Verificação de destinatários no Exchange

De Porcupine E-Mail Protection

The Microsoft Exchange mail server should reject email to non-existing users. If it's wrongly configured, as a result it may be accepting email to non-existent users. Regular mail servers should always have recipient filtering enabled, to automatically reject emails to non-existent users.

The mechanism behind a wrongly setup Exchange is that it first accepts the email, and then decides if it will reject or accept the email, thus generating its own Non-Delivery Report and try to send it back to the sender.

This can consume resources to generate the local NDR and send it back to the original sender, which will then be flooded with Non-Delivery Reports.

To avoid such situations, we recommend to enable the recipient verification on your Exchange email server, as follows:

Exchange 2007

The Recipient Filtering can be enabled or disabled in Microsoft Exchange 2007 email server via the Management Console or the Management Shell, as follows:

Exchange Management Console

In the Exchange Management Console, go to Edge Transport.

Then in the work pane, select the Anti-Spam tab, and then choose Recipient Filtering.

Now just enable the Recipient Filtering feature.

Exchange Management Shell

First open the Management Shell and issue the following command to enable the Recipient Filtering:

Set-RecipientFilterConfig -Enabled $true

To disable recipient filtering, issue the following command in the Management Shell:

Set-RecipientFilterConfig -Enabled $false

For more information, check this article from the Exchange 2007 knowledgebase.

Exchange 2010

The Recipient Filtering can be enabled or disabled in Microsoft Exchange 2010 email server via the Management Console or the Management Shell, as follows:

Exchange Management Console

First open the Management Console on the Edge Transport server.

Click on Edge Transport from the console tree, and select the Anti-Spam tab from the work pane. Now go to Sender Filtering and click enable.

Be advised: You need the necessary permissions to access the anti-spam features from Exchange 2010.

Exchange Management Shell

First open the Management Shell and issue the following command to enable the Recipient Filtering:

Set-SenderFilterConfig -Enabled $true

To disable recipient filtering, issue the following command in the Management Shell:

Set-SenderFilterConfig -Enabled $false

Be advised: You need the necessary permissions to access the anti-spam features from Exchange 2010.

For more information, check this article from the Exchange 2010 knowledgebase.

Please ensure that you are not using the default standalone installation with no Edge Transport server, because the Anti-Spam function is not installed. To enable it, see more details here.

Exchange 2013

In Exchange 2013 Microsoft has changed the way it handles recipient callouts, by doing this check post DATA. This means even if the recipient validation is enabled on the mail server, any recipient callout responds with a "250 OK" response for invalid recipients, therefore leaving us with no valid way of checking if the recipient is valid or not.

Fortunately there's a workaround for this issue. On a default installation of Exchange 2013, a secondary port is open (port 2525). If you enable “Anonymous Users” on the default hub transport then it is then possible to use this secondary port (2525) for both deliveries and correctly be able to verify recipients with a standard recipient callout.“

Please note that this setup has only been verified in a closed testing environment, and may require testing before deploying on any live setup.

You will also as like other versions still need to make sure that the following has been done.

First check if the Anti-Spam Agent is installed on the server via the shell:

Get-TransportAgent

Then ensure the Recipient Filter Agent is installed and enabled, if not use the following command:

& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

Now check if it is enabled:

& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

Enable the AddressBook needed for all domains to check for recipients:

Get-AcceptedDomain | Format-List Name,AddressBookEnabled

If the AddressBook is disabled, use the following command:

Set-AcceptedDomain example.com -AddressBookEnabled $true

* Replace example.com with your domain

Now restart the Exchange Transport service.

To ensure the Recipient validation is enabled issue the following command:

Set-RecipientFilterConfig -RecipientValidationEnabled $true

And restart the transport service again.

Check if the Recipient Filtering actually works by opening a telnet session on port 2525 of the mail server and issue the following: 

HELO example.com
MAIL From:<test@example.com> 
RCPT To:<nonexistent_user@example.com>

Now ensure Porcupine E-Mail Protection uses port 2525 to deliver e-mails on destination host.

Disponível em "http://wiki.porcupine.email/index.php?title=Verificação_de_destinatários_no_Exchange&oldid=128"