Strip/Modify Mail headers (not telnet banner)?

Hi all,

Is there anyway to strip or modify the headers (not banner seen when
telnetting) that are sent in an email via Exchange Server?  As you all
know, information (possibly about the internal network) is disclosed
with every email generated as is displayed in the headers (Exchange
Server Name, IP Address, Version).  These headers can be used as a
recon activity by "baddies".

If this can't be done in Exchange, can someone please recommend a thrid
party solution that would allow us to modify these headers?

Thanks!

0
ltgt2k (3)
9/21/2006 1:48:00 PM
exchange.admin 57650 articles. 2 followers. Follow

5 Replies
552 Views

Similar Articles

[PageSpeed] 30

In my opinion, only the paranoid need be worried about such things.

You can change the hostname:
adsutil.vbs set smtpsvc/1/FullyQualifiedDomainName <domain.com>

http://support.microsoft.com/default.aspx?scid=kb;en-us;314331

-- 
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

<ltgt2k@yahoo.com> wrote in message 
news:1158846480.941647.128270@m73g2000cwd.googlegroups.com...
> Hi all,
>
> Is there anyway to strip or modify the headers (not banner seen when
> telnetting) that are sent in an email via Exchange Server?  As you all
> know, information (possibly about the internal network) is disclosed
> with every email generated as is displayed in the headers (Exchange
> Server Name, IP Address, Version).  These headers can be used as a
> recon activity by "baddies".
>
> If this can't be done in Exchange, can someone please recommend a thrid
> party solution that would allow us to modify these headers?
>
> Thanks!
> 


0
curspice6401 (3487)
9/21/2006 5:35:00 PM
Hi Ed,

Thanks very much for your reply.

The perspective being used when it comes to this is: Why would you want
to disclose a server path for recon, product used and a list of
installed patches and SP's if you don't have to...You know..Least
Privilege, Threat/Risk stuff.

Thanks again for your reply.



Ed Crowley [MVP] wrote:
> In my opinion, only the paranoid need be worried about such things.
>
> You can change the hostname:
> adsutil.vbs set smtpsvc/1/FullyQualifiedDomainName <domain.com>
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;314331
>
> --
> Ed Crowley
> MVP - Exchange
> "Protecting the world from PSTs and brick backups!"
>
> <ltgt2k@yahoo.com> wrote in message
> news:1158846480.941647.128270@m73g2000cwd.googlegroups.com...
> > Hi all,
> >
> > Is there anyway to strip or modify the headers (not banner seen when
> > telnetting) that are sent in an email via Exchange Server?  As you all
> > know, information (possibly about the internal network) is disclosed
> > with every email generated as is displayed in the headers (Exchange
> > Server Name, IP Address, Version).  These headers can be used as a
> > recon activity by "baddies".
> >
> > If this can't be done in Exchange, can someone please recommend a thrid
> > party solution that would allow us to modify these headers?
> >
> > Thanks!
> >

0
ltgt2k (3)
9/22/2006 3:00:56 PM
Obscurity is not security.

In this case, the product and service pack version are largely irrelevant. 
We are talking about SMTP (port 25) here.  What are you thinking this 
information would be used for?  I just don't think it matters whether or not 
someone finds out that you are (gasp) using a 10.x.x.x IP address scheme, or 
a 192.x.x.x.

Besides, the "baddies" would only get that information from the headers if 
you (or someone) sent them an e-mail, no?  Is someone there intentionaly 
e-mailing  a "baddie"?

-- 
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)


<ltgt2k@yahoo.com> wrote in message 
news:1158937255.873682.265640@d34g2000cwd.googlegroups.com...
> Hi Ed,
>
> Thanks very much for your reply.
>
> The perspective being used when it comes to this is: Why would you want
> to disclose a server path for recon, product used and a list of
> installed patches and SP's if you don't have to...You know..Least
> Privilege, Threat/Risk stuff.
>
> Thanks again for your reply.
>
>
>
> Ed Crowley [MVP] wrote:
>> In my opinion, only the paranoid need be worried about such things.
>>
>> You can change the hostname:
>> adsutil.vbs set smtpsvc/1/FullyQualifiedDomainName <domain.com>
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;314331
>>
>> --
>> Ed Crowley
>> MVP - Exchange
>> "Protecting the world from PSTs and brick backups!"
>>
>> <ltgt2k@yahoo.com> wrote in message
>> news:1158846480.941647.128270@m73g2000cwd.googlegroups.com...
>> > Hi all,
>> >
>> > Is there anyway to strip or modify the headers (not banner seen when
>> > telnetting) that are sent in an email via Exchange Server?  As you all
>> > know, information (possibly about the internal network) is disclosed
>> > with every email generated as is displayed in the headers (Exchange
>> > Server Name, IP Address, Version).  These headers can be used as a
>> > recon activity by "baddies".
>> >
>> > If this can't be done in Exchange, can someone please recommend a thrid
>> > party solution that would allow us to modify these headers?
>> >
>> > Thanks!
>> >
> 


