Solved

exchange 2003 Inbound Recipient Filtering at smtp level is not working

Posted on 2009-05-04
8
791 Views
Last Modified: 2012-06-21
Hello,

I know this question has been  'answered' before, but I cannot get it to work.

We have a front-end, back-end Exchange setup. Our front-end server is named RAHU and the back-end server is KETU.

Everything is sent from our anti-spam server (JAGANNATH) to RAHU for domain delivery. I have recipient filtering setup and yes, it is enabled on RAHU's SMTP Default Virtual Server.

If I put add an address manually in the recipient filter and send a message to that address, it will return a 550 5.7.1 code - mailbox unavailable - which is correct.  If I send a message to a person not in the domain, but NOT in the manual list, I expect the same behavior. Instead, it accepts the messaage, THEN sends out an NDR. I need it to not accept any e-mail to recipients not in our active directory.

Please help!

Prasad
0
Comment
Question by:iameye
  • 5
  • 3
8 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24300233
If you have an antispam server then that should be doing the recipient filtering. Doing it after delivery is too late. How does your antispam filter deal with the message rejection? Does it try to send it back out? If so you are causing back scatter. Recipient filtering is only effective at the gateway.

If the telnet test doesn't give the right results then I would have to suspect that the change isn't being written to the IIS metabase correctly. As a test, if you enable it on the backend server, and telnet directly, does it work there?

Simon.
0
 

Author Comment

by:iameye
ID: 24300687
The anti-spam server opens up a connection to RAHU and asks it if the recipient is good or not. If it receives a 550 5.7.1 code, it stops - if it receives the accept, it goes through its paces (anti-virus, anti-spam, delay filter, dnsbl, etc..), then actually sends the message to RAHU if it passes the tests, otherwise it just deleltes the e-mail.

I enabled it on the back-end server KETU as you said, restarted the smtp default virtual server and telnet'd like you asked. Same exact issue. rpct to gives 550 5.7.1 for the one in the list and 250.2.1.5 for ANY other address with the domain attached to the name.

Prasad
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 50 total points
ID: 24303621
That would tend to point to the setting not being seen from Exchange.
Deselect the option in Global Settings and then restart System Attendant on all servers. Then enable the Recipient Filtering option in Exchange again.

Simon.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:iameye
ID: 24310784
Will try this out tomorrow night.

Prasad
0
 

Author Comment

by:iameye
ID: 24318931
Did not work. Checked all the settings. Everytihing is working fine except for the active directory lookup of recipients - again, if I put in an address manually to filter, it does that with no issue - so the setting is working, but just not completely. Neither Exchange server is a domain server, but has contact with the main domain server (global catalog server) on the same subnet. I have no issues using Active Directory tools from the server, so it is able to read my domain active directory. I also read that the recipient filter must be applied on the bridgehead server in the connector that I am using in order for it to work - RAHU is the bridgehead server and, as mentioned, that is where it is applied on its default smtp server. Also tried completely restarting the servers after changes.

Should I try stopping the default smtp and creating a new smtp on RAHU to see if that works?

Prasad
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24319228
Recipient filtering the list is done in a different way to filtering for unknown recipients. Therefore you will get a different response from memory.
I have never seen the feature fail, it is always just worked. It is very odd. I don't know what else to suggest.

Simon.
0
 

Author Comment

by:iameye
ID: 24321511
Okay, I figured it out!!!! Will enter everything here tomorrow.
0
 

Accepted Solution

by:
iameye earned 0 total points
ID: 24330972
Alright, realized that the Recipient Policies are tied in with this. Our default recipient policy did not have "This organization is responsible for all mail delivery to this address" checked. In fact, the checkbox was grayed out. We opted to not have dual domains so that is our inside and outside domain.

To get at the grayed out checkbox, I created a second smtp domain such as @temp.com and clicked on 'set as primary'. Now I went in to edit our actual domain and the checkbox was available, which I marked as checked ("This organization is responsible for all mail delivery to this address"). Then I set the actual domain and marked it as primary, then removed the temp.com smtp listing.

Everything worked perfectly after that, even without restarting anything!

Prasad
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question