X
GO
en-USfr-FR
Blog
04Jan

Hard to replicate Exchange Connectors

Jean-Yves Moschetto (ANVOLE) | Exchange, PowerShell | Exchange Server | | View Counts (588) |Return|
0 ( 1 reviews)
|

Context

  • When you have multiple incoming receive connectors, it might be appropriate to merge all connectors.
  • When you have multiple Exchange Servers, you are compelled to have same configuration anywhere

Audit

Let's get backup Exchange Reference Receive-Connectors

Get-ReceiveConnector -Server $env:COMPUTERNAME | Export-Clixml -Path C:\EXPLOIT\$($env:COMPUTERNAME).ReceiveConnectors.xml
 

Merge Connectors

On the destination computers, let's get only our usefull smtp relays. In the case above, we get back 'Linux Relay' and 'SMTPRELAY'.
We will ignore all other connectors.

$ReceiveConnectors = Import-Clixml -Path C:\EXPLOIT\ReferenceComputer.ReceiveConnectors.xml
$ReceiveConnectors | Select Server, Name, Bindings, RemoteIPRanges, PermissionGroups
$Relay1 = $ReceiveConnectors | ?{ $_.Name -eq 'Linux Relay' }
$Relay2 = $ReceiveConnectors | ?{ $_.Name -eq 'SMTPRELAY' }
$IPs = $Relay1.RemoteIPRanges + $Relay2.RemoteIPRanges
 
 

New Connector

Here, we create a new relay connector on destination servers named 'SMTP Relay', and activate extended right 'ms-Exch-SMTP-Accept-Any-Recipient' in order to allow SMTP relaying. For the moment, only 127.0.0.1 will be allowed

New-ReceiveConnector -server $env:COMPUTERNAME -Name 'SMTP Relay' -Bindings '0.0.0.0:25' -RemoteIPRanges 127.0.0.1 -usage Custom -TransportRole FrontendTransport
$Rcv = Get-ReceiveConnector "$($env:COMPUTERNAME)\SMTP Relay"
$Rcv | Set-ReceiveConnector -fqdn 'smtprelay.mydomain.local' -permissiongroups AnonymousUsers -AuthMechanism None -Banner '220 SMTP OK' -ProtocolLoggingLevel Verbose
$Rcv | Add-ADPermission -User 'ANONYMOUS LOGON' -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

 

Add allow IP addresses to relay

And now, we only allow $IPs to relay, so easy ...

$Rcv | Set-ReceiveConnector -RemoteIPRanges $IPs
 

 

 

Related

How to sign XML file with PowerShell

It often happened in my developments to have to protect my sources, and be sure that the configurati...

Bulk Deploy Microsoft Windows Nano Server 2016 and join domain

As I searched the web how to automatically deploy NANO server and join it to Active Directory, I cou...

DSC myAdExchPrepareSchema.psm1

During some automatized deployments, as often, we have to deploy Microsoft Exchange 2016 automatical...

Authenticating users with smartcard and login/password

When a user opens an Active Directory session with his smartcard, it happens that some applications ...

Categories
Tags
Popular
  • Recent
  • Popular
  • Tag