Comment répliquer des connecteurs Exchange

Context

  • When you have multiple incoming receive connectors, it might be appropriate to merge all connectors.
  • When you have multiple Exchange Servers, you are compelled to have same configuration anywhere

Audit

Let’s get backup Exchange Reference Receive-Connectors

Get-ReceiveConnector -Server $env:COMPUTERNAME | Export-Clixml -Path C:\EXPLOIT\$($env:COMPUTERNAME).ReceiveConnectors.xml
 

Merge Connectors

On the destination computers, let’s get only our usefull smtp relays. In the case above, we get back ‘Linux Relay’ and ‘SMTPRELAY’.
We will ignore all other connectors.

$ReceiveConnectors = Import-Clixml -Path C:\EXPLOIT\ReferenceComputer.ReceiveConnectors.xml
$ReceiveConnectors | Select Server, Name, Bindings, RemoteIPRanges, PermissionGroups
$Relay1 = $ReceiveConnectors | ?{ $_.Name -eq 'Linux Relay' }
$Relay2 = $ReceiveConnectors | ?{ $_.Name -eq 'SMTPRELAY' }
$IPs = $Relay1.RemoteIPRanges + $Relay2.RemoteIPRanges
 

New Connector

Here, we create a new relay connector on destination servers named ‘SMTP Relay’, and activate extended right ‘ms-Exch-SMTP-Accept-Any-Recipient’ in order to allow SMTP relaying. For the moment, only 127.0.0.1 will be allowed

New-ReceiveConnector -server $env:COMPUTERNAME -Name 'SMTP Relay' -Bindings '0.0.0.0:25' -RemoteIPRanges 127.0.0.1 -usage Custom -TransportRole FrontendTransport
$Rcv = Get-ReceiveConnector "$($env:COMPUTERNAME)\SMTP Relay"
$Rcv | Set-ReceiveConnector -fqdn 'smtprelay.mydomain.local' -permissiongroups AnonymousUsers -AuthMechanism None -Banner '220 SMTP OK' -ProtocolLoggingLevel Verbose
$Rcv | Add-ADPermission -User 'ANONYMOUS LOGON' -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

 

Add allow IP addresses to relay

And now, we only allow $IPs to relay, so easy …

$Rcv | Set-ReceiveConnector -RemoteIPRanges $IPs

6 réflexions sur “Comment répliquer des connecteurs Exchange”

  1. Greate pieces. Keep writing such kind of information on your site.
    Im really impressed by it.
    Hey there, You have performed an excellent job.
    I will definitely digg it and for my part recommend to my friends.
    I am confident they will be benefited from this website.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *