Hide Exchange Server information (IP and host name) in message headers

I. Description of the phenomenon

==============================================================================================

When you send a message to the public via exchange, when we look at the message header, all the SMTP paths to the message route are displayed in the message header. The records in these paths are all SMTP servers through which the message was sent, which contains the FQDN and IP address of the server. While the internal server FQDN and IP address of this information leaked to the public network is not conducive to server security (personal advice can be retained message header information.) Displays the FQDN and IP information that the message header can view to the internal Exchange server after you send the message to the 163 mailbox by default:

650) this.width=650; "height=" 289 "title=" image "style=" Border:0px;padding-top:0px;padding-right:0px;padding-left : 0px;background-image:none; "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/8C/E3/ Wkiom1h8iahsjtvzaahcgxhws6e570.png "border=" 0 "/>

By understanding the discovery, the FQDN and IP address information for the internal Exchange server is displayed in the header of the message that is sent to the public message because it is enabled by default in the Send connector

Ms-exch-send-headers-routing permissions (e-mail sent to the public by Exchange is using the NT Authority\Anonymous LOGON authentication method), Ms-exch-send-headers-routing Displays the FQDN information for all SMTP servers in the message header.

The permissions for the Send connector are described below:

Send Connector permissions	Description
Ms-exch-send-exch50	This permission allows the session to send messages that contain the EXCH50 command. If this permission is not granted and a message with the EXCH50 command is sent, the server sends the message but does not contain the EXCH50 command.
Ms-exch-send-headers-routing	This permission allows the session to send all messages that are received with the same headers intact. If this permission is not granted, the server deletes all headers that are received.
ms-exch-send-headers-organization	x-ms-exchange-organization- as the beginning. If this permission is not granted, the sending server deletes all organization headers.
Ms-exch-send-headers-forest	This permission allows the session to send all messages that remain intact for the forest header. All the forest heads begin with x-ms-exchange-forest- . If this permission is not granted, the sending server deletes all forest headers.

Get the Send connector permissions on the Exchange server by using the following command:

Get-sendconnector | Get-adpermission | Where-object{$_. Extendedrights-like "*routing*"} | FL name,user,*right*

650) this.width=650; "height=" title= "clip_image001[6" style= "border:0px;padding-top:0px;padding-right:0px"; Padding-left:0px;background-image:none; "alt=" clip_image001[6] "src=" http://s3.51cto.com/wyfs02/M02/8C/DF/ Wkiol1h8icycaur2aad9tdlcw8i791.png "border=" 0 "/>

Second, the specific operation

=======================================================================

We can set up the following settings if we want to set up Exchange send to public messages to hide internal Exchange Server information:

1. Remove the ms-exch-send-headers-routing permission from the Receive connector using the following command

The operation is as follows:

Get-sendconnector "to 163.com" | Remove-adpermission-accessrights extendedright-extendedrights ms-exch-send-headers-routing- User "NT authority\anonymous LOGON"

650) this.width=650; "height=" title= "clip_image003[4" style= "border:0px;padding-top:0px;padding-right:0px"; Padding-left:0px;background-image:none; "alt=" clip_image003[4] "src=" http://s3.51cto.com/wyfs02/M01/8C/DF/ Wkiol1h8ic2tgbswaaczikjtvkc806.png "border=" 0 "/>

2. Set the response FQDN of the Send connector

Next, set the response FQDN for the Send connector, which will be displayed in the message header. You can customize the name of the display. The following send connector to 163.com sends mail directly to the Internet. Specific settings

650) this.width=650; "height=" 420 "title=" image "style=" Border:0px;padding-top:0px;padding-right:0px;padding-left : 0px;background-image:none; "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/8C/DF/ Wkiol1h8idhaz8m6aacuadeizqe252.png "border=" 0 "/>

Third, the display effect

==============================================================

1. Send a test message to 163.com view the displayed message header effect

we see that mx.contoso.com is displayed in the message header for the FQDN that we set on the Send connector.

650) this.width=650; "height=" title= "image" style= "Border:0px;padding-top:0px;padding-right:0px;padding-left : 0px;background-image:none; "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/8C/DF/ Wkiol1h8idxigkcpaae7nhd-xwa737.png "border=" 0 "/>

2. The following messages sent to 163.com by Exchange are forwarded through EOP for Office 365

Message headers that are forwarded through Office 365 display the effect, showing only the public IP address information for the Exchange outlet in the message header, not the internal Exchange server information.

650) this.width=650; "height=" 237 "title=" image "style=" Border:0px;padding-top:0px;padding-right:0px;padding-left : 0px;background-image:none; "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/8C/DF/ Wkiol1h8idnznhycaad0uqkq3fk357.png "border=" 0 "/>

This article is from the "Jialt blog" blog, make sure to keep this source http://jialt.blog.51cto.com/4660749/1892344

Hide Exchange Server information (IP and host name) in message headers