Removing Exchange 2007/2010 Internal Headers

To date when a user receives an email from another user the Message Headers are used to identify the remote server and ip.
Usually this would only show the helo (ehlo) response and the External IP address with a Reverse DNS Query result.
Naturally this is what one would expect in order to trace the origin of the email. However with Exchange 2007 and 2010 Microsoft has decided to publish the internal servername and ip when delivering the Message Headers. This can cause complications with Anti-Spam solutions which check the origin mail server and find it has an Internal IP which can lead to false positives.
Since the IP and servername is also published this leaves your security in question as anyone who receives an email (even a bounce message) can obtain this information.

So if you want to fill this glaring secuirty hole and have mail delivered properly then follow this guide.

1. Go to Exchange Management Console
2. Under “Organization Configuration” select Hub Transport
3. Select Transport Rules then “New Transport Rule”.

Give the Rule a name then set the following:

Sent to Users Outside the organization
Remove Header “Received”
Except: None

Now you should find that all Internal info is missing from the Message Headers.

Leave a Reply

Your email address will not be published. Required fields are marked *