Enable Header Firewall in Exchange 2010

In certain scenarios it is recommended to enable Header Firewall to prevent a message being created that could possibly spoof X-Headers in to order to imitate an edge transport server and to accept the messages by the receiving server. This is especially the case if you do not use a smart host that removes headers which may disclose too much information about your organisation.

In order to enable (Deny) the Header Firewall you must set the ‘Deny’ permission on the Send connector.

This can be achieved by using the following command;

Add-ADPermission -Identity “<Send Connector>” -User “NT Authority\Anonymous Logon” -ExtendedRights Ms-Exch-Send-Headers-Routing -Deny

By default, no Send (or Receive) connector is configured for Header Firewall.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s