Context
- When you have multiple incoming receive connectors, it might be appropriate to merge all connectors.
- When you have multiple Exchange Servers, you are compelled to have same configuration anywhere
Audit
Let’s get backup Exchange Reference Receive-Connectors
Get-ReceiveConnector -Server $env:COMPUTERNAME | Export-Clixml -Path C:\EXPLOIT\$($env:COMPUTERNAME).ReceiveConnectors.xml
Merge Connectors
On the destination computers, let’s get only our usefull smtp relays. In the case above, we get back ‘Linux Relay’ and ‘SMTPRELAY’.
We will ignore all other connectors.
$ReceiveConnectors = Import-Clixml -Path C:\EXPLOIT\ReferenceComputer.ReceiveConnectors.xml
$ReceiveConnectors | Select Server, Name, Bindings, RemoteIPRanges, PermissionGroups
$Relay1 = $ReceiveConnectors | ?{ $_.Name -eq 'Linux Relay' }
$Relay2 = $ReceiveConnectors | ?{ $_.Name -eq 'SMTPRELAY' }
$IPs = $Relay1.RemoteIPRanges + $Relay2.RemoteIPRanges
New Connector
Here, we create a new relay connector on destination servers named ‘SMTP Relay’, and activate extended right ‘ms-Exch-SMTP-Accept-Any-Recipient’ in order to allow SMTP relaying. For the moment, only 127.0.0.1 will be allowed
New-ReceiveConnector -server $env:COMPUTERNAME -Name 'SMTP Relay' -Bindings '0.0.0.0:25' -RemoteIPRanges 127.0.0.1 -usage Custom -TransportRole FrontendTransport
$Rcv = Get-ReceiveConnector "$($env:COMPUTERNAME)\SMTP Relay"
$Rcv | Set-ReceiveConnector -fqdn 'smtprelay.mydomain.local' -permissiongroups AnonymousUsers -AuthMechanism None -Banner '220 SMTP OK' -ProtocolLoggingLevel Verbose
$Rcv | Add-ADPermission -User 'ANONYMOUS LOGON' -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
Add allow IP addresses to relay
And now, we only allow $IPs to relay, so easy …
$Rcv | Set-ReceiveConnector -RemoteIPRanges $IPs
Greate pieces. Keep writing such kind of information on your site.
Im really impressed by it.
Hey there, You have performed an excellent job.
I will definitely digg it and for my part recommend to my friends.
I am confident they will be benefited from this website.
Awesome! Its in fact remarkable article, I have got much clear idea
concerning from this post.
Hi there, this weekend is nice for me, for the reason that this point in time i am
reading this wonderful educational piece of writing here at my residence.
Wow, this paragraph is good, my younger sister
is analyzing these kinds of things, therefore I am going to
convey her.
Excellent site you have here.. It’s hard to find good quality writing like yours nowadays.
I honestly appreciate individuals like you! Take care!!
It’s very effortless to find out any matter on web as compared to
books, as I found this paragraph at this website.