Post

Hiding Server Name and Ip Address in mail Header in Exchange

Posted Updated
By
1 min read

If you are using a Microsoft Exchange Server with default settings in your company, the hostname and IP address information of your Exchange Server will be forwarded to the recipients in the header section of the mail content sent by the users.

For security reasons, many administrators do not want Exchange server computer names and IP addresses to appear in the message header. In this article, we will cover removing Exchange Server computer names and IP address from email header.

#First of all, let's learn the Exchange Server send connector name
	
Get-SendConnector

#Identity       AddressSpaces Enabled
#--------       ------------- -------
#Dis-email {SMTP:*;1}    True

Then find the send connector permissions assigned to Security principals. The security principal is NT AUTHORITY\ANONYMOUS LOGON

Get-SendConnector "Dis-email" | Get-ADPermission | Where-Object { $_.ExtendedRights -like "*routing*"} | Format-table User,AccessRights,ExtendedRights

We need to remove Ms-Exch-Send-Headers-Routing permission from NT AUTHORITY\ANONYMOUS LOGON.

	
Get-SendConnector "Dis-email" | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights ms-Exch-Send-Headers-Routing -User "NT AUTHORITY\ANONYMOUS LOGON"

Verify that NT AUTHORITY\ANONYMOUS LOGON is not shown in the output.

Get-SendConnector "Dis-email" | Get-ADPermission | Where-Object { $_.ExtendedRights -like "*routing*"} | Format-table User,AccessRights,ExtendedRights

To check this process, send an e-mail to a real recipient. After that, analyze the received headers in the message. Make sure that Exchange Server internal names and IP addresses are not shown in the email header information.

Your Mail recipients will still see your server name if you haven't set a "FQDN" in the Send connector. I definitely recommend that you define a "FQDN" information in Send Connector. You can do this with Exchange Admin Center or Exchange PowerShell.

Check the Send Connector FQDN with Exchange Management Shell. In the command output below, we can see that the FQDN is empty.

Get-SendConnector -id "Dis-email" | Format-Table Name,Fqdn

#Name      FQDN
#--------  -----
#Dis-email

Run the following command to define the "FQDN" for the Send Connector.

Get-SendConnector -id "Dis-email" | Set-SendConnector -Fqdn:mail.farukguler.net

#Name         FQDN
#--------     -----
#Dis-email    mail.farukguler.net

If you need to undo these changes; Use the Add-AdPermission command instead of Remove-ADPermission.

Get-SendConnector "Dis-email" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights ms-Exch-Send-Headers-Routing

Umarım faydalı olmuştur. – I hope it was helpful.

Microsoft Exchange Server
This post is licensed under CC BY 4.0 by the author.