I have a distribution group under Exchange Server 2016 which should not receive mail from external users. I checked the option "Only senders internal to my organization"(see screenshot attached). But Gmail accounts still manage to send mail to distribution group
Can you help me understand why this?
What we need to confirm first is
- Are the emails from specific external GMAIL users or from all GMAIL users
- Does the email expands to all members of the Distribution Group or to specific members
- Can we confirm if this has been working before or a new settings
By design, external members should not be able to email a distribution group after checking the "Only allow messages from people inside my organization".
If per adventure, external members are still getting emails sent to a distribution group after checking the “Only allow messages from people inside my organization” option, it could be due to a delay in the replication of the changes made to the distribution group settings if it has just been saved. It usually takes about 60 minutes for distribution groups to be fully created and ready for management.
However, if it has been working before an stopped working, you may need to uncheck the Only allow messages from people inside my organization, save the settings, refresh the browser. Go back to the DG management again, check the Only allow messages from people inside my organization >> save the settings >> refresh the browser again and try reproducing the issue.
Check if the emails does delivers to specific users, we need to check if these users has not added the external users as safe senders in their outlook.
In conclusion, if all the above has been tested and the issue is not resolved, we may be considering exporting members of the distribution group, deleting the distribution group and recreating a new one. If that still does not assist, then we would be looking at creating a Transport rule to block external emails from sending emails to the Distribution Group.
If I have answered your question, please mark your post as Solved If you like my response, please give it a Like Appreciate your Kudos! Proud to contribute! :) |
Thank you for your prompt response. What you have done is to specify who can message the Distribution Group. This is not actually a fix though but rather a work around. Just like I mentioned in my previous email that by default, when you have the settings "only senders inside your organization" checked, external senders should not and cannot be able to send message to a distribution group. But I think there are some additional settings we nee to take a look at which might be taking precedence over the settings we have there. I have not been able to reproduce the issue after making the changes. Yours might still be different though.
Please proceed to check the value of RequireSenderAuthenticationEnabled
In the Exchange Server 2016, run the below PowerShell
Get-DistributionGroup -identity "email address removed for privacy reasons" | fl RequireSenderAuthenticationEnabled
The function of this value
The RequireSenderAuthenticationEnabled parameter specifies to accept messages only from authenticated (internal) senders. Valid values are:
- $true: Messages are accepted only from authenticated (internal) senders. Messages from authenticated (external) senders are rejected
- $false: Messages are accepted from authenticated (internal) and unauthenticated (external) senders.
So if for the affected group, the value for the requiredsenderauthenticationenabled is $false, then we would be considering setting it to $true using the PowerShell command below.
Get-DistributionGroup -identity "email address removed for privacy reasons" | Set-DistributionGroup -RequireSenderAuthenticationEnabled $true
One more last thing I would need to confirm, is it only receiving emails from GMAILs or from every other external emails.
If I have answered your question, please mark your post as Solved If you like my response, please give it a Like Appreciate your Kudos! Proud to contribute! :) |
The email @Deleted
Thank you again,
The email is delivered to all users if sent by any GMAIL user.
The value of -RequireSenderAuthenticationEnabled is true.
We have created a new Distribution group but this distribution group has the same problem.
Cordialement.
If you have the RequireSenderAuthenticationEnabled set to true, meanwhile, emails that delivers to the Distribution Group are only GMAIL and do you mean that after creating a new Distribution Group, issue still persists?
Then you might be looking at analyzing the message header to see what is making the email past the server.
Before then, you can confirm if there are any transport rules set to allow emails from domain Gmail to deliver.
If I have answered your question, please mark your post as Solved If you like my response, please give it a Like Appreciate your Kudos! Proud to contribute! :) |