Problem with Open relay in Exchange Server

Hello people,

I have an Exchange 2016 server with the latest CU. I have created open relay in order that servers can send emails with the correct IP. Everything works perfectly..but we found out that users can send emails with the following:

Send-MailMessage -To test1@test.com -from test2@test.com -subject "test" –SmtpServer "name"

Problem: Everybody can send as everybody.

How can I restrict it?

Thanksssssss
Rowell ByrneAsked:
Who is Participating?
 
Todd NelsonSystems EngineerCommented:
If you made changes to the default receive connectors, you should reset them to the original settings.  Once you complete that task, create a "relay" receive connector using this reference ... https://practical365.com/exchange-server/exchange-2016-smtp-relay-connector/
0
 
timgreen7077Exchange EngineerCommented:
If you setup the internal relay to only allow servers with specific IP addresses to relay through that connector, then any emails coming from any other IP will not be successful. also make sure that you don't have a subnet of IPs listed. This is should only be single IPs. If the users are using the Send-MailMessage cmdlets from a server that has a allowed IP address then it will be successful. Look to make sure that only single IPs are listed.
0
 
Ganesh Kumar ASr Infrastructure SpecialistCommented:
Run the diagnostics using the https://mxtoolbox.com/diagnostic.aspx

To remove anonymous restriction especially you have mail gateway routing all your inbound and outbound smtp traffic through it you can use this following command to restrict anonymous access.

Get-ReceiveConnector "Default Frontend <server>" | Remove-ADPermission -User "NT Authority\Anonymous Logon" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Here is the MS article for various option suits your need: https://support.microsoft.com/en-us/help/324958/how-to-block-open-smtp-relaying-and-clean-up-exchange-server-smtp-queu
0
 
Sunil ChauhanExpertise in Exchange Server, Office 365 & Powershell ScriptingCommented:
you have created an open relay, the best options for you is to restrict based on the source IP (application Host), you can run the following CMd.

for adding single first IP address.

Set-ReceiveConnector -Identity  "Relay Connector"  RemoteIPRanges 192.168.0.1

Open in new window


Note: It's a multivalued property, so to add further IP you can use the following ways.

$RecvC = Get-ReceiveConnector "Relay Connector"
$RecvC.RemoteIPRanges += "10.0.0.99"
Set-ReceiveConnector "Relay Connector" -RemoteIPRanges $RecvC.RemoteIPRanges

Open in new window

0
 
Todd NelsonSystems EngineerCommented:
Sufficient information provided for resolution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.