Feb 19 2022 01:44 AM
I have been reviewing the SMTP relay in my organisation. What we refer to as the SMTP relay is a receive connector on the front end transport service in exchange 2016 that has ExternalAuthoratative authentication mechanism enabled on it and a large list of RemoteIPRanges associated with it. From a review it seems that any system with an IP address in that range can:
This seems bonkers to me as I easily created a dummy mail that appeared to come from an internal staff member but simply came from some python code running on one of those 'whitelisted' systems. I'm wondering how to harden this?
For starters, many modern devices like printers, back end applications etc. support basic auth for mail sending so I'm thinking:
Questions:
For 2, can I also restrict the IP ranges that can use this? Also, how to prevent these devices sending with any sender address?