Telnet to SMTP Vulnerability- disable anonymous user

Larry Kiterling
Larry Kiterling used Ask the Experts™
I have a vulnerability that allows spoofing through telnetting SMTP on our exchange 2010 through the WAN interface(smtp public address)
. If I disable anonymous user, would I need to create transport connectors for internal IP addresses that uses SMTP for emailing (apc, temperature, scanners)?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Principal Software Engineer
Would you give us some more information, particularly what is an "anonymous user"?

If an "anonymous user" is an SMTP connection in with the MAIL FROM: section is left blank ... well, the SMTP RFC requires that anonymous users be able to send email.  Blocking that ability will cause problems elsewhere.  MAIL (MAIL)


The reverse-path consists of the sender mailbox.  Historically, that mailbox might optionally have been preceded by a list of hosts, but that behavior is now deprecated (see Appendix C).  In some types of reporting messages for which a reply is likely to cause a mail loop (for example, mail delivery and non-delivery notifications), the reverse-path may be null (see Section 3.6).
Lucky for me this server is being decommed. In the end, I would only need to configure SPF and disable 'anonymous users' to send email.

Remove ms-Exch-SMTP-Accept-Any-Sender for anonymous users with

Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission


Thanks for assisting

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial