Here’s a nice little one to tighten up Exchange and prevent those annoying Spoofing messages which can appear to come from your own domain name.

By default the Receive connector allows anonymous connections which of course allows external domains to send you email.  These also include your own Domain name.

Internet Receive Connector

To resolve this problem you’ll need to open up the Exchange Management Shell and remove the Anonymous permission, but only if sent from your Domain.

First, open up the Exchange Management Console, go to “Server Configuration” then “Hub Transport” and get the name of the Receive Connector which you wish to change.

Once you have the name, open up the Exchange Management Shell and type the following Command:
Get-ReceiveConnector “Internet Receive Connector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

Connector Spoof Command
It’ll ask you if you want to proceed, if you’re happy with that type “Y” and hit enter.

I then restarted the Microsoft Exchange Transport Service just to make sure.
You’ may notice that the Anonymous Tick box on the Receive Connector will be unticked, this is normal.
Internet Receive Connector 2

Job done, however if you want to revert this back you can do by typing the following command in the Exchange Management Shell:
Get-ReceiveConnector “Internet Receive Connector” | Add-ADPermission -User “NT AUTHORITY\Anonymous Logon” -ExtendedRights “ms-exch-smtp-accept-authoritative-domain-sender”

Hope this gets you out of a sticky quibble.