Exchange2010 How to prevent external users from using internal user addresses to send internal mail?

Exchange2010 How to prevent external users from using this domain address to send messages inward?

By default, the anonymous user permission group has the following permissions:

Ms-exch-smtp-submit

Ms-exch-smtp-accept-any-sender

Ms-exch-smtp-accept-authoritative-domain-sender

This permission allows senders that has e-mail addresses in authoritative domains to establish a session to this Receive Connector.

Ms-exch-accept-headers-routing

To prevent sending mail as a domain name, you can use the following method to resolve:

Method One:

1. On the Exchange Hub Transport server, run Adsiedit.msc.

2. Navigate to Configuration->services->microsoft Exchange->first organization->adminstrative Groups-> Exchange administrative Group->servers->server_name->protocols->smtp Receive Connector

3. Right-click the default Receive connector and switch to the security bar and click to select Anonymous Logon.

4. Click to select the Deny to the right of Accept authoritative Domain sender in the list below.

5. Restart the Microsoft Transport Services service.

Method Two:

1. Enter the following command under PowerShell:

Get-receiveconnector "Default srv12-01" | Get-adpermission-user "NT authority\anonymous Logon" | where {$_. Extendedrights-like "Ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-adpermission

2. Restart the Microsoft Transport Services service.

Note:

Replace the default srv12-01 with the name of your actual accept connector, and note that the port is 25.

This article is from the "Dermot W.J. Zhang Technical Notes" blog, so be sure to keep this source http://103703.blog.51cto.com/93703/1744814

Exchange2010 How to prevent external users from using internal user addresses to send internal mail?