Prevent Exchange Spoofing

Hi Experts,

We have an issue i hope you can help with
We presently use exchange 2010. However we have noticed an issue with us occasionally being blacklisted
Upon investigation, we found that the cause of this issue was that some users, during the course of their work, were testing sending emails and using the exchange server as an smtp relay

The problem with this however, it that in their wisdom, they are using made up domains to send from, hence the black list

Is there any way to stop this and ensure that if they do send test smtp emails, they are only allowed if it is from our domain?
LVL 4
Graham HirstIT EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

systechadminConsultantCommented:
why dont u create a relay connector and allow required IPs from connector to allow emails ...
1
Todd NelsonSystems EngineerCommented:
First of all, it sounds as if you created an issue for yourself by modifying the default receive connectors.  Because by default, the receive connectors are not configured for open relay.  Use this as a reference ... https://oddytee.wordpress.com/2016/01/12/exchange-2010-default-receive-connector-settings/

Second, like Gaurav stated, create a "relay" receive connector with only the IP addresses that need to send legitimate SMTP notifications.  Use this reference ... https://practical365.com/exchange-server/how-to-configure-a-relay-connector-for-exchange-server-2010/
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dr. KlahnPrincipal Software EngineerCommented:
Is there any way to stop this

Sure, it's quite easy.  Send out a memo along these lines:

"Tampering with the functionality of the corporate computer network puts not only the network at risk, but the company itself.  This includes attaching unauthorized devices, sharing passwords, using systems you are not authorized to use, and the last specifically includes the recent unauthorized use of the web server and mail transfer systems.

"Starting today, employees will get one warning and it will go into their permanent record.  Those warned will be required to sign a memorandum stating that they understand the rules and will not offend again.  A second offense will result in immediate termination.  This applies to everyone in the company no matter what level of employment - management, salaried or hourly.  The policy will be enforced by Security, not IT."

Then get a rent-a-dummy from one of the security agencies who specialize in such things, hire them on for a month or two, then "catch them in the act" and fire them publicly.  Word gets around and everyone else will fall into line right quick.
0
Todd NelsonSystems EngineerCommented:
Send out a memo

I get what you are driving at.  However, it's easier said than done as it cannot come from IT without the authority of management.  FSIFM should really work to the backing of the C-levels before doing anything of this nature.  I find that most of the times, they will be compliant, but it is not always the case.  We had several C-levels, at a previous company, that really enjoyed their porn and refused to implement any web filtering because thy did not want their actions documented or scrutinized.  They were above the law, if you will.  Kind of like sending out a memo would appear to be.
0
Graham HirstIT EngineerAuthor Commented:
Cheers guys, that hit the nail on the head and i was able to lock it down
Thanks for the articles :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.