Master Exchange 2007

powershell, automation & more…

Using Powershell to REMOVE the internal message headers

Posted by shauncroucher on August 30, 2009


First of all, I’m not a fan of doing this at all, but it is a very common question amongst administrators, and many cite security as the reason for doing so.

The reason I’m not a fan is because this reduces the level of information you have when it comes to troubleshooting mail flow issues. It does not allow you to see the SMTP audit trail as a message traverses through the ether.

That aside, there are two ways that this can be achieved.

METHOD 1 – Removing a permission from the Anonymous Logon.

The first involves removing a specific permission from the Send Connector. The permission is "ms-Exch-Send-Headers-Routing". If this is removed from the Anonymous Logon on the send connector that delivers OUTSIDE the organisation, then all the ‘Received’ headers will be removed from the message.

To remove the permission run the following cmdlet:

Get-SendConnector "<NAME OF SEND CONNECTOR>" | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights "ms-Exch-Send-Headers-Routing" -user "NT AUTHORITYAnonymous Logon"

Then RESTART THE TRANSPORT SERVICE using the following command:

Restart-Service MSExchangeTransport

Let’s say you have come to your senses and decided its not a good idea to remove the header information from outgoing mail. You would run the following command:

Get-SendConnector "<NAME OF SEND CONNECTOR>" | Add-ADPermission -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITYAnonymous Logon”

METHOD 2 – Using Transport Rules to remove the ‘Received’ header information

On the server that delivers messages outside the organisation, create a Transport rule using the GUI or using powershell:

$Condition = Get-TransportRulePredicate FromScope
$Condition.Scope = "InOrganization"
$Action = Get-TransportRuleAction RemoveHeader
$Action.MessageHeader = "Received"
New-TransportRule -name "Remove Headers" –comments “Hide headers revealing internal Transport server FQDN’s” -Condition @($Condition) -Action @($Action)

Obviously, when you come to your senses, remove the rule using Remove-TransportRule "Remove Headers"!

Shaun

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: