02 July 2015

Hide your internal server names from email header

When sending email to an organization outside your lan you also send some information that you don't want to expose and even in some cases those emails are not accepted because the SPF rules state that no local domain names are accepted, as they cannot be resolved by reverse DNS checking the HELO.

One way of dealing with this issue is to remove the anonymous access right on the send connector:

Get-SendConnector “Connector Name” | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights ms-Exch-Send-Headers-Routing -user “NT AUTHORITY\Anonymous Logon”


In my opinion there's an easier way, one that can be rolled back instantly in case something goes wrong or causes errors.
Create a Transport rule that removes the "header" from all out going messages.


Open Microsoft Exchange Console
Navigate to:
Microsoft Exchange \ Organization Configuration \ Hub Transport \ Transport Rules





  • Right Click and select New Transport Rule 
  • Name it " Remove headers "Received" ” 
  • click Next
  • Choose "From users inside or outside the organization"
  • Select Inside click Next
  • Choose Remove header
  • As message header just write: "Received"
  • Click Next twice

No comments:

Post a Comment