I am running Exch07 Sp2. I have a distribution list called "test_group" with an email address of "test_group@mydomain.com". But anyone from the outside world can send an email to this list. How do I stop this from happening? I have been researching this and know that by default the check box for "Require that all senders are authenticated" is checked. I have verified that this is checked, but I am still getting emails from outside email addresses. Thanks! hWe will never be an advanced civilization as long as rain showers can delay the launching of a space rocket. -George Carlin

Hub transport rule. Bounce any email from outside the organization that has the smtp address of the DL in the To: header.

OK, but what about the next distribution list that *some* outside people need to be able to send to? Like a vendor emailing the marketing team distribution list? Thanks! hWe will never be an advanced civilization as long as rain showers can delay the launching of a space rocket. -George Carlin

If you need specific exceptions, create mail contacts for them, and then you can specify in the rule exception that you will accept it if it's from them.

In the Exchange Management Shell, do the following: Get-DistributionGroup "Test_Group" |Select RequireSenderAuthenticationEnabled Is RequireSenderAuthenticationEnabled actually "True"? Karlhttp://unlockpowershell.wordpress.com

Karl, That returns: RequireSenderAuthenticationEnabled ---------------------------------- True We will never be an advanced civilization as long as rain showers can delay the launching of a space rocket. -George Carlin

Any other ideas for me?We will never be an advanced civilization as long as rain showers can delay the launching of a space rocket. -George Carlin

OK, got that. Unfortunately it does not seem to work 100%, unfortunately if an address is spoofed then it still allows it to come through even though the require sender authentication is checked. In fact, even if only domain users are allowed to send to it and the require authentication is checked, it still is not checking the authentication. If I spoof a local address it still allows me to send to the dist group from an outside server. Example (for clarity) Test_Group is set to only allow local domain users (Corp_AllStaff group) to send to the list, Require Authentication box is checked. I can set my Outlook Express client at home to use me@domain.com as the return address and the list allows the message to be sent to it.We will never be an advanced civilization as long as rain showers can delay the launching of a space rocket. -George Carlin

Are you using servers with the Edge role? Karlhttp://unlockpowershell.wordpress.com

I have one Exchange server, it holds all roles.We will never be an advanced civilization as long as rain showers can delay the launching of a space rocket. -George Carlin

Well, it can't run the Edge role - that has to be on a seperate server. So, what do you have between your internal network and the Internet? Karlhttp://unlockpowershell.wordpress.com

Hi Karl, Sorry, I've been away and unable to respond.How can I check the roles that are installed on my server. And I'm telling you there is only one server, I personally did the migration from Exch03 to Exch07 a few months ago and there is only one.As for what's between the internal network and the internet, a couple switches before making its way to our edge firewall, it is a NS25 (Netscreen/Juniper).We will never be an advanced civilization as long as rain showers can delay the launching of a space rocket. -George Carlin

Hi,Roles can be seen byget-exchangeServer |FL Name, serverRole*And if u have one server with all roles then it means that u have Hub+CAS+Mailbox roles. Edge is not installed with any of the other three roles, and it is only installed alone on a server.Regards,Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com

Thanks, I didn't realize that. I certainly do not have an Edge server then. The result is: Name : <servername> ServerRole : Mailbox, ClientAccess, HubTransport We will never be an advanced civilization as long as rain showers can delay the launching of a space rocket. -George Carlin