<div>
Thanks for the help, but it doesn't solve my problem.<br />
I made a few test with Telnet, and the result is than everybody is able to send spoofed message to any address IN my organisation.<br />
<br />
For example :<br />
<br />
MAIL FROM: anyadress@anyexternaldomai<wbr />n.com<br />
RCPT TO : anyadress@otherexternaldom<wbr />ain.com<br />
-&gt; 5.7.1 Unable to relay<br />
<br />
MAIL FROM: anyadress@MYorganisation.c<wbr />om<br />
RCPT TO : anyadress@externaldomain.c<wbr />om<br />
-&gt; 5.7.1 Unable to relay<br />
<br />
MAIL FROM: anyadress@externaldomain.c<wbr />om<br />
RCPT TO : anyadress@MYorganisation.c<wbr />om<br />
-&gt; 2.6.0 Queued mail for delivery<br />
<br />
Any mail sent to an internal user of my organization is delivered, which is as far as I know the default &nbsp;comportment of SMPT servers...<br />
Is there a way to prevent this ?<br />
(I don't think so, because external senders cannot be authenticated)<br />
<br />
I had a look at the spam mail header, it is spoofed : the mail comes from an external mail server, but the &quot;from&quot; field defined in the header is the address of one of my internal users...<br />
<br />
I considered the solution given in the HOW-TO, but I don't know what are the consequences, will the users sending from outside of my organization (from cell phones for example) will still be able to send mails ?<br />
<br />
Thanks.
</div>


<div>
The message headers in the spam mail should show whether or not the messages are originating from your organization. Chances are they are not.<br />
<br />
Most anti-spam programs/firewalls have an anti-relay setting that will reject any messages showing as being from your domain, but not from your email server.<br />
<br />
The test for the problem you describe would be like this:<br />
MAIL FROM: anyadress@MYorganisation.c<wbr />om<br />
RCPT TO : anyadress@MYorganisation.c<wbr />om
</div>


<div>
Thanks, but I don't agree about the test &quot;&nbsp;not from your email server &quot;&nbsp;=&gt; Anybody is able to do a telnet on my mail server.<br />
But I agree, it should be from @Myorg to @Myorg, but it's would be the same result as any mail sent to an internal user is delivered (which is in fact my real problem, for witch I don't think a solutions exists. If you got one &nbsp;I'm interested).<br />
<br />
You're also right about my antispam (McAfee) : it should stop most of the incoming spoofed mails, but for a reason I don't know so far, it didn't stop these ones.<br />
<br />
Nevertheless, I tested Georges' solution about removing the right &quot;ms-exch-smtp-accept-autho<wbr />ritative-d<wbr />omain-send<wbr />er&quot; from anonymous logons, it works and don't seem so far to disturb other connexions.<br />
<br />
Thanks !
</div>


<div>
Just to clarify one point, your telnet tests may not be accurate if you are testing from your internal network. You may have to access an outside machine and try the same telnet tests to see how things work in a real world scenario.<br />
<br />
If your McAfee running internally or is it a cloud service? If it is outside your network, be sure your firewall is set to only accept SMTP (port 25) from the McAfee server as no legitimate email should be coming from anywhere else.
</div>


<div>
Not agree neither ;-)<br />
Telnet is just a connexion on a specific port, exactly as SMTP does. If the test is done on the external (public) interface of the mail server it doesn't matter if the client is inside or outside the network I think. <br />
It potentially could be different if McAfee run as a cloud service, but it isn't the case (I'm located in Central Africa and bandwidth doesn't allow the use of cloud services)<br />
<br />
Finally, regarding the Firewall, 25 isn't enough ! It is configured to accept both 25 AND 465 ports (but this last one doesn't allow anonymous connexion, therefore no security issue with spoofed spam).<br />
<br />
Thanks for your help &nbsp;!
</div>


<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
Since a few days, we’re receiving SPAM with our own internal email addresses; <br />
I guess the spammers are using an Exchange configuration which allow to send mail with internal users without authentication (MAIL FROM : user@myorg.com).<br />
<br />
My question is quite simple: is there a way to prevent this ?<br />
<br />
Do we got to configure that on the receive connectors properties ? <br />
(We actually got 2: one on 25 port, another one on 465 port).<br />
<br />
Thanks.<br />
FB
</div>
</div>


Hi,

Since a few days, we’re receiving SPAM with our own internal email addresses; 
I guess the spammers are using an Exchange configuration which allow to send mail with internal users without authentication (MAIL FROM : user@myorg.com).

My question is quite simple: is there a way to prevent this ?

Do we got to configure that on the receive connectors properties ? 
(We actually got 2: one on 25 port, another one on 465 port).

Thanks.
FB

Exchange 2010 - SPAM using organization internal addresses

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Microsoft Forefront, formerly known as Internet Security and Acceleration Server (ISA Server), is a network router, firewall, antivirus program, VPN server and web cache that runs on Windows servers. It includes identity management and protection systems, and discontinued systems for threat management and network protection, along with protection for Sharepoint and Exchange. The scope of discussions includes forward and reverse proxy, application and service publishing, virtual private networks (VPNs), outbound access rules, SSL certificates and network routing within either a single node or an highly-available array pairing.