Solved

exchange 2003 Inbound Recipient Filtering at smtp level is not working

Posted on 2009-05-04
8
785 Views
Last Modified: 2012-06-21
Hello,

I know this question has been  'answered' before, but I cannot get it to work.

We have a front-end, back-end Exchange setup. Our front-end server is named RAHU and the back-end server is KETU.

Everything is sent from our anti-spam server (JAGANNATH) to RAHU for domain delivery. I have recipient filtering setup and yes, it is enabled on RAHU's SMTP Default Virtual Server.

If I put add an address manually in the recipient filter and send a message to that address, it will return a 550 5.7.1 code - mailbox unavailable - which is correct.  If I send a message to a person not in the domain, but NOT in the manual list, I expect the same behavior. Instead, it accepts the messaage, THEN sends out an NDR. I need it to not accept any e-mail to recipients not in our active directory.

Please help!

Prasad
0
Comment
Question by:iameye
  • 5
  • 3
8 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24300233
If you have an antispam server then that should be doing the recipient filtering. Doing it after delivery is too late. How does your antispam filter deal with the message rejection? Does it try to send it back out? If so you are causing back scatter. Recipient filtering is only effective at the gateway.

If the telnet test doesn't give the right results then I would have to suspect that the change isn't being written to the IIS metabase correctly. As a test, if you enable it on the backend server, and telnet directly, does it work there?

Simon.
0
 

Author Comment

by:iameye
ID: 24300687
The anti-spam server opens up a connection to RAHU and asks it if the recipient is good or not. If it receives a 550 5.7.1 code, it stops - if it receives the accept, it goes through its paces (anti-virus, anti-spam, delay filter, dnsbl, etc..), then actually sends the message to RAHU if it passes the tests, otherwise it just deleltes the e-mail.

I enabled it on the back-end server KETU as you said, restarted the smtp default virtual server and telnet'd like you asked. Same exact issue. rpct to gives 550 5.7.1 for the one in the list and 250.2.1.5 for ANY other address with the domain attached to the name.

Prasad
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 50 total points
ID: 24303621
That would tend to point to the setting not being seen from Exchange.
Deselect the option in Global Settings and then restart System Attendant on all servers. Then enable the Recipient Filtering option in Exchange again.

Simon.
0
 

Author Comment

by:iameye
ID: 24310784
Will try this out tomorrow night.

Prasad
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:iameye
ID: 24318931
Did not work. Checked all the settings. Everytihing is working fine except for the active directory lookup of recipients - again, if I put in an address manually to filter, it does that with no issue - so the setting is working, but just not completely. Neither Exchange server is a domain server, but has contact with the main domain server (global catalog server) on the same subnet. I have no issues using Active Directory tools from the server, so it is able to read my domain active directory. I also read that the recipient filter must be applied on the bridgehead server in the connector that I am using in order for it to work - RAHU is the bridgehead server and, as mentioned, that is where it is applied on its default smtp server. Also tried completely restarting the servers after changes.

Should I try stopping the default smtp and creating a new smtp on RAHU to see if that works?

Prasad
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24319228
Recipient filtering the list is done in a different way to filtering for unknown recipients. Therefore you will get a different response from memory.
I have never seen the feature fail, it is always just worked. It is very odd. I don't know what else to suggest.

Simon.
0
 

Author Comment

by:iameye
ID: 24321511
Okay, I figured it out!!!! Will enter everything here tomorrow.
0
 

Accepted Solution

by:
iameye earned 0 total points
ID: 24330972
Alright, realized that the Recipient Policies are tied in with this. Our default recipient policy did not have "This organization is responsible for all mail delivery to this address" checked. In fact, the checkbox was grayed out. We opted to not have dual domains so that is our inside and outside domain.

To get at the grayed out checkbox, I created a second smtp domain such as @temp.com and clicked on 'set as primary'. Now I went in to edit our actual domain and the checkbox was available, which I marked as checked ("This organization is responsible for all mail delivery to this address"). Then I set the actual domain and marked it as primary, then removed the temp.com smtp listing.

Everything worked perfectly after that, even without restarting anything!

Prasad
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now