According to RFC 2821, "When an SMTP server receives a message for delivery or further processing, it MUST insert trace ("time stamp" or "Received") information at the beginning of the message content". This means that when you send e-mail outside your organization, there will be tracing information on every message SMTP headers:
Received: from mail0.mycorp.com (mail0.mycorp.com [95.138.2.200]) by
mail1.contoso.com with ESMTP id 8DBB7110805E for
@mycorp.com>; Sun, 18 Jan 2009 14:43:23 +0000 (UTC)
Since lot of people support security through obscurity, removing this kind of internal information might contribute to a safer IT infrastructure (wether it does it or not, it's outside the scope of this tip). So how can we easily achive that with Exchange 2007? Although you could use Transport rules Actions "set header with value" and "remove header", the simpler way is to deny anonymous connections the right to read this particular message property, using PowerShell cmdlets.
If you're using a Hub Transport server directly connected to the Internet:
Get-SendConnector "Connector Name" | Remove-ADPermission -User "NT AUTHORITY\Anonymous Logon" -ExtendedRights ms-Exch-Send-Headers-Routing
For Edge server, use this cmdlet instead:
Get-SendConnector "Connector Name" | Remove-ADPermission -User "MS Exchange\Edge Transport Servers" -ExtendedRights ms-Exch-Send-Headers-Routing
I tried using the below command:
Get-SendConnector “Connector Name” | Remove-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights ms-Exch-Send-Headers-Routing
and verified the permission using below
Get-SendConnector “Connector Name” | Get-ADPermission | where {$_.ExtendedRights –like “*routing*”} | fl user, extendedrights
The specified permissions was removed for ANONYMOUS LOGON but still header information is available in outgoing email.
Environment: Exchange 2013 Server