Member_2_6492660_1
asked on
Exchange 2010 Queue full of emails with my domain and they are not valid emails Spoofed?
Just installed Exchange 2010 Enterprise 64 bit
All of a sudden we are getting extreme number of spam messages and my queue is full of email addresses with my domain name mydomain.com
I ran this
Get-ReceiveConnector | Get-ADPermission | where {($_.ExtendedRights -like “*SMTP-Accept-Any-Recipien t*”)} | where {$_.User -like ‘*anonymous*’} | ft identity,user,extendedrigh ts
Which receive connectors require anoynomus permissions? Is that a problem?
All of a sudden we are getting extreme number of spam messages and my queue is full of email addresses with my domain name mydomain.com
I ran this
Get-ReceiveConnector | Get-ADPermission | where {($_.ExtendedRights -like “*SMTP-Accept-Any-Recipien
Which receive connectors require anoynomus permissions? Is that a problem?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All the spam mail is from the internet
I have 5 connectors
[PS] C:\Windows\system32>get-re ceiveconne ctor
Identity Bindings Enabled
-------- -------- -------
TGCS025\Default TGCS025 {[::]:25, 0.0.0.0:25} True exchange users
TGCS025\Client TGCS025 {[::]:587, 0.0.0.0:587} True anonymous exchange users exchange server legacy exchange serverss
TGCS025\TGCSNET Connector {10.2.8.36:25} True exchange servers
TGCS025\TGCSNET Port 1025 {10.2.8.37:1025} True exchange users exchange servers
TGCS025\TGCSNET Relay {0.0.0.0:25} True exchange users.
My queue keeps filling up at wits end I suspended the submission queue which has many messages I can not delete that entry.
I think I am setup as a relay but I do not know why or how I am/
Thanks
I have 5 connectors
[PS] C:\Windows\system32>get-re
Identity Bindings Enabled
-------- -------- -------
TGCS025\Default TGCS025 {[::]:25, 0.0.0.0:25} True exchange users
TGCS025\Client TGCS025 {[::]:587, 0.0.0.0:587} True anonymous exchange users exchange server legacy exchange serverss
TGCS025\TGCSNET Connector {10.2.8.36:25} True exchange servers
TGCS025\TGCSNET Port 1025 {10.2.8.37:1025} True exchange users exchange servers
TGCS025\TGCSNET Relay {0.0.0.0:25} True exchange users.
My queue keeps filling up at wits end I suspended the submission queue which has many messages I can not delete that entry.
I think I am setup as a relay but I do not know why or how I am/
Thanks
You shall not enable anonymous on TGCS025\Client TGCS025. Disable it and verify if the queue still fill up.
ASKER
VB-ITS
No results from the command I issued in my original post
Which connector should I change
No results from the command I issued in my original post
Which connector should I change
ASKER
suriyaehnop
How about default?
How about default?
VB-ITSIf the command didn't give you any results then you don't have any receive connectors configured as an open relay. I'd say the spam is just most likely due to the fact that the Anti-Spam components in Exchange 2010 aren't enabled by default so your server is accepting everything and anything.
No results from the command I issued in my original post
Which connector should I change
Do you have any Edge Transport servers in your environment? If no then you can enable the Anti-Spam agents on your Hub Transport servers. See this article for instructions: http://social.technet.microsoft.com/wiki/contents/articles/13918.how-to-install-antispam-agents-in-exchange-2010.aspx
trgrassijr55,
What is your mail flow? does the hub transport server connect directly to internet or any mail gateway in front of it?
If your mail flow like mine which MBX > Hub > Mail Gateway, then enable the anonymous on default.
What is your mail flow? does the hub transport server connect directly to internet or any mail gateway in front of it?
If your mail flow like mine which MBX > Hub > Mail Gateway, then enable the anonymous on default.
ASKER
VB-ITS
I used those exact instructions the other day to install the AntiSpam agents on mye server.
