exchange 2013 recipient filtering
I went through all the steps to enable recipient filtering in Exchange 2013 so that users who are not in the directory are outright rejected however using telnet, i can still relay mail to users that do not exist.
Set-RecipientFilterConfig -Enabled $trueSet-RecipientFilterConfig -BlockListEnabled $trueSet-RecipientFilterConfig -RecipientValidationEnabled $true
however:
telnet exchange.domain.com 25
Trying xxxxxxxx...
Connected to xxxxxxxxx.
Escape character is '^]'.
220 xxxxxxxxx Microsoft ESMTP MAIL Service ready at Tue, 5 Mar 2013 08:02:40 -0500
helo joe 250 xxxxxxx Hello [xxxxxxx]
mail from:<xxxxxxxx>
250 2.1.0 Sender OK
rcpt to:<nouser@domain.com>
250 2.1.5 Recipient OK
March 5th, 2013 8:08am
Do you have any user in the "blocked list"?
What are you trying to achieve, block emails to users who are not in AD?Rajith Enchiparambil |
http://www.howexchangeworks.com |
Free Windows Admin Tool Kit Click here and download it now
March 5th, 2013 8:45am
Yes that is exactly what i am trying to achieve. However when enabled on previous version of Exchange i was not able to telnet afterwords
March 5th, 2013 8:50am
Hi,
After making the changes to the transport service, have you restarted the 'Microsoft Exchange Transport Service'?Regards from ExchangeOnline
Windows Administrator's Area
Free Windows Admin Tool Kit Click here and download it now
March 5th, 2013 8:51am
yes indeed.
March 5th, 2013 9:03am
Hello
Thank you for your question.
I am trying to involve someone familiar with this topic to further look at this issue.
Terence Yu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 5th, 2013 9:42pm
Hi,
What is the incoming mail flow of your organization? Is it
internet -> gateway /anti-spam -> exchange server ?
or
internet -> exchange server ?
In the first senario, the gateway would not perform the recipient check and the configurations you made would not work if you try to telnet the gateway. But actually after the gateway receive the message, the Exchange server would check the recipient.
In the second senario, if we use the accounts of your authoritative domain to telnet and send the message, the recipient filter would not apply.
And did you enable the anonymous relay on your receive connector? If we temporarily create a new one, could we reproduce this issue with this new connector?
Thanks,
Andy
March 6th, 2013 1:32am
Hi,
I have also noticed that Recipientfiltering doesn't work exactly the same way as in EX07/EX10.
When enabled, you should get an 550 5.1.1 User unknown after the ending period (see below)
mail from:<xxxx@xxxx.xx>
250 2.1.0 Sender OK
rcpt to:<nouser@domain.com>
250 2.1.5 Recipient OK
data
354 Start mail input; end with <CRLF>.<CRLF>
Write some Text Here
.
550 5.1.1 User unknownMartina Miskovic
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2013 4:40am
Hello,
The second scenario is what I am using. I was using telnet to a user that does not exist in my authoritative domain, ie : nouser@domain.com and got the 250 2.1.5 Recipient OK. In Exchange 2010 or 2003 with recipient filtering enabled I would have received
550 5.1.1 User unknown.
Anonymous relay is enabled on my receive connector just as it was in 2010 or 2003
March 6th, 2013 8:28am
Hi,
Is this normal then?
I get this with EX10
mail from:<xxx@xxx.xx>
250 2.1.0 Sender OK
rcpt to:<nouser@domain.com>
550 5.1.1 User unknown
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2013 8:33am
Hi,
Is this normal then?
I get this with EX10
mail from:<xxx@xxx.xx>
250 2.1.0 Sender OK
rcpt to:<nouser@domain.com>
550 5.1.1 User unknown
That is my understanding, yes.
Note that the message is never submitted to the queue and that the Recipient Filter Agent logs this with the reason "RecipientDoesNotExist" (just as in EX10) in the Agent Logs.Martina Miskovic
March 6th, 2013 8:45am
That's too late. Should reject before "data". Is there a way around this? Thanks.
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2013 9:53am
Hi,
I have also noticed that Recipientfiltering doesn't work exactly the same way as in EX07/EX10.
When enabled, you should get an 550 5.1.1 User unknown after the ending period (see below)
mail from:<xxxx@xxxx.xx>
250 2.1.0 Sender OK
rcpt to:<nouser@domain.com>
250 2.1.5 Recipient OK
data
354 Start mail input; end with <CRLF>.<CRLF>
Write some Text Here
.
550 5.1.1 User unknownMartina Miskovic
March 6th, 2013 12:33pm
Hi,
Encountered a similar scenario in the TechNet Italian community- as of now the thread is still open, and we could repro this behavior so far.
I am sharing here the direct link to the
repro - just sorry that it's in Italian (automated Bing translation of the entire thread can be consulted here).
Hope that helps, Anca Popa
Microsoft offre questo servizio gratuitamente, per aiutare gli utenti e aumentare il database dei prodotti e delle tecnologie. Il contenuto viene fornito “così come è” e non comporta alcuna responsabilità da parte dell'azienda.
Free Windows Admin Tool Kit Click here and download it now
March 9th, 2013 5:20pm
That's too late. Should reject before "data". Is there a way around this? Thanks.
Hi jalabert,
Adding to Martina's insights above, I think this is expected in Exchange 2013. Recipient Filtering is only present on Mailbox server role. Client Access Role will proxy SMTP session to Mailbox server but CAS will not effectively manage the Recipient
filtering part.
In fact, CAS needs the RCPT TO information in order to determine the best Mailbox Server to which it can proxy connection to. Connection from CAS to MBX will be established only after DATA being received by CAS from external SMTP server. CAS will pass
to Mailbox server SMTP commands it received from external SMTP server. That is why you observe that "User unknown" only at the very end of the session.
Hope this clarifies a bit,Anca Popa
Microsoft offre questo servizio gratuitamente, per aiutare gli utenti e aumentare il database dei prodotti e delle tecnologie. Il contenuto viene fornito “così come è” e non comporta alcuna responsabilità da parte dell'azienda.
March 15th, 2013 4:17pm
Good to know AncaRajith Enchiparambil |
http://www.howexchangeworks.com |
Free Windows Admin Tool Kit Click here and download it now
March 15th, 2013 6:26pm