We are running Exchange 2010 (all-in-one setup) in-house with a simple spam filter and we have a 3rd party provider who sends email on our behalf to external clients as well as internal users using a standard noreply account. Recently, spammers have spoofed our noreply account and sent internal users attachments containing viruses and whatnot. The spammers were able to spoof this account because we haven't been able to restrict who can send on behalf using that account.
We would like to know how, in Exchange, if it is possible make it so that only a particular IP address can send out email using the noreply email address.
Example to illustrate.
Company.com - Us
Vender.com - Vendor
noreply@company.com - local noreply account.
Vendor.com sends company announcements to company.com's clients and internal company.com staff from their own mail servers. Vendor.com obviously sends out the announcements from their mail servers because we only see noreply messages in our spam filter for internal user messages.
I guess as a secondary question, how can they send messages on our behalf? Where is the trust set up in Exchange?
Thanks in advance.
