A feature, not a bug. This behavior occurs when a message is submitted anonymously. By default, Exchange preserves the original SMTP message submission method and does not resolve the sender’s address if the SMTP submission is anonymous. This is a feature available since Exchange 2003 and replaces the functionality of resolvep2. The reason it’s used is to prevent spoofing.

By default, when an internal/authenticated user sends you a message, you see the user’s display name (e.g. “John Doe”) in Outlook/OWA, etc. Messages from unauthenticated users, including those from internet senders, show up with their SMTP address – e.g. john.doe@company.com. Reason – resolving anonymous senders is a security risk as SMTP protocol allows senders to easily spoof headers. But wait, there’s more. When you check the option to resolve anonymous senders, unauthenticated senders can send mail to recipients that have been set to receive email from authenticated users only!

SMTP Virtual Server – Resolve anonymous e-mail is replaced with Receive Connector – externally secured with Exchange Servers permission group configured within Exchange 2007. Receive connector authentication mechanism – ExternalAuthoritative: The ExternalAuthoritative authentication method requires the ExchangeServers permission group. This combination of authentication method and security group permits the resolution of anonymous sender e-mail addresses for messages that are received through this connector. This replaces the Resolve anonymous senders function in Exchange Server 2003.

http://technet.microsoft.com/en-us/library/aa997261(EXCHG.65).aspx

http://technet.microsoft.com/en-us/library/aa996395.aspx

–Thanks, Jinesh

Advertisements