Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

Is it possible to prevent Exchange 2013 accepting spoofed (local domain) addresses?

We have a single Exchange 2013 server (let's call it SERVER) and a single e-mail domain ("domain.com").  Recently there has been a spate of spam messages being sent from both valid and invalid addresses @domain.com, to valid addresses @domain.com.

First of all, is this something than can and should be blocked?  After all, spammers can still send from any other address that's not @domain.com as long as the recipient address is valid, right?

If it should be blocked, what's the proper way to do it?  I have already tried the following but it doesn't seem to make any difference:
Get-ReceiveConnector "Default Frontend SERVER" | Remove-ADPermission -user "NT AUTHORITY\Anonymous Logon" -ExtendedRights "ms-exch-smtp-accept-authoritative-domain-sender"
Restart-Service MSExchangeTransport

Open in new window

Thanks in advance!
0
David Haycox
Asked:
David Haycox
  • 2
  • 2
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
That command doesn't work on Exchange 2013.
No real solution at present that I am aware of, other than using a third party tool to deal with spam (very few use the native tools) or use the anti-spam agents that are built in and do sender ID look ups to block the messages.

Simon.
0
 
David HaycoxAuthor Commented:
Hi Simon,

Thanks - that's odd though, it's listed on Technet: http://technet.microsoft.com/en-us/library/jj673053(v=exchg.150).aspx

Yes, we're using F-Secure which does a pretty good job (for the messages in question, it marked them as spam and stripped the attachment).

In your opinion, is worth trying to block this sort of message anyway?
0
 
Simon Butler (Sembee)ConsultantCommented:
I would be looking to see if the F-Secure product can completely block the messages, rather than just removing the attachment. Links will still get through for example.

I have queried with Microsoft to see if the command is still valid, but I don't know if I will get a response.

Simon.
0
 
David HaycoxAuthor Commented:
Yes, F-Secure has all those sort of options.  It's just a matter of getting the balance right, which of course can be quite different from one customer to the next.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now