如何使用我的內部接受域防止來自外部的欺騙性電子郵件
我收到從我自己的域發送到我自己的域的垃圾郵件。我正在使用 Exchange 2013。
例子:
myemail@mydomain.com被用來向myemail@mydomain.com發送垃圾郵件。
我可以通過從任何外部 IP 遠端登錄到伺服器來成功複製問題。
telnet <external-ip-of-server> 25 helo anydomain.com 250 myserver.mydomain.com Hello [External-IP] mail from:myemail@mydomain.com 250 2.1.0 Sender OK rcpt to:myemail@mydomain.com 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> some text here . 250 2.6.0 <f64fd0bdf5c2460087b95c3ab343ef80@myserver.mydomain.com> [InternalId=20890720927751, Hostname=myserver.mydomain.com] Queued mail for delivery
我有一個這樣的 SPF 記錄設置:
v=spf1 ip4:External.IP.of.MyServer -all
我還在 Exchange 2013 伺服器上啟用了 SenderID,如下所示:
[PS] C:\Windows\system32>get-senderidconfig | fl RunspaceId : 9be45249-1186-42b4-9e4e-3bc5a56c0c63 SpoofedDomainAction : Reject TempErrorAction : StampStatus BypassedRecipients : {} BypassedSenderDomains : {} Name : SenderIdConfig Enabled : True ExternalMailEnabled : True InternalMailEnabled : False AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) DistinguishedName : CN=SenderIdConfig,CN=Message Hygiene,CN=Transport Settings,CN=MyOrganization,CN=Microsoft Exchange,CN=S ervices,CN=Configuration,DC=mydomain,DC=com Identity : SenderIdConfig Guid : e85c9acb-579e-4d92-bde7-03ac2dd9beac ObjectCategory : mydomain.com/Configuration/Schema/ms-Exch-Message-Hygiene-Sender-ID-Config ObjectClass : {top, msExchAgent, msExchMessageHygieneSenderIDConfig} WhenChanged : 2015-12-08 10:23:24 WhenCreated : 2014-02-15 13:37:30 WhenChangedUTC : 2015-12-08 09:23:24 WhenCreatedUTC : 2014-02-15 12:37:30 OrganizationId : Id : SenderIdConfig OriginatingServer : mydc.mydomain.com IsValid : True ObjectState : Unchanged
如何在不使用任何外部反垃圾郵件服務的情況下防止此類垃圾郵件?
您需要通過執行以下命令來刪除繞過發件人地址欺騙檢查的權限:
Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission
如果這不能解決問題(即對於 Exchange 2013 CU5+),您應該執行以下操作:
- 阻止您自己的域
Set-SenderFilterConfig -BlockedDomains mydomain.com
Set-SenderFilterConfig -InternalMailEnabled $true
2. 為匿名使用者刪除 ms-Exch-SMTP-Accept-Any-Sender
Get-ReceiveConnector "name of the internet receive connector" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-Exch-SMTP-Accept-Any-Sender"} | Remove-ADPermission
3. 允許從 LAN(如果需要)打開中繼:
Get-ReceiveConnector "name of your LAN Open Relay connector" | add-ADPermission -user "NT AUTHORITY\Anonymous Logon" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender"
PS 確保在這些操作之後重新啟動傳輸服務。