Disabled ESMTP in Exchange 2016 for PCI DSS Compliance

  • by

We got a request from client to disable ESMTP in Exchange 2016 for PCI DSS Compliance

This is the default Exchange 2016 response for EHLO

Based on the documentation from Microsoft on Exchange 2016 Receiver

#Variable 
$Receiver1="Default Frontend MYLAB-EX16"
$Server1 = "MYLAB-EX16"

$Banner = "220 mail.aventistech.info" #MUST start with 220 
$FQDN = "mail.mail.aventistech.info" 

#Disable Default ESMTP Verb for CMP-EMAIL-01 
Set-TransportServer -Identity $Server1 -UseDowngradedExchangeServerAuth $true
Set-ReceiveConnector -Identity $Receiver1 -SizeEnabled Disabled -PipeliningEnabled 0 -EnhancedStatusCodesEnabled 0 -DeliveryStatusNotificationEnabled 0 -BinaryMimeEnabled 0 `
-ChunkingEnabled 0 -EightBitMimeEnabled 0 -SuppressXAnonymousTls $true -AuthMechanism none

#Change the Banner & Response to FQDN of EMail Server rather than the internal hostname 
Set-ReceiveConnector -Identity $Receiver1 -Banner $Banner -Fqdn $FQDN

Exchange 2016 response to EHLO – ESMTP Verb Disabled

We will monitor closely with client to see is there any issues happen with this implementation.