Telnet to SMTP Vulnerability- disable anonymous user

I have a vulnerability that allows spoofing through telnetting SMTP on our exchange 2010 through the WAN interface(smtp public address)
. If I disable anonymous user, would I need to create transport connectors for internal IP addresses that uses SMTP for emailing (apc, temperature, scanners)?
Larry KiterlingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dr. KlahnPrincipal Software EngineerCommented:
Would you give us some more information, particularly what is an "anonymous user"?

If an "anonymous user" is an SMTP connection in with the MAIL FROM: section is left blank ... well, the SMTP RFC requires that anonymous users be able to send email.  Blocking that ability will cause problems elsewhere.  MAIL (MAIL)


The reverse-path consists of the sender mailbox.  Historically, that mailbox might optionally have been preceded by a list of hosts, but that behavior is now deprecated (see Appendix C).  In some types of reporting messages for which a reply is likely to cause a mail loop (for example, mail delivery and non-delivery notifications), the reverse-path may be null (see Section 3.6).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Larry KiterlingAuthor Commented:
Lucky for me this server is being decommed. In the end, I would only need to configure SPF and disable 'anonymous users' to send email.

Remove ms-Exch-SMTP-Accept-Any-Sender for anonymous users with

Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission
Larry KiterlingAuthor Commented:
Thanks for assisting
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.