Anyone who has worked with Exchange is sure to have come across message headers in emails. Helpdesk and other teams use it to troubleshoot transport issues in the environment. Message headers are exposed if you are using Outlook, but you do have to get the properties of the message.


Whenever you have examined a message header, you would have noticed that it contains internal Exchange server fqdn and IP addresses, which also exposes the AD domain details. In Exchange 2010, you can use header firewall to hide the internal server info. You do this by taking away the rights to send the internal details on a message header (ms-Exch-Send-Headers-Routing) on the send connector.

Let me explain with an example. I have a send connector named “Internet” to route all my emails to the outside world. If I don’t want external recipients to know about my internal server details through message headers, I need to remove the ms-Exch-Send-Headers-Routing permission set for anonymous users on the send connector. First, let us find the permissions set using the command below.

Get-SendConnector “Internet” | Get-ADPermission | Where-Object { $_.extendedrights –like “*routing*” | fl user, *rights

--> Please see the rest on the blog :