Telnet to SMTP Vulnerability- disable anonymous user

Larry Kiterling
Larry Kiterling used Ask the Experts™
on
I have a vulnerability that allows spoofing through telnetting SMTP on our exchange 2010 through the WAN interface(smtp public address)
. If I disable anonymous user, would I need to create transport connectors for internal IP addresses that uses SMTP for emailing (apc, temperature, scanners)?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Principal Software Engineer
Commented:
Would you give us some more information, particularly what is an "anonymous user"?

If an "anonymous user" is an SMTP connection in with the MAIL FROM: section is left blank ... well, the SMTP RFC requires that anonymous users be able to send email.  Blocking that ability will cause problems elsewhere.

4.1.1.2.  MAIL (MAIL)

....

The reverse-path consists of the sender mailbox.  Historically, that mailbox might optionally have been preceded by a list of hosts, but that behavior is now deprecated (see Appendix C).  In some types of reporting messages for which a reply is likely to cause a mail loop (for example, mail delivery and non-delivery notifications), the reverse-path may be null (see Section 3.6).
Lucky for me this server is being decommed. In the end, I would only need to configure SPF and disable 'anonymous users' to send email.


Remove ms-Exch-SMTP-Accept-Any-Sender for anonymous users with

Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission

Author

Commented:
Thanks for assisting

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial