Remove internal IP and hostname from header

Posted: June 26, 2012 in Exchange 2010, HT, Powershell
Tags: , , , , , , , , , , , , ,

You can remove the internal address and hostname using the “header firewall” which removes certain rights for the builtin user “Anonymous Logon”. So we remove the ExtendedRight for “ms-Exch-Send-Headers-Routing” for external SMTP-Connector.

First check the access rights of your external connector:

Get-SendConnector “EXTERNAL-CONNECTOR-NAME” | Get-ADPermission | Where-Object { $_.extendedrights –like “*routing*” | fl user, *rights

Be aware to use the right spelling for your Exchange servers’ language:

English OS:

Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”

German OS:

Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT-AUTORITÄT\Anonymous-Anmeldung”

Change FQDN:

Set-SendConnector -id “EXTERNAL-CONNECOR-NAME” -FQDN:mail.company.com

Regards,

Chris

Advertisements
Comments
  1. Victor says:

    The Shell command you’ve mentioned removes the “Received:” headers but not the message-id info. If you wish to remove the internal information from other SMTP headers? use a third-party tool named HeaderRewriter:
    http://www.ivasoft.com/headerrewriter.shtml

  2. Koen Zomers says:

    The dash should not be present in NT AUTHORITY in order for this to work, so it should be:
    Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”

  3. Ian says:

    Great article. Had one problem though, in that “NT-Authority\..” doesn’t seem to exist. Needs to be “NT Authority\” without the dash.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s