Using Header Rewriting with Exchange Server 2010 Service Pack 1
Nowadays a lot of companies are growing and merging, and when acquisitions happen IT departments are centralized to reduce the total costs of ownership through server centralizing, virtualization, etc. In general, when IT departments are responsible for the IT stuff for different and often independent companies, IT technologies must provide a way to separate companies IT outside the LAN most efficiently.
Can you imagine two companies, running their messaging system on the same architecture but look like separate IT technologies from the outside? What do you think “Public Cloud Providers” have to configure to provide server usage for multiple companies? With Exchange Server 2010 Service Pack 1 this can be realized in a quite efficient way; the technology we need is “Header Rewriting”.
SMTP-Header Fields and Rewriting
The SMTP Header consists of different fields. You can overwrite the following fields with no problem:
- Envelope From (MAIL FROM)
- Envelope To (RCPT TO)
- Body To
- Body Cc
- Body From
- Body Sender
- Body Reply-To
- Body Return-Receipt-To
- Body Disposition-Notification-To
- Body Resend-From
- Body Resend-Sender
But you cannot overwrite:
- Return Path
- Content-Type Boundary=string
In addition embedded email headers and non-authoritative Domain settings are never overwritten. If we are talking about signed, encrypted or rights-protected emails then these cannot be reconfigured using header rewriting at all.
To summarize, you cannot overwrite fields within the header that are sustainable important for mail routing in general.
Theoretical Kinds of Rewriting
a) Outbound-Only Address Rewriting
Outbound-Only Address Rewriting means that you are only modifying the outbound email address – the sender’s email address. This means:
- Unique Email addresses for central departments (sales, research, accounting, etc.)
- Using wildcards within these addresses of internal domains only, you need to use a period between the wildcard and the domain name
- Only literal strings are supported
b) Bidirectional Address Rewriting
Bidirectional Address Rewriting modifies incoming and outgoing email messages. This means you need to enable the address rewriting agent on the send and the receive connector to make things work properly. This means:
- You cannot use wildcards
- Only literal strings are supported
c) Address Rewriting in Multiple Domains
Before configuring address rewriting – especially with subdomains – you need to create those subdomains within DNS Server. In addition you need to create the required proxy addresses and it may be needed to create the corresponding contacts, too.
As a general rule you will need to make sure that no conflicting email addresses in your organization exist.
Hierarchy of Address Rewriting Configurations
By default the best match of the internal and external SMTP address pair is being applied. The hierarchy is then as follows:
- Individual email addresses
- Subdomains and Specific Domains
- Domain flattening
Technical Requirements for Header Rewriting with Exchange Server 2010 Service Pack 1
If your network consists of Exchange Server 2010 Service Pack 1 server machines you will need to establish the Edge Transport Server role to make Header Rewriting work. Without Edge Transport Servers, rewriting properly on a RFC basis is impossible. Header Rewriting is only possible from the Exchange Management Shell, no GUI within Exchange Management Console is possible.
How to configure Header Rewriting
If we now go deeper into the configuration, we need to enable this function first. This can be done as follows:
- Inbound Rewriting
Enable-TransportAgent –Identity “Address Rewriting Inbound agent”
- Outbound Rewriting
Enable-TransportAgent –Identity “Address Rewriting Outbound agent”
Examples for Header Rewriting
- Rewrite a single Domain
New-AddressRewriteEntry –Name “ComanyA to CompanyB” – InternalAddress
companya.com – ExternalAddress companyb.com
- Rewrite a single email address
New-AddressRewriteEntry –Name [email protected] to [email protected]
-InternalAddress [email protected] –ExternalAddress [email protected]
- Rewriting Bulk Users
New-AddressRewriteEntry –Name “Rewrite all companya.com subdomains”
-InternalAddress *.companya.com –ExternalAddress companya.com
If you need to define exceptions you will have to use the switch called “-ExceptionList”
Further Methods of Header Rewriting
In addition to these samples shown above there are various choices for configuring Header Rewriting using C# Scripts without Edge Transport Role. As you might have noticed, this is programming and is at first not fully supported because there is no guarantee that updates won’t break your enhancements. In addition, non-programmers may find the coding difficult.
As you should have recognized now, “header rewriting” is completely implemented with the Exchange Edge Server Transport role and everything that has been possible in competitive products in the past is now possible directly within Exchange Server too.
From my experiences the implementation of the Exchange Edge Server Transport role will become more and more of a best practice for many companies and this feature will become more interesting in the near future. In addition, now-a-days, mergers and acquisitions are becoming a way of saving administrative costs in big companies and hence, “the Cloud” becomes attractive for these companies, header rewriting is now a MUST HAVE and not a CAN HAVE.
As you can see, the implementation of “header rewriting” is quite easy although it is not a GUI based setup, it is Shell based. The Cmdlets are self-understanding and are quite easy to remember.
If you still have further questions, please don’t hesitate to contact me.