Remove domain sender permissions Exchange 2010

One of the more annoying types of spam is the one that seems to be coming from your own domain; or worse— from your own email address! Of course, users from your own domain don’t generally spam each other— unless you’re using one of the free web-based email services. And most of us don’t spam ourselves.

Obviously, this is coming from a spammer who has spoofed your email address, or that of someone else from your domain. Unfortunately, SMTP— the protocol that allows mail clients and servers to exchange email, allows headers to be spoofed easily.

Thanks to the extensive Transport Permissions model in Exchange 2010, we can easily prevent such spam. Receive Connectors have the ms-exch-smtp-accept-authoritative-domain-sender permission which dictates whether an Accepted Domain can be used in the MAIL orFROM headers. External/internet hosts submit mail to your server without authentication, as anonymous senders. To prevent anonymous senders from sending mail using your domain(s), we need to remove the ms-exch-smtp-accept-authoritative-domain-senderpermission assigned to them.

Use the following command to remove the ms-exch-smtp-accept-authoritative-domain-sender permission from NT Authority\Anonymous Logon on internet-facing Receive Connector(s):

Get-ReceiveConnector “My Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

Once this permission is removed, when anonymous senders try to submit mail using your Accepted Domain(s).

You can try to send a fake mail by using this site: http://emkei.cz/

 

 

Advertisements

SCCM 2012 & 2007 Boundaries Migration

Time to migrate your 2007 SCCM envoirment to 2012. The first thing you might think of is how to push out the new client and how and when to configure boundaries.

First of all configure the client push settings on the 2012 site.

Then go to Installation Properties and configure the new 2012 site code:

SMSSITECODE=Sitecode and also i added my Fallback Status Point FSP=server.local This will tell the computer/client what site they will assign to.

Configure the boundaries at your new SCCM12 site and assign it to a boundary Group.

At this time you will now be able to push out the new client using client push or GPO. Remember to place the package to your DP.

Remember to uncheck the Auto assigment under Client Push Installation Properties, why? Because you don’t want both sites to auto assign their clients.

Configuration Details
Site assignment Site assignment is used by clients that use automatic site assignment to find an appropriate site to join, based on the clients current network location. After a client assigns to a site, the client will not change that site assignment. For example, if the client roams to a new network location that is represented by a boundary in a boundary group with a different site assignment, the client’s assigned site will remain unchanged.When Active Directory System Discovery discovers a new resource, network information for the discovered resource is evaluated against the boundaries in boundary groups. This process associates the new resource with an assigned site for use by the client push installation method.
Content location Content location is used by clients to identify available distribution points or state migration points, based upon the client’s current network location

Outlook2010 Profile Roaming with Folder Redirection

Ok, i got it to work now with two scripts:

One that activates when user login:

cmd /c regedit /C /S %appdata%\Outlook_Profile.reg
cmd /c regedit /C /S %appdata%\Office_Setup.reg

And one that activates when the user logs off:

cmd /c regedit /E %Appdata%\Outlook_data\Outlook_Profile.reg “HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\%username%”
cmd /c regedit /E %Appdata%\Outlook_data\Office_Setup.reg “HKEY_CURRENT_USER\Software\Microsoft\Office”

This exports and imports the regfiles of the outlook settings. So that the users settings follows with the user, regardless of what computer they log in to.