question

PriyaJayaraman-7005 avatar image
0 Votes"
PriyaJayaraman-7005 asked ·

Exchange server information showing in header after removing the ms-Exch-Send-Headers-Routing in the send connector

Hi,
In the send connectors, removing the 'ms-Exch-Send-Headers-Routing' extended rights for NT AUTHORITY\ANONYMOUS LOGON still gives the exchange server information in HELO.
Please see the attached.71596-receivedmsrcaheader.jpg


Though hostname shows as unknown and Exchange server is showing in HELO.

office-exchange-server-administration
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
0 Votes"
AndyDavid answered ·

That's expected. Removing that permission "Controls the preservation of RECEIVED headers in messages. If this permission isn't granted, all received headers are removed from messages." When you send the message externally, that last hop is not your org receiving it, its the recipient's org.

https://docs.microsoft.com/en-us/exchange/mail-flow/connectors/send-connectors?view=exchserver-2019


The header stamp showing the receiving connection between the Exchange Server and a receiving external server is not something you can control.

You can also clear the FQDN on the send connector, but I wouldnt do that. It should match a subject name on a certificate bound to SMTP and you could get mail rejected that you sending.








· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Andy,
Many Thanks for your response. Here FQDN on the send connector is already removed.
Can we try changing the SMTP banner on the exchange servers to hide the exchange server hostname to the outside world. We also want to hide the IP address.
https://docs.microsoft.com/en-us/exchange/mail-flow/connectors/modify-smtp-banners?view=exchserver-2019

If there are any other way, please advice.

Cheers
Priya

0 Votes 0 ·
AndyDavid avatar image AndyDavid PriyaJayaraman-7005 ·

You won't be able to hide the external IP address of the sending server - the external receiving server will stamp that in the headers and you cant prevent that . You can change the SMTP banner, but if it doesnt match a subject name on a certificate, then you wont be able to use TLS

If you wanted to completely hide the internal Exchange Server names, then I would send mail out through a SMTP gateway

0 Votes 0 ·
EricYin-MSFT avatar image
0 Votes"
EricYin-MSFT answered ·

You can compare the header result with an old message header result that ms-Exch-Send-Headers-Routing has not been removed on connector.
Removing ms-Exch-Send-Headers-Routing will hide your internal ip address and internal host name from the header, you can see the whole testing process in this blog: https://www.alitajran.com/remove-message-header-in-exchange-server/
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Eric,
Thanks for the article. In our send connector, we have not populated the FQDN yet. we will try updating and testing this out.

Cheers
Priya

0 Votes 0 ·
EricYin-MSFT avatar image EricYin-MSFT PriyaJayaraman-7005 ·

Any updates?

0 Votes 0 ·
VictorIvanidze-0112 avatar image
0 Votes"
VictorIvanidze-0112 answered ·
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.