0
Ben
9/22/2006 3:41:06 PM
BTW - I'm not trying to be a smart-aleck here.  I'm genuinely trying to 
understand how this information can be harmful.

-- 
Ben Winzenz
Exchange MVP
MessageOne
Read my blog!
http://winzenz.blogspot.com
http://feeds.feedburner.com/winzenz (RSS Feed)


"Ben Winzenz [Exchange MVP]" <ben_winzenz@nospamdotmessageonedotcom> wrote 
in message news:u0tWF2l3GHA.324@TK2MSFTNGP05.phx.gbl...
> Obscurity is not security.
>
> In this case, the product and service pack version are largely irrelevant. 
> We are talking about SMTP (port 25) here.  What are you thinking this 
> information would be used for?  I just don't think it matters whether or 
> not someone finds out that you are (gasp) using a 10.x.x.x IP address 
> scheme, or a 192.x.x.x.
>
> Besides, the "baddies" would only get that information from the headers if 
> you (or someone) sent them an e-mail, no?  Is someone there intentionaly 
> e-mailing  a "baddie"?
>
> -- 
> Ben Winzenz
> Exchange MVP
> MessageOne
> Read my blog!
> http://winzenz.blogspot.com
> http://feeds.feedburner.com/winzenz (RSS Feed)
>
>
> <ltgt2k@yahoo.com> wrote in message 
> news:1158937255.873682.265640@d34g2000cwd.googlegroups.com...
>> Hi Ed,
>>
>> Thanks very much for your reply.
>>
>> The perspective being used when it comes to this is: Why would you want
>> to disclose a server path for recon, product used and a list of
>> installed patches and SP's if you don't have to...You know..Least
>> Privilege, Threat/Risk stuff.
>>
>> Thanks again for your reply.
>>
>>
>>
>> Ed Crowley [MVP] wrote:
>>> In my opinion, only the paranoid need be worried about such things.
>>>
>>> You can change the hostname:
>>> adsutil.vbs set smtpsvc/1/FullyQualifiedDomainName <domain.com>
>>>
>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;314331
>>>
>>> --
>>> Ed Crowley
>>> MVP - Exchange
>>> "Protecting the world from PSTs and brick backups!"
>>>
>>> <ltgt2k@yahoo.com> wrote in message
>>> news:1158846480.941647.128270@m73g2000cwd.googlegroups.com...
>>> > Hi all,
>>> >
>>> > Is there anyway to strip or modify the headers (not banner seen when
>>> > telnetting) that are sent in an email via Exchange Server?  As you all
>>> > know, information (possibly about the internal network) is disclosed
>>> > with every email generated as is displayed in the headers (Exchange
>>> > Server Name, IP Address, Version).  These headers can be used as a
>>> > recon activity by "baddies".
>>> >
>>> > If this can't be done in Exchange, can someone please recommend a 
>>> > thrid
>>> > party solution that would allow us to modify these headers?
>>> >
>>> > Thanks!
>>> >
>>
>
> 


0
Ben
9/22/2006 3:48:31 PM
ltgt2k@yahoo.com wrote:

>The perspective being used when it comes to this is: Why would you want
>to disclose a server path for recon, product used and a list of
>installed patches and SP's if you don't have to...You know..Least
>Privilege, Threat/Risk stuff.

If anyone broke into your network it wouldn't take long to discover a
lot more than a way to abuse your SMTP server. And all they need to
break in is to be found in your external DNS. :-)

Get server names: net view
Get IP address: ipconfig
Find AD: nbtstat -c

Want more info? Read the registry (it's not very well protected) and
find subnet masks, probably more than a few weakly encrypted
passwords, etc.

It would take a few minutes before they did a portscan and found out a
lot more than your internal server names.

If you're concerned about security then don't let Exchange touch the
Internet. Use a security appliance between the firewall and Exchange.
Not only will it filter spam, it'll protect Windows against network
probes (run snort and see what's going on now!) and all sorts of nasty
stuff. Have the appliance run AV scans, too -- using a different AV
product to what you use on the Exchange server.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
9/23/2006 12:50:17 AM
Reply:

Similar Artilces:

mail with ID_FILE_SEND_MAIL and MAPI
Hello to all, I would like to add mail support to my application , by using the default mail software (for example netscape or outlook express ) interface. I can do it automatically with the message ID_FILE_SEND_MAIL MFC integrated, but I would like, before opening the window , to programmatically add some attachments files, the "To:" and "Cc:" fields ( the recipients of the mail message ) , the text of the mail , and maybe using the outlook adress book etc ... Is it possible to do this ? I found some examples using MAPI but it re-create a new mail window, and d...

Exch2003 SMTP connector send outgoing mail very slow to smart host
Dear Sir, Just installed first exch2003 and join in exch55 organisation, move all the users mailbox to exch2003. Create smtp connector in exch2003,both exch server smtp connector configure using smart host. Cost for smtp connector for exch2003 set to 1 and exch55 is 10. All the outgoing mail through exch2003 smtp connector very slow to send out. Caused all the outgoing mail queueing. If I make the outgoing mail through exch55 IMC, outgoing mail very fast to send out. Both server running Trend micro scan mail. Version different. Tested without scan mail in exch2003 sam...

how do I insert a contact into an Entourage mail message?
Hello all, I'm running Office 2004 in OS 10.3.8, and use Entourage as my primary email program. I keep all my email addresses in the Entourage address book. Many times a day, I send someone an email in which I want to insert someone else's email address. The fastest way I've found to do it is click on the cc: line, start typing the name of the person whose address I want to insert, click on the right address from the pop-up, then drag it from the cc: line into the body of the email. The obvious problem with this system is that sometimes I forget to go back up to the cc: line and...

excel, mail merge numbering in publisher
Maybe I should of asked this in excel, but I posted my previous question here about numbering tickets. consecutively, I have tried one side and seems to work (thanks Mary) Now to try the other side, but before that. I would like the numbers go 001 then 002 then so on. Everytime I try to put the zero's they disappear? I tried formatting the numbers but maybe I am missing something? thanks Bruce ps, why don't I get notification when someone puts and answer? I do click the notify me or replies button? thanks Once you have your numbers in place in Excel, format the field as te...

Unable to send mail or reply
Hi there I'm in dire straits, When I try to send a new mail message or reply to mail using the "reply" button I get this message: "the message could not be sent because one of the receipients was rejected by the server.Server responce 550 relaying mail to........is not allowed. Error number 0 x 800 ccc79" Please help I am a computer idiot. Kind regards, Ben does your server require authentication to send? are you using the SMTP server provided by your sip? many force you to use theirs. -- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outlook 2003 in 24 Ho...

CListCtrl in report mode and column header
Hi, I would like to have a CListCtrl in report mode with columnheader but I would like the column header to be transparent and without displaying separators. How can I do that ? mosfet a �crit : > Hi, > > I would like to have a CListCtrl in report mode with columnheader but > I would like the column header to be transparent and without displaying > separators. > How can I do that ? Or same question : HOW CAN I CHANGE COLUMN HEADER COLOR ? "mosfet" <richom.v@free.fr> wrote in message news:45d45ced$0$26337$426a74cc@news.free.fr... > Hi, > > I wo...

Windows Live Mail sometimes opening news message windows larger than maximized
When I open news messages in Windows Live Mail, they are sometimes larger than maximized (even though they aren't maximized). If they were much larger, I wouldn't even be able to see the title bar (Yes, I do know the keyboard shortcuts to minimize, maximize, restore, etc. if the title bar were off my screen). No windows from other programs open to this size or have this problem, and it is always the exact same size that they open to. The best pattern I have been able to see is once I maximize the message window after it opens to a larger than maximized size, none of the o...

