How to remove internal server names and IP addresses from SMTP headers

According to RFC 2821, "When an SMTP server receives a message for delivery or further processing, it MUST insert trace ("time stamp" or "Received") information at the beginning of the message content". This means that when you send e-mail outside your organization, there will be tracing information on every message SMTP headers:

Received: from ( []) by with ESMTP id 8DBB7110805E for>; Sun, 18 Jan 2009 14:43:23 +0000 (UTC)

Since lot of people support security through obscurity, removing this kind of internal information might contribute to a safer IT infrastructure (wether it does it or not, it's outside the scope of this tip). So how can we easily achive that with Exchange 2007? Although you could use Transport rules Actions "set header with value" and "remove header", the simpler way is to deny anonymous connections the right to read this particular message property, using PowerShell cmdlets.

If you're using a Hub Transport server directly connected to the Internet:

Get-SendConnector "Connector Name" | Remove-ADPermission -User "NT AUTHORITY\Anonymous Logon" -ExtendedRights ms-Exch-Send-Headers-Routing

For Edge server, use this cmdlet instead:

Get-SendConnector "Connector Name" | Remove-ADPermission -User "MS Exchange\Edge Transport Servers" -ExtendedRights ms-Exch-Send-Headers-Routing

About The Author

1 thought on “How to remove internal server names and IP addresses from SMTP headers”

  1. I tried using the below command:

    Get-SendConnector “Connector Name” | Remove-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights ms-Exch-Send-Headers-Routing

    and verified the permission using below
    Get-SendConnector “Connector Name” | Get-ADPermission | where {$_.ExtendedRights –like “*routing*”} | fl user, extendedrights

    The specified permissions was removed for ANONYMOUS LOGON but still header information is available in outgoing email.

    Environment: Exchange 2013 Server

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top