MAIL FROM: FAKE

Hello everybody, 

*I manage an a exchange cluster 2013 CU7 installed windows server 2012 platform in single role, CAS/MBX separately and I am having trouble with excess of spam out of my maibox servers. There is an output log series of FAKE emails with the FROM field empty this way: "MAIL FROM:< >".

LOGs:

2016-05-19T18:10:35.031Z,SMTPBRPHEXMBX04,08D3628C5999E4DE,10,172.17.0.38:45029,200.155.160.201:25,>,MAIL FROM:<>,
2016-05-19T18:10:35.031Z,SMTPBRPHEXMBX04,08D3628C5999E4DE,11,172.17.0.38:45029,200.155.160.201:25,>,RCPT TO:<milton@guros.com.br>,
2016-05-19T18:10:36.015Z,SMTPBRPHEXMBX04,08D3628C5999E4DE,12,172.17.0.38:45029,200.155.160.201:25,<,250 ok,
2016-05-19T18:10:36.015Z,SMTPBRPHEXMBX04,08D3628C5999E4DE,13,172.17.0.38:45029,200.155.160.201:25,<,"451 O numero maximo de emails enviados por remetente por hora foi atingido. Por favor, entre em contato com o administrador do sistema. (Maximum number of emails per sender per hour reached. Please, contact your sysadmin)",

* I did some adjustments to try to work around the problem without solution, following settings: 

#To see the permission "{ms-Exch-SMTP-Accept-Any-Sender}"
Get-ReceiveConnector | Get-ADPermission | where {$_.user -like "*Authenticated*" -and $_.Identity -like "*Client*"} | sort Identity | ft identity, user, extendedrights

#Deleted the permission of shipment without sender in the MAIL FROM field:<> | "{ms-Exch-SMTP-Accept-Any-Sender}"
Get-ReceiveConnector | Get-ADPermission | where {$_.user -like "*Authenticated*" -and $_.Identity -like "*Client*"} | Remove-ADPermission -User "NT AUTHORITY\Authenticated Users" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender

#Deleted the permission to anonymous relay on a receive connector
Get-ReceiveConnector | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”}

* And I created the ThrottlingPolicy below and have applied for all accounts of the environment:

Get-ThrottlingPolicy *ebtglo* | select *ratelimit*,forw* | ft -AutoSize

MessageRateLimit RecipientRateLimit ForwardeeLimit
---------------- ------------------ --------------
50               5000               100

* In two days were sent 37382 emails:
[PS] C:\>Get-TransportService | Get-MessageTrackingLog -EventId Send `
>> -Start (Get-Date).AddDays(-2) `
>> -End (Get-Date) `
>> -ResultSize Unlimited |
>> Where-Object {$_.ConnectorId -like 'SMTPMBX04'} | Measure-Object
>>


Count    : 37382

Is there any native solution to block it in the exchange itself?

I choose not to use the native exchange spam, I don't gess a effective solution.

Print Screens: