Recipients {}
Hello, I am using Exhcange 2007 and for business purpose I gotta keep some accepted domains... My manager asked me why users belonging to one of our accepted domain were sending emails to {} which are obsiously Spam. - I would like to understand how come I got {} in the recipients field? - Would it be possible to disable sending any email from specific accepted domain (just receiving emails not allowing the sending)? MessageSubject Recipients Sender -------------- ---------- ------ VIAGRA ? -62% discount {} user@prio-accepteddomain.com VIAGRA ? -87% discount {} user1@prio-accepteddomain.com Accepted domain definition DomainName : prio-accepteddomain.com DomainType : Authoritative AddressBookEnabled : False Default : False AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) Name : prio-accepteddomain.com DistinguishedName : CN=prio-accepteddomain.com,CN=Accepted Domains,CN=Transport Settings, Identity : prio-accepteddomain.com Guid : 6340d3a-230-9ea-bd6a-116ab8118 IsValid : True Many thanks in advance for your input. Graig
March 22nd, 2011 7:31pm

That is probably spoof or Out of the Office. A common spammers trick is to use the same domain as the target for sending email. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
Free Windows Admin Tool Kit Click here and download it now
March 22nd, 2011 7:50pm

Looks like spoofing like Sembee mentioned, yes you can configure what servers are authoratative for sending as your domains; please provide what type of SPAM solution you're using, the config will be in your spam solution.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
March 22nd, 2011 8:27pm

I am NOT using third Party for spam solution. I use the default one in the microsoft Exchange 2007 server... Would you please provide me further information to fight against the spoofing? or any advice for third party solution I should get to fight more efficiently against spoofing.
Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2011 4:45am

Have you enabled recipient validation? That can stop a lot of this kind of stuff. However spoofing is very hard to stop, that is why it is so common. All spam is spoofed and it is a common spammers trick. If it was easy to stop it wouldn't be a problem. There are no magic bullets to stop spam. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
March 24th, 2011 9:52am

In that case configure your receive connectors so that only allowed IPs are configured to send as yourdomain.com. Barat Suneja msft has instructions in his blog. HOW TO: Prevent annoying spam from your own domain http://exchangepedia.com/2008/09/how-to-prevent-annoying-spam-from-your-own-domain.htmlJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
March 24th, 2011 10:12am

Hello, I am try to figure out whether I would have machines such as copier, printer scaner etc that would use anonymous connection before I run the command: Get-ReceiveConnector “My Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | REMOVE-ADPermission I would need to be sure that I could run a roll back in case I haven't been able to indentify all the posible anonymous users. Would the below command do the roll back job: Get-ReceiveConnector “My Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | ADD-ADPermission. @ Sembee: How can I verify whether I have enabled recipient validation
March 28th, 2011 11:02am

Yes that second command will roll that back. Yes you should be using a separate receive connector for internal relay servers\devices since these are trusted. Create another receive connector first, configure it to allow those servers\devices to relay in the IP permit, verify that it is using the new connector by looking at the receive connector logs then perform the steps in that article. Allowing application servers to relay off Exchange Server 2007 http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspxJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
March 28th, 2011 4:45pm

Thanks James. By any chance, would you know any good article explaining a bit more about spoofing? I found that http://www.spamlaws.com/how-IP-spoofing-works.html but I wonder if I could get event further information.. Graig
March 29th, 2011 10:43am

Here's a pretty straight forward article. http://www.windowsecurity.com/articles/Email-Spoofing.htmlJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
March 30th, 2011 12:53pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics