• All Files
Settings  >  Domains  >  Enabling Recipient Verification  >  Enabling Recipient Verification in Microsoft Exchange

Enabling Recipient Verification in Microsoft Exchange

The dynamic recipient verification feature of GFI OneConnect relies on the capacity of the mail server to be able to detect which users belong to the domain and automatically reject users that did not exist.

Depending on the version of your Microsoft Exchange Server different methods can be used to enable recipient verification.

Follow the recommendations below to enable this feature on your mail server:

ClosedMicrosoft Office 365

To enable Recipient Verification in Office 365 you need:

  • To have Exchange Online Protection enabled
  • To use a Global Admin or an Exchange Company Administrator account.
  • Enable Directory Based Edge Blocking (DBEB) feature from Office 365 to reject messages for nonexistent recipients.

For more information see https://technet.microsoft.com/en-us/library/dn600322%28v=exchg.150%29.aspx

ClosedMicrosoft Exchange 2013/2016

In Exchange 2013 Microsoft recipient checking is done after DATA reception. This means even if the recipient validation is enabled on the mail server, any recipient check gets a "250 OK" response for invalid recipients.

To work around this problem you need to enable “Anonymous Users” on the Default Hub Transport connector and access the server on port 2525. In this way, invalid recipients are rejected after they are specified using the RCPT TO command.

To enable Recipient verification in Microsoft Exchange 2013/2016:

Step1: Check if the Exchange Anti-Spam Agents are installed and enabled
  1. Login to the Microsoft Exchange Server with administrative credentials.
  2. Open the Exchange Management Shell.
  3. Run the following command: Get-TransportAgent
  4. Ensure that the Recipient Filter Agent is installed and enabled.
  5. If Recipient Filter Agent is not installed, run the following command:

& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

  1. If Recipient Filter Agent is installed but not enabled, run the following command:

Enable-TransportAgent "Recipient Filter Agent"

  1. Restart the Exchange Transport service after changes in the Recipient Filter.
Step 2: Ensure AddressBook is enabled
  1. Run the following command in the Exchange Management Shell:

Get-AcceptedDomain | Format-List Name,AddressBookEnabled

  1. Then ensure the Address Book is enabled.
  2. If the AddressBook is disabled, use the following command replacing example.com with your domain:

Set-AcceptedDomain example.com -AddressBookEnabled $true

  1. Restart the Exchange Transport service.
Step 3: Ensure Recipient Validation is enabled
  1. Run the following command in the Exchange Management Shell:

Get-RecipientFilterConfig | FL Enabled,RecipientValidationEnabled

  1. If Recipient Validation is disabled use the following command:

Set-RecipientFilterConfig -RecipientValidationEnabled $true

  1. Restart the Exchange transport service after changes in Recipient Validation configuration.
Step 4: Allow access to the Default receive connector
  1. Open the Exchange Administrative Center.
  2. Navigate to Mail Flow > Receive Connectors.
  3. Select your Default connector, and click Edit.
  4. Open the SecurityA service provided by GFI OneConnect that protects your inbound email from viruses, filters out spam and provides mail monitoring features. tab and ensure that Anonymous users are allowed.
  5. Restart the Exchange transport service to apply the changes.
  6. If your GFI OneConnect server accesses your mail server via your firewall, ensure that port 2525 is allowed.
Step 5: Test Recipient Filtering

Check if the Recipient Filtering actually works by opening a telnet session via port 2525 on the mail server and try to send an email to an invalid user. The connection should not be completed.

For more information on how to perform a telnet test see https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx

Step 6: Configure GFI OneConnect to use port 2525 for Dynamic Recipient Verification

To edit a GFI OneConnect domain:

  1. Login to GFI OneConnect with an administrator account.
  2. From the top-right menu, navigate to Settings > Domains.
  1. Click from the right-top corner of the domain box.
  2. Open the Recipient Verification tab and under the MailServer enter the public FQDN or the public IP address of the mail server followed by port 2525. For example:
  • 192.168.0.1:2525
  • mail.example.com:2525

 

Step 7: (Optional, but recommended) Disable other Anti-Spam Agents

You may want to disable other Anti-SpamAn irrelevant or unsolicited email sent over for the purposes of advertising, phishing, spreading malware, etc. Agents so that only recipient verification is enabled. This prevents issues such as for example your mail server blocking the GFI OneConnect QuarantineA email database where emails detected as spam and/or malware are stored in a controlled enviornment. Quarantined emails are not a threat to the network Report. This report contains a list of Subject lines from spam emails and may be blocked as spam by the Content Filter Agent.

To disable other anti-spam agents:

  1. Open the Exchange Management Shell.
  2. Run the following commands:

Set-SenderFilterConfig -Enabled $false

Set-SenderIDConfig -Enabled $false

Set-ContentFilterConfig -Enabled $false

Set-SenderReputationConfig -Enabled $false

  1. Type Y to accept the changes.
  2. Restart the Exchange transport service.

ClosedMicrosoft Exchange 2007/2010

Follow these steps to enable Recipient Verification in Microsoft Exchange 2007/2010:

  1. Login to the Microsoft Exchange Server with administrative credentials.
  2. Open the Exchange Management Shell.
  3. Run the following command:

Set-RecipientFilterConfig -Enabled $true

  1. Restart the Exchange transport service.

For more information see https://technet.microsoft.com/en-us/library/bb124087(v=exchg.141).aspx

Try now, for free

Related Topics

GFI OneConnect Help System v1.3
Copyright © GFI Software Ltd 2017
Free Trial