The Metro Design Background has a white strip on the side?
I like the Metro background design for my slides. It is black with a shad to grey at the bottom. However, mine has a funny white strip along the left side. It looks like something is defective. Is it? Can I get rid of it? "Scott" <Scott@discussions.microsoft.com> wrote in message news:0B135418-938D-422F-BA91-090D8F69935A@microsoft.com... > I like the Metro background design for my slides. It is black with a shad > to > grey at the bottom. However, mine has a funny white strip along the left > side. It looks like something is defective. Is it? ...

Notify of New E-mail Address
Is there a way in Exchange to inform recipients of e-mail from our domain and a reply to senders to chamnge in our domain of a change in our domain name(e-mail address)? Like a disclaimer? -- JoeCL LACO-CAO Nothing native. Look at 3rd-party utilities or look into writing a transport event sink. -- Bharat Suneja MVP - Exchange www.zenprise.com NEW blog location: www.exchangepedia.com/blog ---------------------------------------------- "JoeCL" <JoeCL@discussions.microsoft.com> wrote in message news:8661A4DE-8BF1-4E8F-91DE-03E528443A42@microsoft.com... > Is there a wa...

Older Appointments and e-mails dissapearing
I am really scratching my head on this and I hope it is an easy remedy - something easy that I forgot to click or something, but here is the problem: I have been running 2003 SBS ever since it came out. It has had no problem and everything has been running beautifully. Recently, though, my Exchange Server seems to have developed a mind of its own and is trying to figure out what I want to keep and what I don't want to keep. Here is an example: I store all of my appointments since 2002 in my Exchange calendar, along with notes and other pieces of info. Everything worked fine unt...

How add a Label in the subjet of the mails send to a Group? .Help
I�m trying to put a Label in the subject of the mails send to a specific group. like yahoogroups. When a send a mail to the Financial Department, i want that in the subject appears a Label Like [Fianacials] or somthing similar. How can i do this performance??? Thanks. ...

Outlook 2K3 install kills "Mail" app
I recently updated my machine from Outlook 2000 to Outlook 2003. After the install the "Mail" application in the control panel (that allows modification of a profile) does not work anymore. It says that there are no more system resources and I should close some programs. In fact there is nothing else running, and I have 384 megs of memory so I really don't that that is the problem. Any ideas on how to get this working again? What OS do you have and can you right click on the outlook icon on the start menu or desktop to access Properties - which should open the mail applet...

mail queues growing in the Local Delivery Queue on Exchange 2003 sp2
Hi there, If anyone can help me, it would be so good. I have problems with the queues being slowly processed in the local delivery queue very slowly. I have disabled groupshield and AV on access scanning, but the queues are still growing. Anyone seen this issue before? Thank you in advance Brian Hi Brian, Are you anti-virus software scanning the file system where the databases and log files for exchange are? You said that you have disabled the Anti-virus but have you restarted the box where exchange is running? "bodri" wrote: > Hi there, > If anyone can help me, it wo...

Yahoo mail POP connect error using Outlook Express 6. It was working all right before.
I have a free yahoo account "..accountname@yahoo.ca". It was working alright for years, but since a few days ago, I have the following problem: The server responded with an error. Account: 'mwintrust@yahoo.ca', Server: 'pop.mail.yahoo.com', Protocol: POP3, Server Response: '-ERR Cannot connect to POP server 216.136.173.10 (216.136.173.10:110), connect error 10061', Port: 110, Secure(SSL): No, Server Error: 0x800CCC90, Error Number: 0x800CCC90 Thanks for anyone's help. did yahoo.ca end pop support for free accounts? -- Diane Poremsky [MVP - Outlook] A...

problem with new mail icon in tray area
Hi all. I have installed outlook 2003, and the option to show an envelope in the tray icon work ONLY when the new mail arrive in my default folder (i.e. my inbox). I have a lot of rules and when a rule starts the message is moved, but i have NO ALERTS!!! (no desktop alert and no icon envelope...) it's terribly annoying!!! does anyone help me? Thanks, Stefano stefano ceccato <s.ceccato@kairospartners.com> wrote: > I have installed outlook 2003, and the option to show an envelope in > the tray icon work ONLY when the new mail arrive in my default folder > (i.e. m...

Mail Merge is no longer working
We have been using mail merge a lot and just this week I have noticed it is no longer working. If I select 'Mail Merge', typically the dialog box pops up with options for the type of merge (existing document, new template, etc...) Now what happens is that dialog box sort of shows up for about .25 seconds and then it dissapears. I have checked the event logs and I dont see anything on the client machine or the server. This is showing up on every client machine. Our client machines are running Office 2003, Norton Antivirus (enabled or disabled makes no difference), Win XP SP2, and all o...