In EMS under server configuration hub transport I have a anti spam tab ip allow list ip block list
Under organization Hub transport I have anti spam tab
content filtering ip allow list ip allow list providers etc
I did Restart Microsoft Exchange Transport Service
I am planning a system shutdown tomorrow maybe the restart did not work
One note I forgot to mention
I did upgrade from exchange 2007 to 2010 when I did that most of the settings already appeared in exchange 2010 from 2007. But after I remove exchange 2007 from the network by uninstalling exchange 2007 I lost the spam functions on 2010
That's when I saw that article you just posted and ran the script to install anti spam
Thoughts?
Also my queue is full how can I clear the submission queue?
Thoughts
I used those exact instructions the other day to install the AntiSpam agents on mye server.
In EMS under server configuration hub transport I have a anti spam tab ip allow list ip block list
Under organization Hub transport I have anti spam tab
content filtering ip allow list ip allow list providers etc
I did Restart Microsoft Exchange Transport Service
I am planning a system shutdown tomorrow maybe the restart did not work
One note I forgot to mention
I did upgrade from exchange 2007 to 2010 when I did that most of the settings already appeared in exchange 2010 from 2007. But after I remove exchange 2007 from the network by uninstalling exchange 2007 I lost the spam functions on 2010
That's when I saw that article you just posted and ran the script to install anti spam
Thoughts?
Also my queue is full how can I clear the submission queue?
Thoughts
ASKER
suriyaehnop
My Email server faces the internet via a Cisco Meraki router. No email hub no email gateway
Still trying to clear the queue
any cmdlet to do it fast ? have an example?
My Email server faces the internet via a Cisco Meraki router. No email hub no email gateway
Still trying to clear the queue
any cmdlet to do it fast ? have an example?
Use your queue viewer to select the message and choose suspend.
I did upgrade from exchange 2007 to 2010 when I did that most of the settings already appeared in exchange 2010 from 2007. But after I remove exchange 2007 from the network by uninstalling exchange 2007 I lost the spam functions on 2010Not sure what you mean by this. Are you saying the Anti-Spam tab is missing after you uninstalled Exchange 2007?
ASKER
suriyaehnop
That's what I have been doing thanks
That's what I have been doing thanks
ASKER
VT- ITS
Yes.
When I uninstalled 2007 then went to my EMC on the 2010 server the anti spam tabs were no longer available.
So I installed the script and then they appeared.
No that I removed anonymous I am not receiving any external email
Which connected should I allow anonymous on?
Yes.
When I uninstalled 2007 then went to my EMC on the 2010 server the anti spam tabs were no longer available.
So I installed the script and then they appeared.
No that I removed anonymous I am not receiving any external email
Which connected should I allow anonymous on?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Anonymous is on Default TGCS025 now
incoming mail working so far
But my queues still have many Next Hop Domains listed I have suspended all of them for now
I have gmail Hotmail and yahoo with many entries. I listed the totals and see if they continue to receive
How long will the next hop domains remain in the queue?
Can I delete them? cmdlet ?
incoming mail working so far
But my queues still have many Next Hop Domains listed I have suspended all of them for now
I have gmail Hotmail and yahoo with many entries. I listed the totals and see if they continue to receive
How long will the next hop domains remain in the queue?
Can I delete them? cmdlet ?
im afraid your server is being used as a email relay - id suggest look at queue check the headers and the block the ip on your networking equipment - also block the ip and original domain on your exch svr - you will probably get black listed soon too if you using your ip to send out and not a spam filter for out messages.
ASKER
That would take forever to do I had thousands of emails from many external sites.
just checked mxtoolbox.com and my domain is not blacklisted.
I am not receiving external email
I have a receive connector problem here.
Need help any suggestions
Need help with the network tab on the connectors
just checked mxtoolbox.com and my domain is not blacklisted.
I am not receiving external email
I have a receive connector problem here.
