We got a request from client to disable ESMTP in Exchange 2016 for PCI DSS Compliance
This is the default Exchange 2016 response for EHLO
#Variable $Receiver1="Default Frontend MYLAB-EX16" $Server1 = "MYLAB-EX16" $Banner = "220 mail.aventistech.info" #MUST start with 220 $FQDN = "mail.mail.aventistech.info" #Disable Default ESMTP Verb for CMP-EMAIL-01 Set-TransportServer -Identity $Server1 -UseDowngradedExchangeServerAuth $true Set-ReceiveConnector -Identity $Receiver1 -SizeEnabled Disabled -PipeliningEnabled 0 -EnhancedStatusCodesEnabled 0 -DeliveryStatusNotificationEnabled 0 -BinaryMimeEnabled 0 ` -ChunkingEnabled 0 -EightBitMimeEnabled 0 -SuppressXAnonymousTls $true -AuthMechanism none #Change the Banner & Response to FQDN of EMail Server rather than the internal hostname Set-ReceiveConnector -Identity $Receiver1 -Banner $Banner -Fqdn $FQDN
Exchange 2016 response to EHLO – ESMTP Verb Disabled
We will monitor closely with client to see is there any issues happen with this implementation.