Comment répliquer des connecteurs Exchange


  • When you have multiple incoming receive connectors, it might be appropriate to merge all connectors.
  • When you have multiple Exchange Servers, you are compelled to have same configuration anywhere


Let’s get backup Exchange Reference Receive-Connectors

Get-ReceiveConnector -Server $env:COMPUTERNAME | Export-Clixml -Path C:\EXPLOIT\$($env:COMPUTERNAME).ReceiveConnectors.xml

Merge Connectors

On the destination computers, let’s get only our usefull smtp relays. In the case above, we get back ‘Linux Relay’ and ‘SMTPRELAY’.
We will ignore all other connectors.

$ReceiveConnectors = Import-Clixml -Path C:\EXPLOIT\ReferenceComputer.ReceiveConnectors.xml
$ReceiveConnectors | Select Server, Name, Bindings, RemoteIPRanges, PermissionGroups
$Relay1 = $ReceiveConnectors | ?{ $_.Name -eq 'Linux Relay' }
$Relay2 = $ReceiveConnectors | ?{ $_.Name -eq 'SMTPRELAY' }
$IPs = $Relay1.RemoteIPRanges + $Relay2.RemoteIPRanges

New Connector

Here, we create a new relay connector on destination servers named ‘SMTP Relay’, and activate extended right ‘ms-Exch-SMTP-Accept-Any-Recipient’ in order to allow SMTP relaying. For the moment, only will be allowed

New-ReceiveConnector -server $env:COMPUTERNAME -Name 'SMTP Relay' -Bindings '' -RemoteIPRanges -usage Custom -TransportRole FrontendTransport
$Rcv = Get-ReceiveConnector "$($env:COMPUTERNAME)\SMTP Relay"
$Rcv | Set-ReceiveConnector -fqdn 'smtprelay.mydomain.local' -permissiongroups AnonymousUsers -AuthMechanism None -Banner '220 SMTP OK' -ProtocolLoggingLevel Verbose
$Rcv | Add-ADPermission -User 'ANONYMOUS LOGON' -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"


Add allow IP addresses to relay

And now, we only allow $IPs to relay, so easy …

$Rcv | Set-ReceiveConnector -RemoteIPRanges $IPs

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *