I went through all the steps to enable recipient filtering in Exchange 2013 so that users who are not in the directory are outright rejected however using telnet, i can still relay mail to users that do not exist. Set-RecipientFilterConfig -Enabled $trueSet-RecipientFilterConfig -BlockListEnabled $trueSet-RecipientFilterConfig -RecipientValidationEnabled $true however: telnet exchange.domain.com 25 Trying xxxxxxxx... Connected to xxxxxxxxx. Escape character is '^]'. 220 xxxxxxxxx Microsoft ESMTP MAIL Service ready at Tue, 5 Mar 2013 08:02:40 -0500 helo joe 250 xxxxxxx Hello [xxxxxxx] mail from:<xxxxxxxx> 250 2.1.0 Sender OK rcpt to:<nouser@domain.com> 250 2.1.5 Recipient OK

Do you have any user in the "blocked list"? What are you trying to achieve, block emails to users who are not in AD?Rajith Enchiparambil | http://www.howexchangeworks.com |

Yes that is exactly what i am trying to achieve. However when enabled on previous version of Exchange i was not able to telnet afterwords

Hi, After making the changes to the transport service, have you restarted the 'Microsoft Exchange Transport Service'?Regards from ExchangeOnline Windows Administrator's Area

yes indeed.

Hello Thank you for your question. I am trying to involve someone familiar with this topic to further look at this issue. Terence Yu TechNet Community Support

Hi, What is the incoming mail flow of your organization? Is it internet -> gateway /anti-spam -> exchange server ? or internet -> exchange server ? In the first senario, the gateway would not perform the recipient check and the configurations you made would not work if you try to telnet the gateway. But actually after the gateway receive the message, the Exchange server would check the recipient. In the second senario, if we use the accounts of your authoritative domain to telnet and send the message, the recipient filter would not apply. And did you enable the anonymous relay on your receive connector? If we temporarily create a new one, could we reproduce this issue with this new connector? Thanks, Andy

Hi, I have also noticed that Recipientfiltering doesn't work exactly the same way as in EX07/EX10. When enabled, you should get an 550 5.1.1 User unknown after the ending period (see below) mail from:<xxxx@xxxx.xx> 250 2.1.0 Sender OK rcpt to:<nouser@domain.com> 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> Write some Text Here . 550 5.1.1 User unknownMartina Miskovic

Hello, The second scenario is what I am using. I was using telnet to a user that does not exist in my authoritative domain, ie : nouser@domain.com and got the 250 2.1.5 Recipient OK. In Exchange 2010 or 2003 with recipient filtering enabled I would have received 550 5.1.1 User unknown. Anonymous relay is enabled on my receive connector just as it was in 2010 or 2003

Hi, Is this normal then? I get this with EX10 mail from:<xxx@xxx.xx> 250 2.1.0 Sender OK rcpt to:<nouser@domain.com> 550 5.1.1 User unknown

Hi, Is this normal then? I get this with EX10 mail from:<xxx@xxx.xx> 250 2.1.0 Sender OK rcpt to:<nouser@domain.com> 550 5.1.1 User unknown That is my understanding, yes. Note that the message is never submitted to the queue and that the Recipient Filter Agent logs this with the reason "RecipientDoesNotExist" (just as in EX10) in the Agent Logs.Martina Miskovic

That's too late. Should reject before "data". Is there a way around this? Thanks.

Hi, I have also noticed that Recipientfiltering doesn't work exactly the same way as in EX07/EX10. When enabled, you should get an 550 5.1.1 User unknown after the ending period (see below) mail from:<xxxx@xxxx.xx> 250 2.1.0 Sender OK rcpt to:<nouser@domain.com> 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> Write some Text Here . 550 5.1.1 User unknownMartina Miskovic

Hi, Encountered a similar scenario in the TechNet Italian community- as of now the thread is still open, and we could repro this behavior so far. I am sharing here the direct link to the repro - just sorry that it's in Italian (automated Bing translation of the entire thread can be consulted here). Hope that helps, Anca Popa Microsoft offre questo servizio gratuitamente, per aiutare gli utenti e aumentare il database dei prodotti e delle tecnologie. Il contenuto viene fornito “così come è” e non comporta alcuna responsabilità da parte dell'azienda.

That's too late. Should reject before "data". Is there a way around this? Thanks. Hi jalabert, Adding to Martina's insights above, I think this is expected in Exchange 2013. Recipient Filtering is only present on Mailbox server role. Client Access Role will proxy SMTP session to Mailbox server but CAS will not effectively manage the Recipient filtering part. In fact, CAS needs the RCPT TO information in order to determine the best Mailbox Server to which it can proxy connection to. Connection from CAS to MBX will be established only after DATA being received by CAS from external SMTP server. CAS will pass to Mailbox server SMTP commands it received from external SMTP server. That is why you observe that "User unknown" only at the very end of the session. Hope this clarifies a bit,Anca Popa Microsoft offre questo servizio gratuitamente, per aiutare gli utenti e aumentare il database dei prodotti e delle tecnologie. Il contenuto viene fornito “così come è” e non comporta alcuna responsabilità da parte dell'azienda.

Good to know AncaRajith Enchiparambil | http://www.howexchangeworks.com |