We help IT Professionals succeed at work.
Get Started
Receiving spam email from spoofed internal sender on Exchange 2010 SP3 with Symantec Mail Gateway
People,
I'm confused and need your help here with the issue of receiving internally spoofed spam address but the IP address is kept on changing from country to country.
The Email is filtered first by Symantec Email Gateway appliance and then forwarded to the Exchange Server. But I'm not sure if this is Exchange Server issue or Symantec problem ?
When I read this blog, it suggest the below powershell script:
but there are multiple Receive connector here in my Exchange Server 2010 SP3:
So I'm confused which Receive connector should I be running the powershell script against ?
What's the roll back plan if email flow is affected when executing the wrong powershell against incorrect Receive connector ?
Thanks,
I'm confused and need your help here with the issue of receiving internally spoofed spam address but the IP address is kept on changing from country to country.
The Email is filtered first by Symantec Email Gateway appliance and then forwarded to the Exchange Server. But I'm not sure if this is Exchange Server issue or Symantec problem ?
When I read this blog, it suggest the below powershell script:
Get-ReceiveConnector “My Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission
but there are multiple Receive connector here in my Exchange Server 2010 SP3:
[PS] C:\>Get-ReceiveConnector | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | ft -AutoSize
Identity User Deny Inherited
--------------------------- ---------------------------- ----- ---------
MAIL01-VM\Default MAIL01-VM NT AUTHORITY\ANONYMOUS LOGON False False
MAIL02-VM\Default MAIL02-VM NT AUTHORITY\ANONYMOUS LOGON False False
MAIL01-VM\Inbound SMTP Relay NT AUTHORITY\ANONYMOUS LOGON False False
MAIL02-VM\Inbound SMTP Relay NT AUTHORITY\ANONYMOUS LOGON False False
MAIL01-VM\External Relay NT AUTHORITY\ANONYMOUS LOGON False False
MAIL02-VM\External Relay NT AUTHORITY\ANONYMOUS LOGON False False
MAIL01-VM\UCCX MAIL01-VM NT AUTHORITY\ANONYMOUS LOGON False False
MAIL02-VM\UCCX MAIL02-VM NT AUTHORITY\ANONYMOUS LOGON False False
[PS] C:\>Get-ReceiveConnector | ft -AutoSize
Identity Bindings Enabled
--------------------------- --------------------- -------
MAIL01-VM\Default MAIL01-VM {:::25, 0.0.0.0:25} True
MAIL01-VM\Client MAIL01-VM {:::587, 0.0.0.0:587} True
MAIL02-VM\Default MAIL02-VM {:::25, 0.0.0.0:25} True
MAIL02-VM\Client MAIL02-VM {:::587, 0.0.0.0:587} True
MAIL01-VM\Inbound SMTP Relay {10.1.2.89:25} True
MAIL02-VM\Inbound SMTP Relay {10.1.2.89:25} True
MAIL01-VM\External Relay {10.1.2.90:25} True
MAIL02-VM\External Relay {10.1.2.91:25} True
MAIL01-VM\UCCX MAIL01-VM {0.0.0.0:25} True
MAIL02-VM\UCCX MAIL02-VM {0.0.0.0:25} True
So I'm confused which Receive connector should I be running the powershell script against ?
What's the roll back plan if email flow is affected when executing the wrong powershell against incorrect Receive connector ?
Thanks,
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE