How can I prevent spoofed emails from outside thats using my internal accepted domain

spam spoofing exchange-2013

Solution 1:

You need to remove permission to bypass the sender address spoofing check by running:

Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission

If that doesn't solve the problem (i.e for Exchange 2013 CU5+), you should do the following:

  1. Block your own domain with

    Set-SenderFilterConfig -BlockedDomains mydomain.com

    Set-SenderFilterConfig -InternalMailEnabled $true

  2. Remove ms-Exch-SMTP-Accept-Any-Sender for anonymous users with

    Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission

  3. Allow open relay from LAN (if needed) with:

    Get-ReceiveConnector "name of your LAN Open Relay connector" | add-ADPermission -user "NT AUTHORITY\Anonymous Logon" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender"

P.S. Make sure to restart transport service after those operations.

Related

Determine target of NTFS reparse point
Add haproxy X-Forwarded-Host request header
NFS4 - Mounting multiple subdirs
TCP Messages Merged?
Using PGPASSWORD variable does not seem to work any more on Postgresql 9.3
HP MSA 2040 for SVOD service
Which key failed in Python KeyError?
Does GZIP Compression Level Have Any Impact On Decompression
How to use a PostgreSQL container with existing data?
How to upload a mapping file to Firebase Crashlytics?
Are Java records intended to eventually become value types?
Matplotlib/pyplot: How to enforce axis range?