We got a request from client to disable ESMTP in Exchange 2016 for PCI DSS Compliance
This is the default Exchange 2016 response for EHLO
Based on the documentation from Microsoft on Exchange 2016 Receiver
#Variable
$Receiver1="Default Frontend MYLAB-EX16"
$Server1 = "MYLAB-EX16"
$Banner = "220 mail.aventistech.info" #MUST start with 220
$FQDN = "mail.mail.aventistech.info"
#Disable Default ESMTP Verb for CMP-EMAIL-01
Set-TransportServer -Identity $Server1 -UseDowngradedExchangeServerAuth $true
Set-ReceiveConnector -Identity $Receiver1 -SizeEnabled Disabled -PipeliningEnabled 0 -EnhancedStatusCodesEnabled 0 -DeliveryStatusNotificationEnabled 0 -BinaryMimeEnabled 0 `
-ChunkingEnabled 0 -EightBitMimeEnabled 0 -SuppressXAnonymousTls $true -AuthMechanism none
#Change the Banner & Response to FQDN of EMail Server rather than the internal hostname
Set-ReceiveConnector -Identity $Receiver1 -Banner $Banner -Fqdn $FQDN
Exchange 2016 response to EHLO – ESMTP Verb Disabled
We will monitor closely with client to see is there any issues happen with this implementation.