Need help any suggestions
Need help with the network tab on the connectors
I would disable the Relay connector for now. You need the Default connector and should have Anonymous enabled on that or you won't receive emails.
Once the Relay connector is disabled, restart the Microsoft Exchange Transport Service service and then empty the queue of the crap emails.
Monitor and if you still have issue, disable one more connector, restart the Transport Service and then monitor.
Once you know which Connector is causing you problems, then you can figure out what to do next (with guidance from the Experts here).
Alan
Once the Relay connector is disabled, restart the Microsoft Exchange Transport Service service and then empty the queue of the crap emails.
Monitor and if you still have issue, disable one more connector, restart the Transport Service and then monitor.
Once you know which Connector is causing you problems, then you can figure out what to do next (with guidance from the Experts here).
Alan
likely hood is originating email is coming from one ip check the headers so see where it is spoofing from.
disabling Relay connector is also a good idea as Alan suggested - are these emails just stuck in the queue or they sending out ?
try clearing one of the queue and see if it rebuilds.
Hassan
disabling Relay connector is also a good idea as Alan suggested - are these emails just stuck in the queue or they sending out ?
try clearing one of the queue and see if it rebuilds.
Hassan
First of all can you clarify whether you're receiving external emails or not? You say you are in one post, then in another you say you're not.
Which queue contains the large amount of emails? Inbound or outbound?
Can you also re-run the get-receiveconnector command again so we have a clear idea of the connectors that currently exist?
Which queue contains the large amount of emails? Inbound or outbound?
Can you also re-run the get-receiveconnector command again so we have a clear idea of the connectors that currently exist?
ASKER
VB-ITS
[PS] C:\Windows\system32>get-re ceiveconne ctor
Identity Bindings Enabled
-------- -------- -------
TGCS025\Default TGCS025 {[::]:25, 0.0.0.0:25} True
Local IP
All available IPV6 Port 587
All Available IPV4 Port 587
Receive mail from remote servers that have there ip addresses
.ffff.fff.ffff.ffff
0.0.0.0-255.255.255.255
TGCS025\Client TGCS025 {[::]:587, 0.0.0.0:587} True
Local IP
All available IPV6 Port 25
All Available IPV4 Port 25
Receive mail from remote servers that have there ip addresses
.ffff.fff.ffff.ffff
0.0.0.0-255.255.255.255
TGCS025\TGCSNET Connector {10.2.8.36:25} True
10.2.8.17
10.2.8.18 These ip addresses are computers on my local lan that send internal email via scripts
10.2.8.19
10.2.8.20Local IP
10.2.8.36 Port 25 (this is the ip address of my exchange server)
Receive mail from remote servers that have there ip addresses
TGCS025\TGCSNET Port 1025 {10.2.8.37:1025} True
Local IP
10.2.8.37 Port 1025 (this is the ip address of my exchange server used for ISPs that does not support
port 25 but these are only remote exchange users)
Receive mail from remote servers that have there ip addresses
0.0.0.0-255.255.255.255
TGCS025\TGCSNET Relay {0.0.0.0:25} False
[PS] C:\Windows\system32
hassan afzal & Alan
I did what Alan said. Late last night I cleared all the queues after suspending them I was able to delete all the messages.
Then resumed the queue and they cleared.
So I disabled the relay connector this was one I had on exchange 2007 not sure if I really need it now.
See above receive connector info
After disabling The Relay connector the I am now getting some external email
Can we double check my connector settings to see what I have wrong?
Thanks guys
[PS] C:\Windows\system32>get-re
Identity Bindings Enabled
-------- -------- -------
TGCS025\Default TGCS025 {[::]:25, 0.0.0.0:25} True
Local IP
All available IPV6 Port 587
All Available IPV4 Port 587
Receive mail from remote servers that have there ip addresses
.ffff.fff.ffff.ffff
0.0.0.0-255.255.255.255
TGCS025\Client TGCS025 {[::]:587, 0.0.0.0:587} True
Local IP
All available IPV6 Port 25
All Available IPV4 Port 25
Receive mail from remote servers that have there ip addresses
.ffff.fff.ffff.ffff
0.0.0.0-255.255.255.255
TGCS025\TGCSNET Connector {10.2.8.36:25} True
10.2.8.17
10.2.8.18 These ip addresses are computers on my local lan that send internal email via scripts
10.2.8.19
10.2.8.20Local IP
10.2.8.36 Port 25 (this is the ip address of my exchange server)
Receive mail from remote servers that have there ip addresses
TGCS025\TGCSNET Port 1025 {10.2.8.37:1025} True
Local IP
10.2.8.37 Port 1025 (this is the ip address of my exchange server used for ISPs that does not support
port 25 but these are only remote exchange users)
Receive mail from remote servers that have there ip addresses
0.0.0.0-255.255.255.255
TGCS025\TGCSNET Relay {0.0.0.0:25} False
[PS] C:\Windows\system32
hassan afzal & Alan
I did what Alan said. Late last night I cleared all the queues after suspending them I was able to delete all the messages.
Then resumed the queue and they cleared.
So I disabled the relay connector this was one I had on exchange 2007 not sure if I really need it now.
See above receive connector info
After disabling The Relay connector the I am now getting some external email
Can we double check my connector settings to see what I have wrong?
Thanks guys
It would be more useful to show the full receive connector settings. Please post the output from:
get-receiveconnector | fl
Thanks
Alan
get-receiveconnector | fl
Thanks
Alan
ASKER
You may also want to look at investing in an online mail hygiene solution (once we have solved your original issue) such as MessageLabs, Mimecast, WebRoot, etc. to prevent these sort of emails from even hitting your servers in the first place.
Some of these providers also provide email continuity as well as backup mail services in the event that your Exchange server goes down. Something worth looking into.
Some of these providers also provide email continuity as well as backup mail services in the event that your Exchange server goes down. Something worth looking into.
ASKER
Thanks I was going to ask about that in another question.
Was going to try Forefront I only have 25 email users. small company.
I hope we can figure out the receive connector settings
Was going to try Forefront I only have 25 email users. small company.
I hope we can figure out the receive connector settings
Okay - not seeing anything too scary with the connector settings.
Who is the originator of the messages in the queue? Is it <> as the sender?
If it is - then that's just the Administrator and you are probably suffering from NDR Spam - which means you aren't filtering Invalid Recipients and you are basically accepting the messages, then the server realises the recipient is invalid and HAS to send back an NDR email to the sender.
If you used Recipient Filtering, then your server would check it's list of recipients and if it doesn't find the recipient listed, it rejects the emails and then the Sender is responsible for the NDR message and your queue will remain empty.
Who is the originator of the messages in the queue? Is it <> as the sender?
If it is - then that's just the Administrator and you are probably suffering from NDR Spam - which means you aren't filtering Invalid Recipients and you are basically accepting the messages, then the server realises the recipient is invalid and HAS to send back an NDR email to the sender.
If you used Recipient Filtering, then your server would check it's list of recipients and if it doesn't find the recipient listed, it rejects the emails and then the Sender is responsible for the NDR message and your queue will remain empty.
we faced this EXACT problem and ended blocking the originating ip on the sonic wall.
The problem with blocking by IP Address is that the IP's will/may change and then you are constantly trying to block a moving target and as spammers regularly use dynamic IP's, you will eventually be blocking people you want (possibly) and may end up only allowing a handful of IP's through.
Anti-Spam software that does Recipient Filtering (amongst other things) would be a good call. We use Vamsoft ORF Fusion which is great low-cost software that doesn't have to be renewed annually!.
Alan
Anti-Spam software that does Recipient Filtering (amongst other things) would be a good call. We use Vamsoft ORF Fusion which is great low-cost software that doesn't have to be renewed annually!.
