0

I'm having some doubts on the receiver connector configure in our Exchange 2010, which the default receiver connector is configured to allow "Anonymous user" to connect.
We have mail gateway sitting in the DMZ zone, have 2 Exchange servers running under DAG and have no Edge transport role.

Few questions I have are:
1. Our mail gateway is connecting thru port 25, means it is connect to this default receiver connector right?
2. Do the "Anonymous user" required and why? Do mail gateways normally authenticate themselves (I can't find such settings in ours)?
3. "Anonymous user" has permission of "ms-Exch-SMTP-Accept-Any-Sender". Not sure who granted it, should it be removed or it is required in order to receive emails from external domains (from our mail gateway)?
Asking so because this connector is meant for internal relay as well. So if "anonymous user" has this permission, anyone can send as anybody, isn't this a risk to security?

Any help are greatly appreciated!

nlks
  • 132
  • 2
  • 3
  • 12

1 Answers1

1

To accept email from the internet then you have anonymous enabled. Therefore the settings you are seeing are correct. You would need to check whether the appliance can send email to your server via authentication to decide whether to change it. If it isn't able to authenticate, then you will have to leave anonymous enabled.

However, if the Exchange server cannot be seen from the outside world, I wouldn't worry about it. Furthermore, if you have things internally sending email - such as printers, scanners etc, they would normally not need to authenticate if sending email to an internal recipient. Authentication is normally only used for relaying.

Therefore having anonymous is normal and to be expected.

The second permission is the default. It allows a printer for example to send as printer@example.com and for it to be accepted by the server. Some will remove the permission, which is a crude way of stopping spoofing. However it is only effective on an external facing system. If you have a gateway in front then its effectiveness would be limited. The email has been accepted and would then bounce, so you are wasting bandwidth. Spoofing control should really be done at the point of delivery.

Sembee
  • 2,884
  • 1
  • 8
  • 11
  • Understood for the "anonymous user" configuration, however still have concerns on allowing sending as any sender (even authenticated user do not have this permission). We worry that can cause an issue, let say a normal staff connected and send a misleading/destructive memo to all staffs, as our HR manager. we do not have scanner/printer that relay but only applications. So as long as all my applications can authenticate themselves, it's safe for me to remove this permission am I right? Do I need this permission to receive email from external (since sender is other domain)? – nlks Mar 24 '16 at 01:23
  • What you are referring to is spoofing, which is a very old problem with SMTP email - I have been working with email servers for over 20 years and it has been a problem throughout my career. Therefore someone sending an email claiming to be from someone else is a common issue, and easily proven to be a falsified message. However if you are sure that nothing needs to send email as your domain, then remove the permission. It is quite a common change. Although as I have said above - spoofing should be done by your gateway. There is little value in you making the change on the server itself. – Sembee Mar 25 '16 at 13:20
  • Hi, our gateway is handling emails to external only, so I guess I have to remove this permission to prevent spoofing from internal. Thank you very much for clearing the air :) – nlks Mar 28 '16 at 04:53