Hi All,

We have Exchange 2013 SP1 infrastructure on top of Windows Server 2012 R2. We have a DAG and CAS NLB clusters.

Anyone can relay Emails from my SMTP to all users within my domain without authentication.However no one can send emails outside my domain (external Emails without authentication).

All these emails are sent through Default Front end Receive Connector, and we cannot Disable Anonymous Users from connector security settings as by doing this we will not receive emails from External World. Please refer the attached snapshot.

Need your suggestion to implement SMTP security to restrict Unauthorized SMTP Relay.

"Anyone can relay Emails from my SMTP to all users within my domain without authentication."

That's not relay, that's submission.  Relay means send mail through your servers to recipients outside your organization, e.g., the Internet.

http://lmgtfy.com/?q=enable+smtp+relay+exchange+20

Thank you for your reply.

I am sorry if I was not clear in  the last post. Is their a was to stop this unauthorized Submission?

Like if my domain is xyz.com users that exists on my exchange servers can only submit emails, if someone try's to use a user name john@abc.com should not be submitted. Is there a way to restrict this?

Thanks

Hi ,

Why don't we restrict the "remote network settings" on the receive connector to only authorized ip address to receive emails on the "default receive connector"over port no 25 .

The parameter is "RemoteIPRanges".  The way to stop unauthorized hosts from connecting is to only allow those that you authorize using that parameter.