This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block emails spoofed p2 headers

I am looking to block emails where the FROM in the P2 header is being spoofed using our email addresses.  I can kill these off at the exchange server by removing the ms-exch-smtp-accept-authoritative-domain-sender on the Internet facing domain connector.  Is there a way to kill these via "Email Protection"?  If I add our domain in the "Sender Blacklist" does this look at the P2 header or only the P1 like SPF?

P1 header
mail from: someone@someotherdomain.com
rcpt to: user1@mydomain.com
data

P2 header
from: user1@mydomain.com (problem)
to: user2@mydomain.com
Subject: P1 and P2 headers are different
The P1 and P2 headers will be different in this message.

Thanks,
                 Jim


This thread was automatically locked due to age.
Parents Reply
  • Hi The Bee,

    well, I found a way at least for my environment. I configured a dedicated FrontendTransport Connector for e-mails coming from the UTM only on both of my DAG members and ran the following Powershell command for each:

    Remove-ADPermission <ReceiveConnector Name> –user “NT AUTHORITY\Anonymous Logon” –ExtendedRights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

    Actually I don't know if it really works because I did not yet test it but according to web sources it should exactly do what we want here.

    Regards
    Daniel

Children
No Data