Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 906
  • Last Modified:

Hide Internet Header Exchange 2007

Hi all,

I want to know whether possible to hide internet header of outgoing emails. I found out how to hide internal IP Address, but I want to hide or virtually change if possible the domain name example: mx.domain.com to mx.seconddomain.com. The best would be to hide both name, and public IP if possible.

We are using four external different domain names, and we don't want them to show in IP header real name our internal domain.

Thank you for any input
0
ICOHelpdesk
Asked:
ICOHelpdesk
  • 7
  • 4
  • 2
3 Solutions
 
shahsejalCommented:
Simply change the FQDN on the send connector.
0
 
ICOHelpdeskAuthor Commented:
Thank you for your answer.

I can do it for one, but how to do it for 4 different domain, and not using an neutral one for all.
0
 
shahsejalCommented:
Using the same Send connector we cannot use multiple FQDN of different domains.
Also even if we try creating any transport rule, it cannot handle which Send connector with which FQDN to be used
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
ICOHelpdeskAuthor Commented:
Than I have to use a general FQDN on the send connector to cover all.
But in that case if I'm not wrong, I have to add that FQDN to a public certificate in order to use TLS, and I don't know what Pubic Certificate Company will say, since they ask for different documentation, and in this case we cannot offer anything apart of domain ownership.
0
 
MesthaCommented:
Use a different certificate provider then.
GoDaddy do not ask for anything other than proof you control the domain by sending you an email to the registered address on the domain or by asking you to put a web page on the domain with a certain name.

A generic name is the only way to go, because Exchange doesn't route based on sender, only on recipient. You can only have one name on the FQDN on the connector.

Simon.
0
 
ICOHelpdeskAuthor Commented:
It seems that we have no other options, but to use a generic name.

Is it enough to communicate encrypted using TLS if we add an additional FQDN in our public cert only for that generic name, meaning that 2 new other domains won't have their FQDN in our cert, but still can communicate encrypted through FQDN used on the  send connector, and internally. If so, how can I verify that communication is encrypted with other companies (of course if they support TLS).
0
 
MesthaCommented:
If you want to use TLS, then to ensure that everyone that can use TLS does, the common name needs to match the MX record address.
That will mean the same MX record host name used for all domains, so that the remote server will connect to a name that matches the certificate. Not all email systems can cope with the SAN/UC certificates, so putting the names as additional names will not mean TLS will work (it can do, but only with servers that can use SAN/UC certificates, mainly other Exchange servers).

To confirm if the connection was over TLS, look in the headers. Exchange puts an extra line in the header.

Simon.
0
 
ICOHelpdeskAuthor Commented:
I'm trying to figure out which is extra line in the header, and I found it in some emails coming from outside. Is this one given below that ensures TLS communications. It comes with some emails from some companies,

with Microsoft SMTP Server (TLS) id 8.1.358.0 ...

I'm receiving this line even from one domain that I'm sure doesn't have Public Certificate.
I've read somewhere that communcation between 2 different domains using Exchange 2007, and Public Certificate is by default encrypted. Is that true, or we need extra steps to make it.

Thank you for all help, and sorry for taking your to much time from you.
0
 
MesthaCommented:
For inbound email, it is not the remote side that has to have the certificate, it is your side. Exchange 2007 does opportunist TLS, so if it is available and the sending server supports it then it will be used. If you setup a certificate correctly then it will be surprising how much email will be sent over TLS.

Simon.
0
 
ICOHelpdeskAuthor Commented:
So, lastly it means that since there is a line in some inbound with Microsoft SMTP Server (TLS) id 8.1.358.0 ...
0
 
ICOHelpdeskAuthor Commented:
So, lastly  since there is a line in some inbound with Microsoft SMTP Server (TLS) id  ... it means that my Exchange is configured correctly, and we can communicate encrypted as regards of our part.
When I imported Public Certificate, I enabled it for SMTP, and IIS in the same time.
0
 
MesthaCommented:
If the header says TLS then it used TLS.

Simon.
0
 
ICOHelpdeskAuthor Commented:
Thank you guys.

You help me a lot to configuring multiple domain names in a single Mail Server, and to understand the way TLS works.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 7
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now