The default “remote domains” setting in Exchange 2010 allows non-delivery reports (NDRs) to be sent to all remote domains. These error message will contain internal Exchange Organization information like the server names, IP addresses, AD domain name etc.
What if you are security conscious and what to strip those information from the NDRs and yet get it sent to external senders? It is possible in Exchange 2010 SP1, with the introduction of a new parameter named “NDRDiagnosticInfoEnabled” for the Set-Domain cmdlet.
By default, the value of “NDRDiagnosticInfoEnabled” is set to $true, which means that external senders will get the full NDR.
If you want the senders to be notified regarding the error only and withheld any internal Exchange information, set the value of “NDRDiagnosticInfoEnabled” to $false. I am setting this only for my “Default” remote domain, as I am happy with sending the full NDR to my partner company theucguy.net
Next time an NDR goes out to an external sender, it won’t have any inside information
Thanks, the first real answer to my online query!
This command, for me, in Exchange 2010 SP3, will actually suppress any NDR from being delivered, rather than removing Diagnostic Info. Any ideas?
Hi PS,
That is strange. Did you run any other command along with this or in the days close to when you ran this?
Thanks Shaun.
Excellent tip! Thanks, it's interesting to see how much information is actually embedded in the NDR email.
Thanks Anonymous ;)
Perfect hint – thank you !