In recent years the introduction of header striping or “firewall header” as it is called, is used by Microsoft Exchange to remove any information not pertaining to the core of the header of each inbound our outbound email. It removes any information that is unwanted and that should not be advertised by the local exchange server. The header stripping’s are usually related to the removal of entries in regards to virus, spam, or malware scanning. These entries are usually user defined as the “X” entry such as “X-Header” or “X-Spam” for example. It is here that Microsoft Exchange has the ability to read email header information, filter the header and remove all unnecessary information while leaving only what is required. For a security specialist this seems logical enough to have enabled on any email server, however when it involves log tracking, investigation, and troubleshooting, the details sometimes lie in the cards, and sometimes it’s not a full deck: so the details play an important role. Below are some simple commands that can be run on Microsoft Exchange to enable or disable inbound header filtering.

To enable header firewall on a receive connector name addefault ad:

[PS] C:Windowssystem32>Get-ReceiveConnector -identity “addefault ad” | Remove-ADPermission -User “NT AuthorityAnonymous logon” -extendedrights ms-exch-accept-header-routing

To remove header firewall on a receive connector name addefault ad:

[PS] C:Windowssystem32>Get-ReceiveConnector -identity “addefault ad” | add-ADPermission -User “NT AuthorityAnonymous logon” -extendedrights ms-exch-accept-header-routing