Exchange Server: Stop Spam From the Inside by Locking Down SMTPOriginally Posted by thorin
Basically you need to shut off anonymous access to the virtual SMTP server and enable Windows Authentication.
Need Advice on MS Exchange
On a recent assessment I found Nessus pop 11852. Manually testing the SMTP service I was unable to recreate the issue Nessus was reporting (relay). However, I was able to connect via SMTP and send mail as someone from the company (i.e.: admin@example.com) to other people in the company (i.e.: bob.smith@example.com).
Is there a way to configure exchange so that if an email originates on a server from a "local" (or whatever you want to call it) user the sender needs to be authenticated to that server (or the AD)?
Obviously everyone externally should be able to send to bob.smith@example.com (regular relay) but I need to prevent sending as admin@example.com or as Bob Smith himself to internal addresses.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Exchange Server: Stop Spam From the Inside by Locking Down SMTP
Basically you need to shut off anonymous access to the virtual SMTP server and enable Windows Authentication.
This is the sixth time we have created a thread about it... and we have become exceedingly efficient at it.
Zimbra ftw
Completely useless post. He's talking about an installation that already exists and that needs to be configured properly. Changing out an enterprises email server with something else is not within reason.Zimbra ftw
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
@g3ksan
Thank you. I had tried searching for "Exchange ACL" and a few things like that but the results were far from userfriendly.
@operat0r
Thanks, but streaker hit the nail on the head. Recommending replacing complete parts of infrastructure that already exist just won't fly.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
So you're golden? Luckily I was doing something similar on our exchange server here so that users don't have to authenticate as "user@domain.local" when they logged into the webportal, so it was fresh on my mind.
This is the sixth time we have created a thread about it... and we have become exceedingly efficient at it.
I think so.
This is the recommendation I ended up making (their inbound and outbound servers are separate):
If that's not specific enough for them, hopefully it at least sends them in the right direction.Disable anonymous access to the SMTP server. Consult the following documents for further details.
Exchange Server: Stop Spam From the Inside by Locking Down SMTP - Stop Spam From the Inside by Locking Down SMTP
Controlling SMTP Relaying with Microsoft Exchange - Controlling SMTP Relaying with Microsoft Exchange
Create a SPF record establishing smtpout.example.com (xxx.xxx.xxx.xxx) as the only valid sender of @example.com email; configure Exchange on inbound servers to use SenderID (Sender ID Home Page).
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Posting Permissions