I have recently been combating an SMTP AUTH attack in which one of my email accounts had been compromised and was being used to solicit spam. I have been able to identify the account and change the password however I would like to further restrict my exchange server. By default exchange 2010 allows for any authenticated user to specify any email address as the MAIL FROM address and it will accept it. Is there any way to restrict this so that only the authenticated account's email address will be able to be used as the MAIL FROM address? I have been looking through all ADPermissions for the SMTP connector however I can't find any documentation on how to accomplish this. Any suggestions would be greatly appreciated.
Telnet Test Picture
SMTP Connector Properties Pictures
Best Answer
I'm not sure what you are asking here. Your "by default" assumption is incorrect, unless I'm reading you wrong.
You shouldn't have default delegation/send as permissions for all mailboxes, especially for any user, and changing the MAIL FROM to something like "omghi2u@smtpdomain.com" sending to an external user should fail with:
"You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk."
Can you maybe elaborate?
EDIT: Now if you are sending email through a relay receive connector you are able to make up a fake SMTP FROM address, but if that's how your default mail connector is setup it shouldn't be. You can use such a connector for app servers, etc. that need to relay email through the Exchange server, but you should restrict it down to certain IP addresses that connector accepts mail from.