Hi,

I have Exchange Server 2010 Ver 14.0(Build 639.21).

I have always received an email from a local user while the user is never send emails. If using Microsoft Exchange Troubleshooting Assistant, clientip not use the IP server.

How to reject spam emails and reject non fqdn domain?

I dont have antispam server, I only depend on the Exchange antispam.

Please Help Me..

T

Hi,

If you got the IP address of that server who sent this message, you can add this IP address to IP block list by enabling Anti-Spam Functionality on a Hub Transport Server.

But, to find the root cause of this issue. I would like to do some troubleshooting to help you.

Have you ever configured receive connector to relay email via Exchange? Please run the following command and post the result, I appreciate your cooperation. And check if the IP address in the RemoteIPRanges of receive connector.

Get-ReceiveConnector | fl

Hope for your response.

Best Regards.

Hi Lynn-Li

I have been put through the command Get-ReceiveConnector "TransportName" | fl * remote * and I get RemoteIPRanges : { 0.0.0.0-255.255.255.255 }.

How to disable relay connection?

Yesterday I had to change the IP RemoteIPRanges become public IP server and IP localhost, but the email can not be accepted by the user.

Please Help Me.

Hi,

Is there only one receive connector in your exchange server?

Please enable protocol Logging on connectors and check protocol Log, use the IP address of that server to find which receive connector will receive these spam emails.

Then we need to check the ExtendRights on that receive connector

Get-ReceiveConnector | Get-ADPermission | fl identity, user, extendedrights >c:\rc_permission.txt

If the ExtendedRights is set to ms-Exch-SMTP-Accept-Any-Recipient, this receive connector will allow the anonymous session to relay messages through this connector to any recipient, including external recipients. It will be open relay.

Best Regards.

Hi,

No, I have 3 Receive Connector but If using Microsoft Exchange Troubleshooting Assistant email always use 1 Receive Connector.

I already enable protocol logging on connectors.

I saw ms-Exch-SMTP-Accept-Any-Recipient in all controler . its more appropriate to the "NT AUTHORITY \ Authenticated Users", "PATRA - SK \ Exchange Servers", "MS Exchange \ Hub Transport Servers", "MS Exchange \ Edge Transport Servers", "MS Exchange \ Externally Secured Servers".

How to disable relay connection?

Thanks Lynn-Li

Hi,

We need to find the receive connector which received these spam emails, then remove the permission on that receive connector to disable relay connection.

Is there a permission like this on that receive connector?

Identity       : Connecter Name

User           : NT AUTHORITY\ANONYMOUS LOGON

ExtendedRights : {ms-Exch-SMTP-Accept-Any-Recipient}

Best Regards.

Hi Lynn,

I found this in every controler.

Identity       : MAIL\Transport

User           : NT AUTHORITY\ANONYMOUS LOGON

ExtendedRights : {ms-Exch-SMTP-Accept-Any-Sender}

How to remove the permission on that receive connector to disable relay connection?

Thanks Lynn

OK, use the following command to remove this permission on all receive connector.

Get-ReceiveConnector | Remove-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Best Regards.

Hi Lynn,

I can not run the command with error:

Can't remove the access control entry on the object "CN=Default MAIL,CN=SMTP Receive Connectors,CN=Protocols,CN=MAIL,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Patra SK,CN=Microsoft Exchange, CN=Services,CN=Configuration,DC=patra-sk,DC=com" for attribute "ExtendedRight (ObjectType: 5c82f031-4e4c4326-88e1-8c4f0cad9de5)" because the ACE isn't present.

But if I use MXtoolbox, I get SMTP Open Relay : OK - Not an open relay.

Please help me