Hi there,
I am struggling with understanding security implication of the anonymous permission on the default receive connector. I am looking for a steer in the right direction:)
I have exchange 2010 SP3 stand alone server with hub transport behind a firewall (no edge). We do have a 3rd party service (spam filter) that relays clean emails to our exchange server.
Currently i have a default setup receive connector that is configured to receive emails for any IP and a rule in the firewall to relay traffic on port 25 to the exchange server.
Recently i came to realization that all of my internal devices such as multi functional printers, UPS, NAS, etc are able to send notification emails to me without any authentication involved. That would mean, if say a virus hit any of my client computers, it would have a green light to spam everyone internally or externally without much effort!
Is this correct?
Obviously, if i uncheck anonymous permission in default receive connector, my server won't be able to receive anything at all.
Are there any best practices to secure this flaw? limit which anonymous INTERNAL devices can use my exchange as a relay? how about External anonymous clients, is it a concern?