Mar 25 2023 09:09 AM
I have a distribution group under Exchange Server 2016 which should not receive mail from external users. I checked the option "Only senders internal to my organization"(see screenshot attached). But Gmail accounts still manage to send mail to distribution group
Can you help me understand why this?
Mar 25 2023 12:22 PM
What we need to confirm first is
By design, external members should not be able to email a distribution group after checking the "Only allow messages from people inside my organization".
If per adventure, external members are still getting emails sent to a distribution group after checking the “Only allow messages from people inside my organization” option, it could be due to a delay in the replication of the changes made to the distribution group settings if it has just been saved. It usually takes about 60 minutes for distribution groups to be fully created and ready for management.
However, if it has been working before an stopped working, you may need to uncheck the Only allow messages from people inside my organization, save the settings, refresh the browser. Go back to the DG management again, check the Only allow messages from people inside my organization >> save the settings >> refresh the browser again and try reproducing the issue.
Check if the emails does delivers to specific users, we need to check if these users has not added the external users as safe senders in their outlook.
In conclusion, if all the above has been tested and the issue is not resolved, we may be considering exporting members of the distribution group, deleting the distribution group and recreating a new one. If that still does not assist, then we would be looking at creating a Transport rule to block external emails from sending emails to the Distribution Group.
If I have answered your question, please mark your post as Solved If you like my response, please give it a Like Appreciate your Kudos! Proud to contribute! 🙂 |
Mar 26 2023 08:38 AM
Mar 27 2023 01:30 AM
Thank you for your prompt response. What you have done is to specify who can message the Distribution Group. This is not actually a fix though but rather a work around. Just like I mentioned in my previous email that by default, when you have the settings "only senders inside your organization" checked, external senders should not and cannot be able to send message to a distribution group. But I think there are some additional settings we nee to take a look at which might be taking precedence over the settings we have there. I have not been able to reproduce the issue after making the changes. Yours might still be different though.
Please proceed to check the value of RequireSenderAuthenticationEnabled
In the Exchange Server 2016, run the below PowerShell
Get-DistributionGroup -identity "email address removed for privacy reasons" | fl RequireSenderAuthenticationEnabled
The function of this value
The RequireSenderAuthenticationEnabled parameter specifies to accept messages only from authenticated (internal) senders. Valid values are:
So if for the affected group, the value for the requiredsenderauthenticationenabled is $false, then we would be considering setting it to $true using the PowerShell command below.
Get-DistributionGroup -identity "email address removed for privacy reasons" | Set-DistributionGroup -RequireSenderAuthenticationEnabled $true
One more last thing I would need to confirm, is it only receiving emails from GMAILs or from every other external emails.
If I have answered your question, please mark your post as Solved If you like my response, please give it a Like Appreciate your Kudos! Proud to contribute! 🙂 |
Mar 28 2023 02:55 AM
The email @Deleted
Thank you again,
The email is delivered to all users if sent by any GMAIL user.
The value of -RequireSenderAuthenticationEnabled is true.
We have created a new Distribution group but this distribution group has the same problem.
Cordialement.
Mar 28 2023 08:45 AM
If you have the RequireSenderAuthenticationEnabled set to true, meanwhile, emails that delivers to the Distribution Group are only GMAIL and do you mean that after creating a new Distribution Group, issue still persists?
Then you might be looking at analyzing the message header to see what is making the email past the server.
Before then, you can confirm if there are any transport rules set to allow emails from domain Gmail to deliver.
If I have answered your question, please mark your post as Solved If you like my response, please give it a Like Appreciate your Kudos! Proud to contribute! 🙂 |
Apr 25 2023 02:09 AM
@Deleted
Hello, we have constated that are now receving email from alls external users event if the parameter requireSenderAuthenticationEnabled is set to True,
We really need a help.
Feb 28 2024 04:28 AM
Hi, so we had a similar problem.
External contacts were able to send emails, to our internal distribution groups, even though we had the -RequireSenderAuthenticationEnabled $True.
So what we found out, was that in our exchange 2016, Under Mailflow / Receiving connectors. Our spamfilter server, was allowed to use port 25 as an external anonymous relay.
We removed it from the allowed list, and now the emails are denied from external contacts towards out internal distribution groups, as intended.
The reason (for our sake) was that our exchange server, saw everything received from the spamfilter, as an authenticated user, because of the above setting.
I hope this helps you.
BR
Martin