Alan
ASKER
Alan
Does Vamsoft ORE Fusion email reports to each client with a list of messages that was quarteened?
Thanks for checking my receive connectors
I have not seen any attacks since I cleared the queues last night.
Will keep and eye open today.
Does Vamsoft ORE Fusion email reports to each client with a list of messages that was quarteened?
Thanks for checking my receive connectors
I have not seen any attacks since I cleared the queues last night.
Will keep and eye open today.
Usually it is configured to either Accept or Reject emails, but you can configure it to forward the 'junk' emails to an alternative internal address (for example) which can then be reviewed.
Other software would be able to do that, but I've never used any, so can't recommend anything else unfortunately.
Other software would be able to do that, but I've never used any, so can't recommend anything else unfortunately.
ASKER
I just restarted the exchange server had to move it into the server rack.
Now my Outlook clients are putting the junk mail into the junk folder this is the first time since I switched them over to exchange 2010 a week ago.
May needed to restart all the services?
I have a few emails in my junk folder what can we look at to see if we can block them?
Getting a lot from subject Voice Message
How to I look at the header info? and what to look for?
Now my Outlook clients are putting the junk mail into the junk folder this is the first time since I switched them over to exchange 2010 a week ago.
May needed to restart all the services?
I have a few emails in my junk folder what can we look at to see if we can block them?
Getting a lot from subject Voice Message
How to I look at the header info? and what to look for?
Look at the Message Queue and if you have to, double-click into an email to see the Sender.
ASKER
Alan
The Message Queue is empty
Only entry in the queue is submission queue.
I found the header of the junk mail
What do you think I should block?
Received: from voice_global.co.uk (72.44.227.114) by
TGCS025.our.network.tgcsne t.com (10.2.8.36) with Microsoft SMTP Server id
14.1.438.0; Tue, 27 Jan 2015 10:55:19 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=_a4299b656bc693 a46deed75d 2ffcf383"
Date: Tue, 27 Jan 2015 15:50:02 +0000
From: Voice <no-replay@voice_global.co .uk>
To: <thomasrgrassijr@tgcsnet.c om>
Subject: Voice Message
Message-ID: <0908435441379395502404904 08966335@v oice_globa l.co.uk>
User-Agent: Roundcube Webmail/1.0.4
Return-Path: no-replay@voice_global.co. uk
X-MS-Exchange-Organization -AuthSourc e: TGCS025.our.network.tgcsne t.com
X-MS-Exchange-Organization -AuthAs: Anonymous
X-MS-Exchange-Organization -PRD: voice_global.co.uk
X-MS-Exchange-Organization -SenderIdR esult: Fail
Received-SPF: Fail (TGCS025.our.network.tgcsn et.com: domain of
no-replay@voice_global.co. uk does not designate 72.44.227.114 as permitted
sender) receiver=TGCS025.our.netwo rk.tgcsnet .com; client-ip=72.44.227.114;
helo=voice_global.co.uk;
X-MS-Exchange-Organization -SCL: 1
X-MS-Exchange-Organization -PCL: 2
X-MS-Exchange-Organization -Antispam- Report:
DV:3.3.14519.472;SID:Sende rIDStatus Fail;OrigIP:72.44.227.114
The Message Queue is empty
Only entry in the queue is submission queue.
I found the header of the junk mail
What do you think I should block?
Received: from voice_global.co.uk (72.44.227.114) by
TGCS025.our.network.tgcsne
14.1.438.0; Tue, 27 Jan 2015 10:55:19 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=_a4299b656bc693
Date: Tue, 27 Jan 2015 15:50:02 +0000
From: Voice <no-replay@voice_global.co
To: <thomasrgrassijr@tgcsnet.c
Subject: Voice Message
Message-ID: <0908435441379395502404904
User-Agent: Roundcube Webmail/1.0.4
Return-Path: no-replay@voice_global.co.
