Yes, you can tell that by enabling SMTP protocol logging on the Receive Connectors.
The one used will be listed for that connection in the protocol logs
https://learn.microsoft.com/en-us/exchange/mail-flow/connectors/configure-protocol-logging?view=exchserver-2019
Security! Exchange receive connectors become open after CU15 to CU19 and march 2021 security patch
Hello,
Our mail infrastructure is composed of two Exchange servers version 2016 in a DAG, that were in CU15.
Where receive connectors did not accept anonymous connections without configuring per ip address permissions!
Today, we discovered that after upgrading to CU19 and installing security patch KB5000871 , using any simple tool or any script, would permit sending emails using any identity from our network... which would cause a huge security breach if discovered..!
I would like to know, if anyone had this problem? and if resolved, what was the solution for it?
Thanks in advance
4 answers
Sort by: Most helpful
-
Andy David - MVP 142.2K Reputation points MVP
2021-03-16T12:12:26.12+00:00 -
Lotfi BOUCHERIT 91 Reputation points
2021-03-16T15:19:38.857+00:00 Thank you,
The settings seem to be fine correct but it's not working... i don't know, if it's could be caused by the last upgrade and patch management? -
Xzsssss 8,861 Reputation points Microsoft Vendor
2021-03-17T02:40:30.907+00:00 Hi @LotfiBOUCHERIT-4930 ,
Have you tried to uncheck the Anonymous users of the Internal SMTP Relay connector?
I would think it's expected if you allow the anonymous relay on that receive connector and the Senders & Recipients are internal guys.
Also please check the permission of the other receive connectors.As Andy said, you could try to change the scoping of IP addresses to allow specific users to access.
I'd like to know, too, if possible, for a received email, can we know which connector was used to deliver it?
Well if you have created a send connector, you can judge by the scoping Domain and Cost. But it could also use the default Send Connector to do that if you didn't create one.
Regards,
Lou
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
Lotfi BOUCHERIT 91 Reputation points
2021-03-17T03:49:48.087+00:00 thank you for your help,
for the receive connectors, i believe that those ip addresses are set...
for the available connectors we have:
for the configuration of the internal smtp relay ## :
security:
scope:
for the default #SERVER security:
and the scope:
as you said, @Xzsssss for the send connectors:
and the last one, has only the antispam device to send emails to internet.
And i believe, that nothing was changed lately...Could anyone please, tell what should be done?
Regards