Using Header Rewriting with Exchange Server 2010 Service Pack 1


Introduction


Nowadays a lot of companies are growing and merging, and when acquisitions happen IT departments are centralized to reduce the total costs of ownership through server centralizing, virtualization, etc. In general, when IT departments are responsible for the IT stuff for different and often independent companies, IT technologies must provide a way to separate companies IT outside the LAN most efficiently.


Can you imagine two companies, running their messaging system on the same architecture but look like separate IT technologies from the outside? What do you think “Public Cloud Providers” have to configure to provide server usage for multiple companies? With Exchange Server 2010 Service Pack 1 this can be realized in a quite efficient way; the technology we need is “Header Rewriting”.


SMTP-Header Fields and Rewriting


The SMTP Header consists of different fields. You can overwrite the following fields with no problem:



  • Envelope From (MAIL FROM)
  • Envelope To (RCPT TO)
  • Body To
  • Body Cc
  • Body From
  • Body Sender
  • Body Reply-To
  • Body Return-Receipt-To
  • Body Disposition-Notification-To
  • Body Resend-From
  • Body Resend-Sender

But you cannot overwrite:



  • Return Path
  • Received
  • Message-ID
  • X-MS-TNEF-Correlator
  • Content-Type Boundary=string

In addition embedded email headers and non-authoritative Domain settings are never overwritten. If we are talking about signed, encrypted or rights-protected emails then these cannot be reconfigured using header rewriting at all.


To summarize, you cannot overwrite fields within the header that are sustainable important for mail routing in general.


Theoretical Kinds of Rewriting


a) Outbound-Only Address Rewriting


Outbound-Only Address Rewriting means that you are only modifying the outbound email address – the sender’s email address. This means:



  • Unique Email addresses for central departments (sales, research, accounting, etc.)
  • Using wildcards within these addresses of internal domains only, you need to use a period between the wildcard and the domain name
  • Only literal strings are supported

b) Bidirectional Address Rewriting


Bidirectional Address Rewriting modifies incoming and outgoing email messages. This means you need to enable the address rewriting agent on the send and the receive connector to make things work properly. This means:



  • You cannot use wildcards
  • Only literal strings are supported

c) Address Rewriting in Multiple Domains


Before configuring address rewriting – especially with subdomains – you need to create those subdomains within DNS Server. In addition you need to create the required proxy addresses and it may be needed to create the corresponding contacts, too.


As a general rule you will need to make sure that no conflicting email addresses in your organization exist.


Hierarchy of Address Rewriting Configurations


By default the best match of the internal and external SMTP address pair is being applied. The hierarchy is then as follows:



  • Individual email addresses
  • Subdomains and Specific Domains
  • Domain flattening

Technical Requirements for Header Rewriting with Exchange Server 2010 Service Pack 1


If your network consists of Exchange Server 2010 Service Pack 1 server machines you will need to establish the Edge Transport Server role to make Header Rewriting work. Without Edge Transport Servers, rewriting properly on a RFC basis is impossible. Header Rewriting is only possible from the Exchange Management Shell, no GUI within Exchange Management Console is possible.


How to configure Header Rewriting


If we now go deeper into the configuration, we need to enable this function first. This can be done as follows:



  1. Inbound Rewriting
    Enable-TransportAgent –Identity “Address Rewriting Inbound agent”
  2. Outbound Rewriting
    Enable-TransportAgent –Identity “Address Rewriting Outbound agent”

Examples for Header Rewriting



  1. Rewrite a single Domain
    New-AddressRewriteEntry –Name “ComanyA to CompanyB” – InternalAddress
    companya.com – ExternalAddress companyb.com
  2. Rewrite a single email address
    New-AddressRewriteEntry –Name [email protected] to [email protected]
    -InternalAddress [email protected] –ExternalAddress [email protected]
  3. Rewriting Bulk Users
    New-AddressRewriteEntry –Name “Rewrite all companya.com subdomains”
    -InternalAddress *.companya.com –ExternalAddress companya.com

If you need to define exceptions you will have to use the switch called “-ExceptionList”


Further Methods of Header Rewriting


In addition to these samples shown above there are various choices for configuring Header Rewriting using C# Scripts without Edge Transport Role. As you might have noticed, this is programming and is at first not fully supported because there is no guarantee that updates won’t break your enhancements. In addition, non-programmers may find the coding difficult.


Conclusion


As you should have recognized now, “header rewriting” is completely implemented with the Exchange Edge Server Transport role and everything that has been possible in competitive products in the past is now possible directly within Exchange Server too.


From my experiences the implementation of the Exchange Edge Server Transport role will become more and more of a best practice for many companies and this feature will become more interesting in the near future. In addition, now-a-days, mergers and acquisitions are becoming a way of saving administrative costs in big companies and hence,  “the Cloud” becomes attractive for these companies, header rewriting is now a MUST HAVE and not a CAN HAVE.


As you can see, the implementation of “header rewriting” is quite easy although it is not a GUI based setup, it is Shell based. The Cmdlets are self-understanding and are quite easy to remember.


If you still have further questions, please don’t hesitate to contact me.

2 thoughts on “Using Header Rewriting with Exchange Server 2010 Service Pack 1”

  1. Thanks for the article. We are trying to overcome a issue where we think this Header overwrite may help. Can you advise.

    We use distribution list (DL) with members from multiple firms. Problem occurs when external person email to the DL and it goes back to their network to another users who are also member of the DL list. Because of anti-spam policies it get rejected and bounce goes to everyone in the DL list.

    Do you think this Header Re-write will overcome this issue? Thanks

  2. I am also expericencing a similar problem.

    It would be great if header Re-write can solve this.

    Best regards

    Markus

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top