X-MS-Exchange-Organization
X-MS-Exchange-Organization
X-MS-Exchange-Organization
X-MS-Exchange-Organization
Received-SPF: Fail (TGCS025.our.network.tgcsn
no-replay@voice_global.co.
sender) receiver=TGCS025.our.netwo
helo=voice_global.co.uk;
X-MS-Exchange-Organization
X-MS-Exchange-Organization
X-MS-Exchange-Organization
DV:3.3.14519.472;SID:Sende
Looks like spam to me.
The SPF check fails, so if you had software that could reject emails based on SPF failure, it could reject the message.
Does thomasrgrassijr @ tgcsnet.com exist as a user on your server?
The SPF check fails, so if you had software that could reject emails based on SPF failure, it could reject the message.
Does thomasrgrassijr @ tgcsnet.com exist as a user on your server?
ASKER
yes that is my email address
So the ORF Fusion would take care of these?
Wonder why the Exchange Spam Agents do not
My Outlook has high level on junk specified. Which is Outlook 2013
So the ORF Fusion would take care of these?
Wonder why the Exchange Spam Agents do not
My Outlook has high level on junk specified. Which is Outlook 2013
I'm not a fan of the Exchange Anti-Spam Agents - way too inflexible IMHO.
You can Trial ORF for 42 days and I can help you configure it (if you need help).
ORF can be configured to reject emails that fail SPF check.
I'm assuming you don't have a voicemail service that emails you voice messages?
Alan
You can Trial ORF for 42 days and I can help you configure it (if you need help).
ORF can be configured to reject emails that fail SPF check.
I'm assuming you don't have a voicemail service that emails you voice messages?
Alan
ASKER
Alan
Thanks
I will open another question for ORF
doing system maint on the server now will install ORF later today.
Thanks
I will open another question for ORF
doing system maint on the server now will install ORF later today.
No problems.
I'm out all day tomorrow (UK time) at Microsoft's London HQ so may not be able to respond to ORF questions, but will do my best to respond as soon as I can (if you don't raise the question shortly that is).
Alan
I'm out all day tomorrow (UK time) at Microsoft's London HQ so may not be able to respond to ORF questions, but will do my best to respond as soon as I can (if you don't raise the question shortly that is).
Alan
ASKER
Alan Thanks
Hey do you have any input for this one?
https://www.experts-exchange.com/questions/28604282/Exchange-2010-New-MailboxExportRequest-Script-Help.html
Another one I opened yesterday.
Hey do you have any input for this one?
https://www.experts-exchange.com/questions/28604282/Exchange-2010-New-MailboxExportRequest-Script-Help.html
Another one I opened yesterday.
Looks like you are getting close on that one. I will monitor the question.
ASKER
Alan thanks
this command is the one I am having difficulty with
Search-Mailbox -Identity journal -SearchQuery {sent:'$Start'..'$End'} -LogOnly -LogLevel full -DeleteContent
It keeps giving my a prompt Folder Name
the command waits for input
Thoughts?
this command is the one I am having difficulty with
Search-Mailbox -Identity journal -SearchQuery {sent:'$Start'..'$End'} -LogOnly -LogLevel full -DeleteContent
It keeps giving my a prompt Folder Name
the command waits for input
Thoughts?
Best not to get into that one in this question or it will confuse people further down the line.
I'll post something in the question.
I'll post something in the question.
ASKER
Alan yes thanks
ASKER
Guys
I have a program febooti it is a batch command line smtp client
wrote many scripts using this to email me system status reports on a daily basis.
Now that I disabled the relay connector I am not receiving those emails.
I can send internal email from outlook clients no problem
Can send email out to external clients no problem
Can receive external email from other email clients and remote outlook users.
also my WSUS server sends email as does SQl none are working now.
They all use port 25
How can I setup the relay connector to work in my environment ?
I have a program febooti it is a batch command line smtp client
wrote many scripts using this to email me system status reports on a daily basis.
Now that I disabled the relay connector I am not receiving those emails.
