The default “remote domains” setting in Exchange 2010 allows non-delivery reports (NDRs) to be sent to all remote domains. These error message will contain internal Exchange Organization information like the server names, IP addresses, AD domain name etc.
What if you are security conscious and what to strip those information from the NDRs and yet get it sent to external senders? It is possible in Exchange 2010 SP1, with the introduction of a new parameter named “NDRDiagnosticInfoEnabled” for the Set-Domain cmdlet.
By default, the value of “NDRDiagnosticInfoEnabled” is set to $true, which means that external senders will get the full NDR.
If you want the senders to be notified regarding the error only and withheld any internal Exchange information, set the value of “NDRDiagnosticInfoEnabled” to $false. I am setting this only for my “Default” remote domain, as I am happy with sending the full NDR to my partner company howexchangeworks.com
Next time an NDR goes out to an external sender, it won’t have any inside information
4 comments:
Perfect hint - thank you !
Thanks Anonymous ;)
Excellent tip! Thanks, it's interesting to see how much information is actually embedded in the NDR email.
Thanks Shaun.
Post a Comment