the receive connector to prevent spoofing of the internal domain coming form the outside:



Get-ReceiveConnector “Inbound Email” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:georgedschneider
ID: 40364366
To answer the previous question I'm using Exchange Online Protection for message hygiene currently.
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40364371
Get-ReceiveConnector “Inbound Email” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

I have seen this documented a lot out there but never used it. The big question is why is Exchange Online Protection allowing the domain spoofing through. Never seen that on any of my EOP clients. Have you placed a ticket with EOP?

Also, make sure you are only accepting mail from EOPs IPs.
0
 

Author Comment

by:georgedschneider
ID: 40374006
Let me reach out to EOP to see why this got past.  I agree this shouldn't have happened.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now