By default on an on prem Exchange 2013/2016/2019 environment, internal server names are displayed in the message header analyzer, which you would not want to expose externally.
This is how it would look like:
To remove that information, execute this command in the Exchange Powershell. Make sure you have the right Send Connector Name.
Get-SendConnector “Internet” | Remove-ADPermission -User “NT Authority\ANONYMOUS LOGON” -ExtendedRights ms-Exch-Send-Headers-Routing
And now this is how it looks like:
References:
https://practical365.com/remove-internal-exchange-server-names-ip-addresses-message-headers/
Exchange Zero days are very common these days and there is a freshly baked one today (30th September 2022 as of writing). If you want to know what how the vulnerabilities work, take a look at the reference at the bottom. As a sysadmin I care about securing my systems.
Here are a few steps to mitigate this zero day vulnerability:
In IIS Manager on the Exchange Server, select the Autodiscover virtual directory and open URL Rewrite and add a new rule.
Select Request Blocking
Enter the string
.*autodiscover\.json.*\@.*Powershell.*
Using should be changed to Regular Expression.
Change URL to REQUEST_URI and save the changes.
References:
On the first day of a new year (for me it was the second day) Microsoft gave us a present to work on that affects Exchange servers. Affected systems could not send or receive mails, messages would get stuck in message queue with the error “Message deferred by categorizer agent”. Here are the two relevant event viewer entries:
The issue here is that the malware filter could not scan the message because of this error (it has to do with date time not fitting into 32 bit integers anymore) and the message would not get sent to the recipient. To temporarily resolve the issue, you can disable antimalware.
Open PowerShell as admin.
& “$env:ExchangeInstallPath\Scripts\Disable-AntimalwareScanning.ps1”
Restart MS Exchange Transport Service
Restart-Service MSExchangeTransport
References: