Solved

Is it possible to prevent Exchange 2013 accepting spoofed (local domain) addresses?

Posted on 2014-10-22
4
261 Views
Last Modified: 2015-01-09
We have a single Exchange 2013 server (let's call it SERVER) and a single e-mail domain ("domain.com").  Recently there has been a spate of spam messages being sent from both valid and invalid addresses @domain.com, to valid addresses @domain.com.

First of all, is this something than can and should be blocked?  After all, spammers can still send from any other address that's not @domain.com as long as the recipient address is valid, right?

If it should be blocked, what's the proper way to do it?  I have already tried the following but it doesn't seem to make any difference:
Get-ReceiveConnector "Default Frontend SERVER" | Remove-ADPermission -user "NT AUTHORITY\Anonymous Logon" -ExtendedRights "ms-exch-smtp-accept-authoritative-domain-sender"
Restart-Service MSExchangeTransport

Open in new window

Thanks in advance!
0
Comment
Question by:David Haycox
  • 2
  • 2
4 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40398155
That command doesn't work on Exchange 2013.
No real solution at present that I am aware of, other than using a third party tool to deal with spam (very few use the native tools) or use the anti-spam agents that are built in and do sender ID look ups to block the messages.

Simon.
0
 
LVL 1

Author Comment

by:David Haycox
ID: 40398765
Hi Simon,

Thanks - that's odd though, it's listed on Technet: http://technet.microsoft.com/en-us/library/jj673053(v=exchg.150).aspx

Yes, we're using F-Secure which does a pretty good job (for the messages in question, it marked them as spam and stripped the attachment).

In your opinion, is worth trying to block this sort of message anyway?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40407376
I would be looking to see if the F-Secure product can completely block the messages, rather than just removing the attachment. Links will still get through for example.

I have queried with Microsoft to see if the command is still valid, but I don't know if I will get a response.

Simon.
0
 
LVL 1

Author Comment

by:David Haycox
ID: 40412802
Yes, F-Secure has all those sort of options.  It's just a matter of getting the balance right, which of course can be quite different from one customer to the next.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now