Comment répliquer des connecteurs Exchange


  • When you have multiple incoming receive connectors, it might be appropriate to merge all connectors.
  • When you have multiple Exchange Servers, you are compelled to have same configuration anywhere


Let’s get backup Exchange Reference Receive-Connectors

Get-ReceiveConnector -Server $env:COMPUTERNAME | Export-Clixml -Path C:\EXPLOIT\$($env:COMPUTERNAME).ReceiveConnectors.xml

Merge Connectors

On the destination computers, let’s get only our usefull smtp relays. In the case above, we get back ‘Linux Relay’ and ‘SMTPRELAY’.
We will ignore all other connectors.

$ReceiveConnectors = Import-Clixml -Path C:\EXPLOIT\ReferenceComputer.ReceiveConnectors.xml
$ReceiveConnectors | Select Server, Name, Bindings, RemoteIPRanges, PermissionGroups
$Relay1 = $ReceiveConnectors | ?{ $_.Name -eq 'Linux Relay' }
$Relay2 = $ReceiveConnectors | ?{ $_.Name -eq 'SMTPRELAY' }
$IPs = $Relay1.RemoteIPRanges + $Relay2.RemoteIPRanges

New Connector

Here, we create a new relay connector on destination servers named ‘SMTP Relay’, and activate extended right ‘ms-Exch-SMTP-Accept-Any-Recipient’ in order to allow SMTP relaying. For the moment, only will be allowed

New-ReceiveConnector -server $env:COMPUTERNAME -Name 'SMTP Relay' -Bindings '' -RemoteIPRanges -usage Custom -TransportRole FrontendTransport
$Rcv = Get-ReceiveConnector "$($env:COMPUTERNAME)\SMTP Relay"
$Rcv | Set-ReceiveConnector -fqdn 'smtprelay.mydomain.local' -permissiongroups AnonymousUsers -AuthMechanism None -Banner '220 SMTP OK' -ProtocolLoggingLevel Verbose
$Rcv | Add-ADPermission -User 'ANONYMOUS LOGON' -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"


Add allow IP addresses to relay

And now, we only allow $IPs to relay, so easy …

$Rcv | Set-ReceiveConnector -RemoteIPRanges $IPs

6 réflexions sur “Comment répliquer des connecteurs Exchange”

  1. Greate pieces. Keep writing such kind of information on your site.
    Im really impressed by it.
    Hey there, You have performed an excellent job.
    I will definitely digg it and for my part recommend to my friends.
    I am confident they will be benefited from this website.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *