I am banging my head against the wall here.
Since a few days, I am getting emails that are addressed from myself and addressed to me. Now obviously this is comming from some spammer, so I decided to do a search or two to fix this.
Now IMHO allowing anyone to send as a local user is a big security issue. Any smart user could simply telnet into the local smtp server and send an email using any local user ! No idea why this is the default behaviour for Exchange, but quite frankly, if you claim you are a local user, you authenticate to prove it !
My search netted me with three suggestions, none of them work:
1) remove ms-Exch-SMTP-Accept-Any-Sender for anonymous users on the receive connector
2) remove ms-Exch-SMTP-Accept-Authoritative-Domain-Sender for anonymous users on the receive connector
3) enable Sender-ID validation on the receive connector, with a corresponding TXT (SPF) record in DNS.
Even with all three of these in place, I am fully able to enter a local user in the mail from field on the SMTP server.
Now Certainly there must be a way to prevent this from happening ?