Exchange 2010 forwarded emails by external servers being blocked
Posted
by
MadBoy
on Server Fault
See other posts from Server Fault
or by MadBoy
Published on 2012-01-03T09:08:34Z
Indexed on
2012/11/25
23:09 UTC
Read the original article
Hit count: 326
Our users were getting spam messages from their own accounts (same domain/login for example [email protected] to [email protected]). This is preety standard trick and I decided to block it so that anonymous users can't send emails as @company.com.
This brought some problems on us like our printers not being able to send emails etc but I solved it with secondary smtp receiver on different port with ip restrictions.
However it seems to affect forwarding by some e-mail servers as well:
Hi. This is the qmail-send program at home.pl. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.
: 89.14.1.26 failed after I sent the message. Remote host said: 550 5.7.1 Client does not have permissions to send as this sender
--- Below this line is a copy of the message.
Return-Path: Return-Path: Received: from mail.company.com [89.14.1.26] (HELO mail.company.com) by company.ho.pl [79.93.31.43] with SMTP (IdeaSmtpServer v0.70) id 488fcb01c2f069d9; Tue, 3 Jan 2012 09:46:55 +0100 Received: from EXCHANGE1.COMPANY ([fe80::d425:135f:b655:1223]) by EXCHANGE2.COMPANY ([fe80::193f:51ac:9316:cb27%14]) with mapi id 14.01.0355.002; Tue, 3 Jan 2012 09:46:55 +0100 From: =?iso-8859-2?Q?MadBoy?=
So basically server forwards it without affecting email address it was send with and our servers treat it like spam.
I used this command to block things:
Get-ReceiveConnector "DEFAULT Exchange2" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission
Is there anyway I can keep on receiveing things like forwards but be able to block things (except some dedicated antispam solution - this will be added later).
Also how do I "reassing" back the permissions that was removed?
EDIT to clarify:
I have a domain domain.com configured as Authorative
. Couple of our users are on project for differentcompany.com
which is not on our servers or anywhere close. Now when they send an email from their accounts lets say [email protected] to [email protected]
that special alias is configured so that any email it receives it forwards to multiple people including a group alias at our domain [email protected]
and that group alias puts the email in users mailboxes.
After the email is forwarded by [email protected]
and it reaches our server it is denied because the forwarding done by the "external" server doesn't affect user information so for the server it seems like the [email protected]
was actually sender and it treats it as spam and denies it. The server at differentcompany.com
just adds itself to the header that it passed thru it and doesn't modify sender at anyway (seems like this is how forwarding works).
Although I could probably allow this particular server as allowed to relay but this would seem to affect more servers/users as anyone can setup forwarding on their email back to our domain...
© Server Fault or respective owner