Solved

exchange 2003 Inbound Recipient Filtering at smtp level is not working

Posted on 2009-05-04
8
792 Views
Last Modified: 2012-06-21
Hello,

I know this question has been  'answered' before, but I cannot get it to work.

We have a front-end, back-end Exchange setup. Our front-end server is named RAHU and the back-end server is KETU.

Everything is sent from our anti-spam server (JAGANNATH) to RAHU for domain delivery. I have recipient filtering setup and yes, it is enabled on RAHU's SMTP Default Virtual Server.

If I put add an address manually in the recipient filter and send a message to that address, it will return a 550 5.7.1 code - mailbox unavailable - which is correct.  If I send a message to a person not in the domain, but NOT in the manual list, I expect the same behavior. Instead, it accepts the messaage, THEN sends out an NDR. I need it to not accept any e-mail to recipients not in our active directory.

Please help!

Prasad
0
Comment
Question by:iameye
  • 5
  • 3
8 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24300233
If you have an antispam server then that should be doing the recipient filtering. Doing it after delivery is too late. How does your antispam filter deal with the message rejection? Does it try to send it back out? If so you are causing back scatter. Recipient filtering is only effective at the gateway.

If the telnet test doesn't give the right results then I would have to suspect that the change isn't being written to the IIS metabase correctly. As a test, if you enable it on the backend server, and telnet directly, does it work there?

Simon.
0
 

Author Comment

by:iameye
ID: 24300687
The anti-spam server opens up a connection to RAHU and asks it if the recipient is good or not. If it receives a 550 5.7.1 code, it stops - if it receives the accept, it goes through its paces (anti-virus, anti-spam, delay filter, dnsbl, etc..), then actually sends the message to RAHU if it passes the tests, otherwise it just deleltes the e-mail.

I enabled it on the back-end server KETU as you said, restarted the smtp default virtual server and telnet'd like you asked. Same exact issue. rpct to gives 550 5.7.1 for the one in the list and 250.2.1.5 for ANY other address with the domain attached to the name.

Prasad
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 50 total points
ID: 24303621
That would tend to point to the setting not being seen from Exchange.
Deselect the option in Global Settings and then restart System Attendant on all servers. Then enable the Recipient Filtering option in Exchange again.

Simon.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:iameye
ID: 24310784
Will try this out tomorrow night.

Prasad
0
 

Author Comment

by:iameye
ID: 24318931
Did not work. Checked all the settings. Everytihing is working fine except for the active directory lookup of recipients - again, if I put in an address manually to filter, it does that with no issue - so the setting is working, but just not completely. Neither Exchange server is a domain server, but has contact with the main domain server (global catalog server) on the same subnet. I have no issues using Active Directory tools from the server, so it is able to read my domain active directory. I also read that the recipient filter must be applied on the bridgehead server in the connector that I am using in order for it to work - RAHU is the bridgehead server and, as mentioned, that is where it is applied on its default smtp server. Also tried completely restarting the servers after changes.

Should I try stopping the default smtp and creating a new smtp on RAHU to see if that works?

Prasad
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24319228
Recipient filtering the list is done in a different way to filtering for unknown recipients. Therefore you will get a different response from memory.
I have never seen the feature fail, it is always just worked. It is very odd. I don't know what else to suggest.

Simon.
0
 

Author Comment

by:iameye
ID: 24321511
Okay, I figured it out!!!! Will enter everything here tomorrow.
0
 

Accepted Solution

by:
iameye earned 0 total points
ID: 24330972
Alright, realized that the Recipient Policies are tied in with this. Our default recipient policy did not have "This organization is responsible for all mail delivery to this address" checked. In fact, the checkbox was grayed out. We opted to not have dual domains so that is our inside and outside domain.

To get at the grayed out checkbox, I created a second smtp domain such as @temp.com and clicked on 'set as primary'. Now I went in to edit our actual domain and the checkbox was available, which I marked as checked ("This organization is responsible for all mail delivery to this address"). Then I set the actual domain and marked it as primary, then removed the temp.com smtp listing.

Everything worked perfectly after that, even without restarting anything!

Prasad
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question