Dave's Blog: Hide your internal Exchange server name on EHLO HELO - Change your SMTP banner

Tuesday, September 29, 2009

Hide your internal Exchange server name on EHLO HELO - Change your SMTP banner

I had a single Exchange server 2007 (exchange1.intra) on my internal network.
This server had the CAS, Transport and Mailbox roles installed on it.
This server used an SMTP relay to send/receive emails (public name : mail.mycompany.com).
Emails sent to some recipient servers were rejected with the following error :

This came from the fact that some recipient servers double check the name of the server sending the email with a telnet/ehlo-helo request on it :
telnet mail.mycompany.com 25
> 220 exchange1.intra Microsoft ESMTP MAIL Service .....
exchange1.intra is different from mail.mycompany.com
You can check your mail server with useful online tools line MXToolBox

Unfortunately, you cannot change your SMTP banner on your Exchange server if it has the mailbox role installed on it.

In order to change your SMTP banner, you need to :

1- add another server (echange2.intra) to your Exchange organization with the mailbox role, move all mailboxes on it and remove the mailbox role from echange1.intra.

2- remove the default Exchange header (will hide that your server is running Exchange) on echange1.intra.
Run in the Exchange Management Shell the following command, where send connector is the name of your send connector:
Get-SendConnector “send connector” | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”

Restart the Exchange Transport service.

3- Set up your new banner with the name of the public server (mail.mycompany.com)
Open a command prompt on exchange1.intra :
cd C:\inetpub\AdminScripts
cscript adsutil.vbs set smtpsvc/1/connectresponse "mail.mycompany.com My Company"

4- Check on echange1.intra that in the send connector properties, you have filled the correct FQDN for helo/ehlo requests

Then the telnet feedback will be:
telnet mail.mycompany.com 25
> 220 mail.mycompany.com My Company

And your emails won't be rejected anymore.

PS : if you have an SMTP virtual server (IIS), don't forget to put mail.mycompany.com in the masquerade domain and FQDN fields.

16 comments:

AnonymousApril 4, 2011 at 7:56 AM
i face the same problem, but i have 3 SERVER, MX, HUB+CAS in internal server and Edge server in DMZ ?
ReplyDelete
Replies
ChristopheApril 13, 2011 at 6:16 PM
Sorry I never had to use an edge server but I believe it would be similar to my ISA in DMZ where you need to set the masquerade domain (in the connectors)
ReplyDelete
Replies
AnonymousApril 15, 2013 at 4:18 PM
Solution, NEVER use exchange as final server.
Post a linux server with a good postfix/sendmail config on it and relay from and to you exchange server.
Saves you a lot of troubles.

ReplyDelete
Replies
ImadAugust 31, 2013 at 6:29 AM
In step 4, why change SEND connector instead of RECEIVE connector?
ReplyDelete
Replies
AnonymousDecember 5, 2022 at 8:42 AM
Affiliate marketing is both the simplest and hardest technique round. Affiliates, typically playing bloggers or streamers, develop a big following after which direct their viewers in the 파라오카지노 direction of|in course of} online on line casino platforms for a fee. Providing up-to-the-minute info just like the working total of a progressive jackpot will add more vitality to the on line casino.
ReplyDelete
Replies
Emrullah44October 4, 2023 at 11:57 PM
ağrı
van
elazığ
adıyaman
bingöl
EN68
ReplyDelete
Replies
Balın4October 6, 2023 at 1:18 AM
elazığ
bilecik
kilis
sakarya
yozgat
KNTMOL
ReplyDelete
Replies
MehmetOctober 21, 2023 at 1:22 AM
İstanbul Lojistik
Zonguldak Lojistik
Konya Lojistik
Ağrı Lojistik
Ordu Lojistik
6HBYL
ReplyDelete
Replies
RiddleSultanı49November 3, 2023 at 9:43 AM
urfa evden eve nakliyat
malatya evden eve nakliyat
burdur evden eve nakliyat
kırıkkale evden eve nakliyat
kars evden eve nakliyat
6ER4U
ReplyDelete
Replies
F6480DenverB612BNovember 10, 2023 at 1:46 PM
B6641
Erzincan Şehir İçi Nakliyat
Bitexen Güvenilir mi
Bitfinex Güvenilir mi
Bayburt Parça Eşya Taşıma
Ünye Marangoz
Altındağ Boya Ustası
Çerkezköy Boya Ustası
Mamak Fayans Ustası
Kırklareli Şehirler Arası Nakliyat
ReplyDelete
Replies
63306LeeED0D7November 14, 2023 at 4:03 AM
421E9
Isparta Evden Eve Nakliyat
Coin Nedir
Hatay Lojistik
Maraş Şehir İçi Nakliyat
Apenft Coin Hangi Borsada
Adana Evden Eve Nakliyat
Vector Coin Hangi Borsada
Ünye Oto Boya
Samsun Evden Eve Nakliyat
ReplyDelete
Replies
601C0Yaritza264EANovember 14, 2023 at 6:09 PM
BA25D
Bingöl Şehir İçi Nakliyat
Düzce Evden Eve Nakliyat
Ankara Şehirler Arası Nakliyat
Batman Parça Eşya Taşıma
Bitlis Şehirler Arası Nakliyat
Etlik Boya Ustası
Konya Şehirler Arası Nakliyat
Bursa Şehirler Arası Nakliyat
Tekirdağ Parke Ustası
ReplyDelete
Replies
209F4Sariah9178ENovember 14, 2023 at 8:23 PM
ADC51
Silivri Çatı Ustası
Mexc Güvenilir mi
Tokat Şehir İçi Nakliyat
Floki Coin Hangi Borsada
Kırşehir Lojistik
Kayseri Lojistik
Kırşehir Parça Eşya Taşıma
Maraş Lojistik
Çerkezköy Evden Eve Nakliyat
ReplyDelete
Replies
DF595Kamryn74327November 16, 2023 at 11:36 PM
0E31C
Ankara Boya Ustası
Bayburt Lojistik
buy steroid cycles
Diyarbakır Şehirler Arası Nakliyat
Denizli Parça Eşya Taşıma
Şırnak Şehir İçi Nakliyat
order testosterone propionat
https://steroidsatisi.com/
Çanakkale Şehirler Arası Nakliyat
ReplyDelete
Replies
0F670KianEA04ENovember 17, 2023 at 7:48 AM
C2C6D
order trenbolone enanthate
seo fiyatları
Kilis Şehirler Arası Nakliyat
Muğla Parça Eşya Taşıma
Bartın Lojistik
Niğde Lojistik
Paribu Güvenilir mi
Karabük Parça Eşya Taşıma
Kocaeli Şehir İçi Nakliyat
ReplyDelete
Replies
52508MileyC9D32November 18, 2023 at 8:53 AM
BE210
Lbank Güvenilir mi
Çanakkale Lojistik
Kars Evden Eve Nakliyat
Ağrı Şehir İçi Nakliyat
Bingöl Evden Eve Nakliyat
Denizli Şehirler Arası Nakliyat
Nevşehir Şehirler Arası Nakliyat
Altındağ Boya Ustası
Paribu Güvenilir mi
ReplyDelete
Replies

Subscribe to: Post Comments (Atom)