Stopping Exchange 2016 Same Domain Spam Spoofing

We recently converted over to using Exchange 2016 for our internal email hosting and we were immediately buried in spam. Initially we enabled the exchange built-in spam protection and it just wasn’t cutting it. We expanded out and got ourselves BitDefender Exchange Protection which promptly dropped our spam rate almost overnight. However, we were still getting emails from our own domain @infinitewebdesign.com. The best places we found to combat this involved removing the permission: ms-exch-smtp-accept-authoritative-domain-sender in the active directory for the receive connectors. This, thankfully, allowed BitDefender to at least classify them as spam, but we were still able to be spoofed.

A simple telnet to our server like so:

>telnet <server_ip_here> 25

>EHLO

>MAIL FROM: test@<domain_here>

>RCPT TO: someone@<domain_here>

>DATA

>Subject: This is a spam test

>.

><empty line>

 

It would be delivered and occasionally marked as spam depending on the contents of the mail itself. We eventually found to fix it do the following in the Exchange Management Shell for each server and the ‘default’ web connectors:

>Get-ReceiveConnector “Default <name>” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

Then run

>Set-SendFilterConfig -BlockedDomains <domain_here>

>Set-SendFilterConfig -InternalMailEnabled $true

After these are ran you can restart the Microsoft Exchange Frontend Transport service and you should no longer see spam coming from your own domain.

 

 

Eric Stevens

Eric Stevens

I am a senior developer at Infinite Web Design.
Eric Stevens

Latest posts by Eric Stevens (see all)