You can remove the internal address and hostname using the “header firewall” which removes certain rights for the builtin user “Anonymous Logon”. So we remove the ExtendedRight for “ms-Exch-Send-Headers-Routing” for external SMTP-Connector.
First check the access rights of your external connector:
Get-SendConnector “EXTERNAL-CONNECTOR-NAME” | Get-ADPermission | Where-Object { $_.extendedrights –like “*routing*” | fl user, *rights
Be aware to use the right spelling for your Exchange servers’ language:
English OS:
Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”
German OS:
Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT-AUTORITÄT\Anonymous-Anmeldung”
Change FQDN:
Set-SendConnector -id “EXTERNAL-CONNECOR-NAME” -FQDN:mail.company.com
Regards,
Chris
The Shell command you’ve mentioned removes the “Received:” headers but not the message-id info. If you wish to remove the internal information from other SMTP headers? use a third-party tool named HeaderRewriter:
http://www.ivasoft.com/headerrewriter.shtml
The dash should not be present in NT AUTHORITY in order for this to work, so it should be:
Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”
Hi Koen, thanks for the comment. I corrected the article.
Cheers, Chris
Great article. Had one problem though, in that “NT-Authority\..” doesn’t seem to exist. Needs to be “NT Authority\” without the dash.
Hi Ian, thanks for the comment. I corrected the article.
Cheers, Chris