Rowell Byrne
asked on
Problem with Open relay in Exchange Server
Hello people,
I have an Exchange 2016 server with the latest CU. I have created open relay in order that servers can send emails with the correct IP. Everything works perfectly..but we found out that users can send emails with the following:
Send-MailMessage -To test1@test.com -from test2@test.com -subject "test" –SmtpServer "name"
Problem: Everybody can send as everybody.
How can I restrict it?
Thanksssssss
I have an Exchange 2016 server with the latest CU. I have created open relay in order that servers can send emails with the correct IP. Everything works perfectly..but we found out that users can send emails with the following:
Send-MailMessage -To test1@test.com -from test2@test.com -subject "test" –SmtpServer "name"
Problem: Everybody can send as everybody.
How can I restrict it?
Thanksssssss
If you setup the internal relay to only allow servers with specific IP addresses to relay through that connector, then any emails coming from any other IP will not be successful. also make sure that you don't have a subnet of IPs listed. This is should only be single IPs. If the users are using the Send-MailMessage cmdlets from a server that has a allowed IP address then it will be successful. Look to make sure that only single IPs are listed.
Run the diagnostics using the https://mxtoolbox.com/diagnostic.aspx
To remove anonymous restriction especially you have mail gateway routing all your inbound and outbound smtp traffic through it you can use this following command to restrict anonymous access.
Get-ReceiveConnector "Default Frontend <server>" | Remove-ADPermission -User "NT Authority\Anonymous Logon" -ExtendedRights "ms-Exch-SMTP-Accept-Any-R ecipient"
Here is the MS article for various option suits your need: https://support.microsoft.com/en-us/help/324958/how-to-block-open-smtp-relaying-and-clean-up-exchange-server-smtp-queu
To remove anonymous restriction especially you have mail gateway routing all your inbound and outbound smtp traffic through it you can use this following command to restrict anonymous access.
Get-ReceiveConnector "Default Frontend <server>" | Remove-ADPermission -User "NT Authority\Anonymous Logon" -ExtendedRights "ms-Exch-SMTP-Accept-Any-R
Here is the MS article for various option suits your need: https://support.microsoft.com/en-us/help/324958/how-to-block-open-smtp-relaying-and-clean-up-exchange-server-smtp-queu
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sufficient information provided for resolution.