Knowledgebase: outmail
How do I reject incoming email for unknown users in MS Exchange 2013?

Problem:

How do I reject incoming email for unknown users in MS Exchange 2013?
How do I setup a recipient filter to reject unknown users in MS Exchange 2013?

Solution:

Recipient filters work differently in MS Exchange 2013 compared to previous version. As you can see from the session below the reject is done after the DATA is processed.

mail from:<me@example.com>
250 2.1.0 Sender OK
rcpt to:<nouser@domain.com>
250 2.1.5 Recipient OK
data
354 Start mail input; end with 
Write some Text Here.
.
550 5.1.1 User unknown

The below example shows you how to setup a recipient filter for MS Exchange to reject unknown users.

This solution is for Exchange Servers 2013 and using the anti-spam agent for exchange. This is an available feature in the Edge Transport Server. However if you don't have Edge Transport Server it is possible to install the anti-spam agent in the Hub Transport Server. Instructions for this can be found here.

First lets verify the Anti-Spam Functionality is enabled

  1. Start the Exchange Management Shell (EMS)
  2. Type the following:

    Get-TransportAgent

    Make sure the recipient filter agent is available and enabled. If its not available then follow the link above on installing the anti-spam agent. If is available but disabled you can enable it by the below command

    Enable-TransportAgent "Recipient Filter Agent"

Restart the Exchange Transport service after making the above changes.

The next step is to ensure your accepted domains are using the AddressBook for checking for valid recipients. By default this should be enabled when you set up Exchange as an authoritative Mailbox Server for you domain.

  1. To check your server is going the AddressBook for validation do the following

    Get-AcceptedDomain | Format-List Name,AddressBookEnabled

    It should provide you with a list of all accepted domains and if the AddressBook is enable or not. If by any chance Exchange is not Authoritative and the AddressBook is disabled then enable it with:

    Set-AcceptedDomain <name of accepted domain> -AddressBookEnabled $true

    Or, to enable for all domains (caution, make sure you are not relaying any domains before runing this)

    Get-AcceptedDomain | Set-AcceptedDomain -AddressBookEnabled $true

Now you should have Recipient Filter enabled on you Mailbox Server and AddressBook enabled on you domain. But, if you test this now, it probably still won't work. That's because Validation is still disabled.

  1. To check the status of validation run the following

    Get-RecipientFilterConfig | FL Enabled,RecipientValidationEnabled

    It should return that Recipient Filter is enable, but validation is not

    Enabled : True
    RecipientValidationEnabled : False
  1. To enable validation run the following

    Set-RecipientFilterConfig -RecipientValidationEnabled $true

  2. Restart the Exchange Transport service

If we now test we should see a reject on the unknown user.

mail from:<me@example.com>
250 2.1.0 Sender OK
rcpt to:<real-user@domain.com>
250 2.1.5 Recipient OK
rcpt to:<nouser@domain.com>
550 5.1.1 Address Unknown

 

(25 vote(s))
Helpful
Not helpful





Disclaimer
The Origin of this information may be internal or external to Prolateral Consulting Ltd. Prolateral makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Prolateral makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.