I can send internal email from outlook clients no problem
Can send email out to external clients no problem
Can receive external email from other email clients and remote outlook users.
also my WSUS server sends email as does SQl none are working now.
They all use port 25
How can I setup the relay connector to work in my environment ?
ASKER
H Guys
Update
After further testing I tried this
telnet 10.2.8.36 25
220 tgcs025.our.network.tgcsne t.com Microsoft ESMTP MAIL Service ready at Tue, 2
7 Jan 2015 14:58:13 -0500
helo
250 tgcs025.our.network.tgcsne t.com Hello [10.2.8.69]
mail from: trgrassijr@me.com
530 5.7.1 Client was not authenticated
Connection to host lost.
C:\
On the default connector I have anonymous checked
What is wrong here?
ID: 40572824 has my receive list
Update
After further testing I tried this
telnet 10.2.8.36 25
220 tgcs025.our.network.tgcsne
7 Jan 2015 14:58:13 -0500
helo
250 tgcs025.our.network.tgcsne
mail from: trgrassijr@me.com
530 5.7.1 Client was not authenticated
Connection to host lost.
C:\
On the default connector I have anonymous checked
What is wrong here?
ID: 40572824 has my receive list
ASKER
Guys
Update
Just tried this
Enabled the TGCSNET Relay connector with on anonymous checked
Then ran this
[PS] C:\Windows\system32>Get-Re ceiveConne ctor "TGCSNET Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -E
xtendedRights "Ms-Exch-SMTP-Accept-Any-R ecipient"
Identity User Deny Inherited
-------- ---- ---- ---------
TGCS025\TGCSNET R... NT AUTHORITY\ANON... False False
But still getting 530 5.7.1 Client was not authenticated
Thoughts
Update
Just tried this
Enabled the TGCSNET Relay connector with on anonymous checked
Then ran this
[PS] C:\Windows\system32>Get-Re
xtendedRights "Ms-Exch-SMTP-Accept-Any-R
Identity User Deny Inherited
-------- ---- ---- ---------
TGCS025\TGCSNET R... NT AUTHORITY\ANON... False False
But still getting 530 5.7.1 Client was not authenticated
Thoughts
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Alan
How do I add the relay permission?
I should then remove TGCSNET Relay correct?
How do I add the relay permission?
I should then remove TGCSNET Relay correct?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Alan
1, disabled Relay Connector
2. Restarted Transport Service
Agree that will be easier.
Now Ran the above command
[PS] C:\Windows\system32>Get-Re ceiveConne ctor "TGCSNET Connector" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON
" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-R ecipient"
Identity User Deny Inherited
-------- ---- ---- ---------
TGCS025\TGCSNET C... NT AUTHORITY\ANON... False False
Then restarted transport service again
But still getting 530 5.7.1 Client was not authenticated
What am I missing here? Could it be authentication settings?
TGCSNET-Connector.txt
1, disabled Relay Connector
2. Restarted Transport Service
Agree that will be easier.
Now Ran the above command
[PS] C:\Windows\system32>Get-Re
" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-R
Identity User Deny Inherited
-------- ---- ---- ---------
TGCS025\TGCSNET C... NT AUTHORITY\ANON... False False
Then restarted transport service again
But still getting 530 5.7.1 Client was not authenticated
What am I missing here? Could it be authentication settings?
TGCSNET-Connector.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All Working now Guys
Thanks for all the help.
Alan
Just installed ORF Fusion now that Email is flowing again
Just have to check all my scripts and some devices have built in email code need to test them
Thanks again
Thanks for all the help.
Alan
Just installed ORF Fusion now that Email is flowing again
Just have to check all my scripts and some devices have built in email code need to test them
Thanks again
If you look for spam internet header you can identify the sender IP address.
By default Exchange 2010 has 2 Receive Connector - Client <ServerName> and Default <ServerName>
You can create another Receive Connector and enabled anonymous or you can enable it on Default <ServerName>