Can't send E-mails anymore #2
For some reason I can not send E-mails anymore with Outlook Express. I get a messarge that the message is too large...even with a one word message. Also I cannot move a message to a local folder (drag and drop) HELP!!!!!! anonymous@discussions.microsoft.com <anonymous@discussions.microsoft.com> wrote: > For some reason I can not send E-mails anymore with > Outlook Express. Ask in an Outlook Express newsgroup. -- Brian Tillman ...

Printing modified CreateDate field in header reverts back
i create a new document. I insert a CreateDate field in the document. Then I create a header, and insert another CreateDate field there. I save the document as a template. I open a new document based on that template. I modify the date in the document (not deleting the whole field but just changing the day from today to last week). Then I go to the header and change that date in the same way. When I go to Print Preview, the date in the main document stays as I typed it, but the date in the header reverts to the create date (today). Does anyone know why that happens? An...

problem sending a mail
I am facing a bit strange problem we are running ms exhange 5.5 for mailing purpose on winnt server and we have isdn connection for connectivity. From a couple of dayS we were not able to send mail to rediffmail.com users only from any of the systems . but we are able to recv mails from rediffmail.com site. this prob is particullary with rediffmail.com site pls do reply to my id avd_hawk@hotmail.com Can you manually connect to rediffmail.com via telnet on 25 and send a message? -- Neil Hobson Exchange MVP For Exchange news, links and tips, check: http://www.msexchangeblog.com "...

Export user mail-accaunts
Hi How can I export mail addresses of all our users and distribution lists that are listed in AD? If I use 'export' optios I only get user's accaunt but now e-mail address? Thanks Regards Miha Use LDIFDE to dump the various attributes. For example: ldifde -f dump.ldf -l proxyaddresses will dump the 'proxyaddresses' attribute for all users. -- Neil Hobson Exchange MVP For Exchange news, links, and tips, check: http://www.msexchangeblog.com "Miha" <miha.bernik@isg.si> wrote in message news:Owu2ijD6EHA.3856@tk2msftngp13.phx.gbl... > Hi > &g...

OT mail merge
Hi everybody. Remember my party invitations, that I finally had to print using Powerpoint? Well, now I have to make place cards. :-) What is the best way for me to do this? Should I set up a mail merge? I have the names in Excel and can import them into Access. Or I can use Word, or of course Publisher. (Office 97, Publisher 2002) Appreciate your thoughts on which application to use. Thanks a lot. Erika Mail merge will work in any of the programs you mentioned. My favorite is Access because I am Excel deficient. I do use Excel for some projects, but only when folks bring an Excel data...

Mail Box & System Attendent
Hi, In our Windows 2003 / Exchange 2003 environment, whenever I create a new user, it is not creating thenE-mail address, I found that if I stop the MTA and information store, and start again, everything looks good Please help me if you have any other solution Thanks Are you noticing any MSExchangeAL 8331 errors logged to your Windows Application event log? There's a knowledge base article about this on the Microsoft site at http://support.microsoft.com/default.aspx?scid=kb;en-us;837444. -- Take the ?'s out of resource management ERM 1.3 - http://www.swinc.com/erm ...

can't mail enable public folder
I have an Exchange 2003 running on Windows Server 2003 running in native mode. It was a clean install, no upgrade. I didn't encouter any problem when I right click a public folder and mail enable it. However, when I tried to access the property of the folder, I got "The mail proxy for this folder can not be found. This may be due to replication delays. The mail enabled pages will not be shown. ID no: c1038a21" I researched on the web and couldn't find any solution that seems to work. Please advise. Thank you, Lei Anything in the app event log? Have you app...

Modify Cheque Date format
Hi, I am trying to modify the cheque date. I need to remove the dash from my cheque format and I was hoping someone might have some insight. Thanks! Not sure which date format you are starting with, but if using Report Writer try double clicking the DocumentDate field and choose a different format - or create a new format. Online help has details. ...

Modified report indicator
I would be nice if there was a visual indicator that a report was modified. The windows have it, so why not the reports? Something next to the name in the header bar when printed to the screen would be good. ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://www.m...