Prevent annoying spam from your own domain

You need to remove Anonymous Logon from Your receive connectors.

To check which ReceiveConnector  grant this permission:

[PS] Get-ReceiveConnector  | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”}

Use the following command to remove the ms-exch-smtp-accept-authoritative-domain-senderpermission from NT Authority\Anonymous Logon on internet-facing Receive Connector(s):

[PS] Get-ReceiveConnector “My Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission


When not to remove Anonymous permission:
On Receive Connectors used by internal or trusted SMTP hosts(such as copiers/scanners and application servers)

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 2 =