Hide your Exhange Host names and IP Externally

If you are using Exchange 2010, you can notice that your mailing services is willing to give out internal IP addresses and host names of all Exchange servers that participate in delivering a message when sending external Emails. Actually your internet Send connector will send your internal IP server names and host names starting from your mailbox servers, hub servers and edge servers participating in the delivery.

This is not good at all, and auditors will not like it too, so how to solve this issue. If you have Exchange 2010 environment with Edge Server(s) as your email outgoing gateway, then log on to those Edge servers and type the following: 

Get-SendConnector  “my Send Connector Name”|

Get-ADPermission | Where-Object { $_.extendedrights -like “*routing*”} | fl user, *rights

 This command will show that (Anonymous Logon) has an extended right called (ms-Exch-Send-Headers-Routing)


You only need to remove this extended right from that from Anonymous Logon by typing :

 Remove-ADPermission -id “my Send Connector Name”

 -AccessRight ExtendedRight -ExtendedRights  “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s