We help IT Professionals succeed at work.
Get Started

Receiving spam email from spoofed internal sender on Exchange 2010 SP3 with Symantec Mail Gateway

677 Views
Last Modified: 2015-11-09
People,

I'm confused and need your help here with the issue of receiving internally spoofed spam address but the IP address is kept on changing from country to country.

The Email is filtered first by Symantec Email Gateway appliance and then forwarded to the Exchange Server. But I'm not sure if this is Exchange Server issue or Symantec problem ?

When I read this blog, it suggest the below powershell script:

Get-ReceiveConnector “My Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

Open in new window


but there are multiple Receive connector here in my Exchange Server 2010 SP3:


[PS] C:\>Get-ReceiveConnector | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | ft -AutoSize

Identity                      User                           Deny  Inherited
---------------------------   ----------------------------   ----- ---------
MAIL01-VM\Default MAIL01-VM   NT AUTHORITY\ANONYMOUS LOGON 	 False False
MAIL02-VM\Default MAIL02-VM   NT AUTHORITY\ANONYMOUS LOGON 	 False False
MAIL01-VM\Inbound SMTP Relay  NT AUTHORITY\ANONYMOUS LOGON 	 False False
MAIL02-VM\Inbound SMTP Relay  NT AUTHORITY\ANONYMOUS LOGON 	 False False
MAIL01-VM\External Relay      NT AUTHORITY\ANONYMOUS LOGON 	 False False
MAIL02-VM\External Relay      NT AUTHORITY\ANONYMOUS LOGON 	 False False
MAIL01-VM\UCCX MAIL01-VM      NT AUTHORITY\ANONYMOUS LOGON 	 False False
MAIL02-VM\UCCX MAIL02-VM      NT AUTHORITY\ANONYMOUS LOGON 	 False False


[PS] C:\>Get-ReceiveConnector | ft -AutoSize

Identity                      Bindings              Enabled
---------------------------   --------------------- -------
MAIL01-VM\Default MAIL01-VM   {:::25, 0.0.0.0:25}   True
MAIL01-VM\Client MAIL01-VM    {:::587, 0.0.0.0:587} True
MAIL02-VM\Default MAIL02-VM   {:::25, 0.0.0.0:25}   True
MAIL02-VM\Client MAIL02-VM    {:::587, 0.0.0.0:587} True
MAIL01-VM\Inbound SMTP Relay  {10.1.2.89:25}        True
MAIL02-VM\Inbound SMTP Relay  {10.1.2.89:25}        True
MAIL01-VM\External Relay      {10.1.2.90:25}        True
MAIL02-VM\External Relay      {10.1.2.91:25}        True
MAIL01-VM\UCCX MAIL01-VM      {0.0.0.0:25}          True
MAIL02-VM\UCCX MAIL02-VM      {0.0.0.0:25}          True

Open in new window


So I'm confused which Receive connector should I be running the powershell script against ?

What's the roll back plan if email flow is affected when executing the wrong powershell against incorrect Receive connector ?

Thanks,
Comment
Watch Question
CERTIFIED EXPERT
Distinguished Expert 2020
Commented:
This problem has been solved!
Unlock 5 Answers and 21 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE