Exchange 2010 启用匿名 如何防止任意伪造一个邮件地址发送给内部帐号！

Exchange2010如何防止外部用户冒用本域地址向内发邮件？

在缺省状况下Anonymous user权限组有下面的权限：

Ms-Exch-SMTP-Submit

Ms-Exch-SMTP-Accept-Any-Sender

Ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

This permission allows senders that have e-mail addresses in authoritative domains to establish a session to this Receive connector.

Ms-Exch-Accept-Headers-Routing

 

要阻止别冒充域名发送邮件，可使用下面的方法来解决：

 

方法一：

1. 在Exchange中心传输服务器上，运行ADSIEDIT.msc.

2. 浏览定位到Configuration->Services->Microsoft Exchange->First Organization->Adminstrative Groups->Exchange Administrative Group ->Servers->server_name->Protocols->SMTP Receive Connector

3. 右击Default Receive Connector并切换到Security栏，点击选中Anonymous Logon.

4. 在下面的列表中点击选中 Accept Authoritative Domain Sender右边的Deny.

5. 重启Microsoft Transport services服务.

方法二：

1.在PowerShell下输入如下命令：

Get-ReceiveConnector "Default SRV12-01" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission

2. 重启Microsoft Transport services服务.

备注：

请将Default SRV12-01替换为您实际的接受链接器的名称，注意是端口为25的那个。