0

When I use power shell to Send-MailMessage from our domain user's email address to any external email address, then I receive "5.7.1 Unable to relay" which is as expected.

Unfortunately, when I Send-MailMessage from domain user's email address to another domain user's email address or the same domain user's email address, the message is sent without asking for username or password.

Please help me to prevent sending any email without authentication in Exchange Server 2013.

Tarek Salah
  • 21
  • 5

1 Answers1

0

You can't.

The behaviour you are seeing is to be expected - you are basically spoofing the sender, which has been happening for probably 20 years. If you enable authentication then you will not be able to receive email from the internet because internet email cannot be authenticated either.

You need to look at spoofing protection for your Exchange server - changing authentication settings is not the answer.

Sembee
  • 2,884
  • 1
  • 8
  • 11
  • Do you mean 3rd party protection to be installed on the server? – Tarek Salah Dec 19 '16 at 18:50
  • You are correct. When I uncheck the Anonymous Authentication from the Default Frontend ExchServer, I do not receive email from external domains such as Hotmail for example. – Tarek Salah Dec 19 '16 at 18:55
  • In most cases it would be third party protection. However there is no fool-proof way to deal with it. SPF records are meant to help but the majority of domains do not have them, so you cannot filter on those alone. Set your own SPF records and check on those. If you look around through Google and other forums you will also find transport rules that can be used to block email from your own domain that originate outside, but you need to be careful with that setting as it can cause some legitimate email to be blocked. – Sembee Dec 20 '16 at 11:02