Solved

Prevent spoofing of internal domain

Posted on 2014-10-05
7
63 Views
Last Modified: 2016-06-14
Is there anything internally on the Exchange side that I can do to prevent the spoofing of our internal mail domain.  We have been getting some emails appearing to come form internal users to other internal users.  Upon inspection of the suspicion email the mail from looks legitimate but the but the actually reply address and return path are external internet addresses.

Is there a setting on the receive connector I can use to prevent this?  Should annoymous but allowed or disallowed on the receive connectors for example?
0
Comment
Question by:georgedschneider
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 8

Expert Comment

by:tshearon
ID: 40362077
You want to be careful not to remove anonymous from all of your receive connectors lest you stop getting any outside mail at all. What you probably want to do is make sure you have set up an SPF record for your domain and have some type of anti-spam solution in place. This article right from this site should help.

www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27965646.html
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40362364
What are you using for message hygiene? A lot of appliances and cloud providers will reject any messages claiming to be from the internal domain but coming from an external source.

As Tshearon pointed out an SPF record can help as well.
0
 

Author Comment

by:georgedschneider
ID: 40364352
Couldn't you use something similar to the following which will remove rights to the anonymous user on the the receive connector to prevent spoofing of the internal domain coming form the outside:



Get-ReceiveConnector “Inbound Email” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:georgedschneider
ID: 40364366
To answer the previous question I'm using Exchange Online Protection for message hygiene currently.
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40364371
Get-ReceiveConnector “Inbound Email” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

I have seen this documented a lot out there but never used it. The big question is why is Exchange Online Protection allowing the domain spoofing through. Never seen that on any of my EOP clients. Have you placed a ticket with EOP?

Also, make sure you are only accepting mail from EOPs IPs.
0
 

Author Comment

by:georgedschneider
ID: 40374006
Let me reach out to EOP to see why this got past.  I agree this shouldn't have happened.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question