Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.
Solved
exchange 2003 Inbound Recipient Filtering at smtp level doesn't work
Posted on 2004-08-11
I wan't to use the filter recipients rules at smtp level as defined in Exchange 2003.
My intranet domain is SOLID-DYNAMICS.OFFICE
I receive emails for domain SOLID-DYNAMICS.COM and SOLID-DYNAMICS.FR
I've configured my server properly (it's seems) (I've just upgrade my serveur in EXC2003, we have a EXC2000 Server before)
I've read and applyed the document downloaded at : http://download.microsoft.com/download/9/4/d/94df821b-45fe-48fa-a866-dec23513d700/WN2k3.exe named "What's new in excahnge 2003" chapter : "Inbound Recipient Filtering page 166".
When I telnet my server, all recipients are accepted even if they are not in AD.
I've also added directly some users in the list box, but nothing to do : all recipients are allowed...
Need help, my server receive at leat 90% of junk email on wrong adress and send NDR...
Thanks
My intranet domain is SOLID-DYNAMICS.OFFICE
I receive emails for domain SOLID-DYNAMICS.COM and SOLID-DYNAMICS.FR
I've configured my server properly (it's seems) (I've just upgrade my serveur in EXC2003, we have a EXC2000 Server before)
I've read and applyed the document downloaded at : http://download.microsoft.com/download/9/4/d/94df821b-45fe-48fa-a866-dec23513d700/WN2k3.exe named "What's new in excahnge 2003" chapter : "Inbound Recipient Filtering page 166".
When I telnet my server, all recipients are accepted even if they are not in AD.
I've also added directly some users in the list box, but nothing to do : all recipients are allowed...
Need help, my server receive at leat 90% of junk email on wrong adress and send NDR...
Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
2
5 Comments
By default Exchange won't process the recipient until after it has received the message as long as the domain part is valid per the recipient policy(s).
If you enable recipient filtering and check "Filter recipients who are not in the directory" then you will get 550's for invalid local recipients.
This will eliminate the need for your system to generate NDR's for messages that are sent to non-existent users. Which in the case of spammers, the sender is either an invalid destination (NDR gets stuck in retry until the message times out) or an invalid user. Both of these case caues the NDR to be dumped in the badmail directory, thus making it difficult to keep track of real badmail issues.
On the other side of the coin, it makes it easier for a remote party to perform a directory harvest attack. Please note the word easier, as some people are under the false assumption that DHA's can't happen if you don't have recipient filtering. DHA's can happen without recipient filtering by processing NDR's and removing the recipients from the spamlist.
If you enable recipient filtering and check "Filter recipients who are not in the directory" then you will get 550's for invalid local recipients.
This will eliminate the need for your system to generate NDR's for messages that are sent to non-existent users. Which in the case of spammers, the sender is either an invalid destination (NDR gets stuck in retry until the message times out) or an invalid user. Both of these case caues the NDR to be dumped in the badmail directory, thus making it difficult to keep track of real badmail issues.
On the other side of the coin, it makes it easier for a remote party to perform a directory harvest attack. Please note the word easier, as some people are under the false assumption that DHA's can't happen if you don't have recipient filtering. DHA's can happen without recipient filtering by processing NDR's and removing the recipients from the spamlist.
>> If you enable recipient filtering and check "Filter recipients who are not in the directory" then you will get 550's for invalid local recipients.
That's what I want. Never mind for DHA now...
The problem is that we have a lot of customers that are not well protected against viruses, and that's why we receice a lot of junk or viruses emails.
Our spam and virus scan engine clean every of them, but this morning we have recevied 11 legitimate emails, 83 junk emails, and 642 unknown user mail...
The strange thing is that I've already done it on an other exchange 2003 server as it's explain on the word documentation from MS and it's working fine, but I can figure out why it doesn't work for this server. The only difference I can see is That this one is an upgrade from EXC2000 and the other is a fresh install.
Thanks
That's what I want. Never mind for DHA now...
The problem is that we have a lot of customers that are not well protected against viruses, and that's why we receice a lot of junk or viruses emails.
Our spam and virus scan engine clean every of them, but this morning we have recevied 11 legitimate emails, 83 junk emails, and 642 unknown user mail...
The strange thing is that I've already done it on an other exchange 2003 server as it's explain on the word documentation from MS and it's working fine, but I can figure out why it doesn't work for this server. The only difference I can see is That this one is an upgrade from EXC2000 and the other is a fresh install.
Thanks
"Recipient filter rules apply only to anonymous connections. Authenticated users and Exchange servers bypass these validations". ref the doc you put a link to.
make sure no one is relaying
also look at this doc see if it helps http://support.microsoft.com/default.aspx?scid=KB;EN-US;823866
make sure no one is relaying
also look at this doc see if it helps http://support.microsoft.com/default.aspx?scid=KB;EN-US;823866
A friend of mine tell me to try to repair my installation, because sometimes there is problem with upgrade...
That's what I've done, and all is working fine now...
The repair has removed a connector used to fight relay in EXC2000, it's perhaps this connector that cause the problem.
Anyway thank for your time Microtech.
Topic is closed.
That's what I've done, and all is working fine now...
The repair has removed a connector used to fight relay in EXC2000, it's perhaps this connector that cause the problem.
Anyway thank for your time Microtech.
Topic is closed.
Glad I could help a bit... if you feel I am deserving of the points the accept one of my comments
or if you wish to close then post a please close this question link in community support http://www.experts-exchange.com/Community_Support/
or if you wish to close then post a please close this question link in community support http://www.experts-exchange.com/Community_Support/
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it.
The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online.
The email signature template has been downloaded from:
www.mail-signatures…
Suggested Courses
Course of the Month7 days, 20 hours left to enroll
610 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.