0

I manage many different systems and can fix a lot of things, but Exchange is not one of my strong suites. In Exchange 2007 the message header is sending the local domain name "server.domain.local" instead of "mail.domain.com". Gmail is rejecting all email now. I thought it was fixed last month and it used to work all the time. I know that reverse DNS is part of my problem and that is being resolved, but I need the header to say mail.domain.com instead of server.domain.local.

How exactly do I change this in Exchange 2007?

Step by step or a link that will show me step by step is preferred to "oh you just edit the (insert cryptic procedure here)"

Here is what I receive back from gmail:

mx.google.com #550-5.7.1 [...] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information 550 5.7.1 . t25si2410247ott.54 - gsmtp ##
Original message headers:
Received: from SERVER.domain.local ([...random hex stuff...]) by
 SERVER.domain.local ([...random hex stuff...%10]) with mapi; Wed,
 11 Jan 2017 09:26:00 -0600
Opy
  • 103
  • 4
  • 1
    [Exchange 2007 is almost EOL](https://blogs.office.com/2016/04/19/exchange-server-2007-end-of-support-coming-next-year/). For security reasons you should plan to upgrade to a newer version. The software is now over 10 years old ... You might try [this](http://exchangeserverpro.com/remove-internal-exchange-server-names-ip-addresses-message-headers/), but not sure if that works in your old software – BastianW Jan 13 '17 at 08:34
  • upgrading is not an option for me. – Opy Jan 13 '17 at 15:16
  • BastianW, please add the last part as an answer to this question so I can mark it as the answer. That solved my issue! Thank you so much! This is what I put in the management shell: Get-SendConnector "My Send Connector" | Remove-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights ms-Exch-Send-Headers-Routing – Opy Jan 13 '17 at 15:29
  • done, but for security reasons you really should consider an upgrade from your Exchange 2007. It isn´t that hard at it sounds (here is an example for [Migration Exchange 2010 to 2016](http://www.admin-enclave.com/en/articles/exchange/206-migrate-from-exchange-2010-to-exchange-2016.html).) – BastianW Jan 13 '17 at 15:58
  • It's not an issue with ability, it's a cost issue. The server it is on needs to be replaced but the cost is not in the budget at this time. I do keep it updated with the latest windows updates. – Opy Jan 13 '17 at 17:36

2 Answers2

1

You might try the following (see here for more infos):

Get-SendConnector "TheNameFromYourSendConnector" | Remove-ADPermission-User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights ms-Exch-Send-Headers-Routing
BastianW
  • 2,868
  • 4
  • 20
  • 34
  • Well that worked for an hour. Now it's doing it again. I've gone to lunch but will try again shortly. – Opy Jan 13 '17 at 17:34
  • I've turned this thing inside out and cannot figure out why it is still sending the private computer name. I've verified that ANONYMOUS LOGON no longer has "send routing header" permissions and I've manually set the FQDN in management shell as someone else said there was a GUI glitch. Nothing has worked so far. – Opy Jan 13 '17 at 21:58
  • Does it matter that this is running Windows SBS? – Opy Jan 13 '17 at 21:59
  • Don´t think so. Did you checked it the rights where maybe reset? – BastianW Jan 13 '17 at 22:18
  • Ok I just went into ADSI Edit and navigated to CN=Connectors. Once there I went to my send connectors properties and started removing permissions for "Send Routing Headers" one account at a time restarting the Microsoft Exchange Transport service each time. Eventually I got to "Exchange Servers" account and it finally started working again. I removed 3 "Account Unknown" permissions whatever they are. I hope it doesn't hurt anything else lol. Thank you for your help and your answer did get me to where I needed after some googling :) – Opy Jan 13 '17 at 22:25
  • just a quick update. It happened again on my second email to gmail. I removed all permissions for "Send Routing Headers" and will try it now. – Opy Jan 13 '17 at 22:35
  • I have no permissions set for send routing headers yet it started adding the private computer and domain again. WTH?! – Opy Jan 14 '17 at 16:54
  • There was another send connector that I did not think had anything to do with the internet. I removed those permissions also. We'll see... – Opy Jan 14 '17 at 17:06
  • Ok now I have no clue. Every time I remove another user permission for send routing headers then restart exchange transport service it works for about 20-30 minutes max. Then the header comes back. I have no more permissions for any send connector for routing headers. I do not know what to do. – Opy Jan 14 '17 at 18:17
  • I have to restart Microsoft Exchange Transport service for this to work even for a few minutes. I'm going to reboot the server and see if that helps. – Opy Jan 14 '17 at 18:28
  • For me it looks like something reset the permissions to hide he header and I really run out of ideas here. Sorry. – BastianW Jan 14 '17 at 19:37
  • Ok so I've been jacking with this forever now and I finally figured out I can set a Transport rule to remove a header. If I remove the "Received" header like in some examples, it kicks the email back because there is no header to verify the source. I tried different variations and finally found one that works. I chose "remove Header" then set the header to be removed as "Send-Headers-Routing" and now it does what I expected. We'll see if it lasts. I thank you for all your help Bastian. If it weren't for you, I wouldn't have found my way here. – Opy Jan 14 '17 at 21:45
  • Nope, that did not last but a minute. Something in Exchange is putting the header back no matter what. I've even deleted the Send Connector and put a new one in a tried everything from scratch. – Opy Jan 14 '17 at 21:49
  • I deleted the send connector again then created a new one and left the transport rule in place. I then deleted all header permissions, global, forest and organizational, and now it seems to be working. It has been working for several hours now. I'm still monitoring. – Opy Jan 15 '17 at 21:51
-1

The setting you need to change is the FQDN on the Send Connector. That is it. Open the Send Connector from EMC and the FQDN is the first tab. Change it to mail.example.com.

Do you know if your ISP has set the PTR correctly? Use one of the PTR / Reverse DNS lookup tools on the internet to ensure that it is valid.

Sembee
  • 2,884
  • 1
  • 8
  • 11
  • The FQDN has been set since day 1 in the send connector, that is why I'm so confused by the header sent to gmail. The PTR appears to be set now but I'm still getting gmail errors. It still says SERVER.domain.local in the header while the PTR says mail.domain.com. – Opy Jan 13 '17 at 14:57