Disabled e-mail account still receiving e-mail?

bbiit used Ask the Experts™
Greetings. I am running SBS2003 and Exchange 2003 with XP machines. We have an employee who has left the company. I have set up the boss' e-mail so he can open her mailbox and view her folders. She gets a lot of spam. Anyway, the boss asked me if we could stop the flow of e-mail, but not delete the mailbox (so he can still view her folders) I disabled the account, but there is still spam coming in. Any idea if I can "suspend" the account so it can still be viewed, but also stop the flow of new e-mails? Thank you.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Try deleting the SMTP email address on the account.



I'm sorry, but I'm pretty green about all this stuff. Could you be more specific. Thanks for the response.

Open the users properties in Active Directory, click the e-mail addresses tab, in there delete her SMTP email address (it will be in bold). Test that out.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

log into the sbs2003 server, go to administrator tools, active directory users and computers.  search for the user account in question, go to EMAIL ADDRESSES TAB,  and delete all entries with smtp in from of them
Lead Technical Consultant
To force a disabled account to stop receiving emails and instead, generate a Non-Delivery Receipt (NDR)to the sender, take the following actions:

Option 1:

Set Delivery Restrictions to only allow certain users to send messages to the disabled account.

Open Active Directory Users and Computers and navigate to the disabled account object.  
Right click on the account object and select Properties.
Click on the Exchange General tab and then click on the Delivery Restrictions button.  
On the Delivery Restrictions property window, select "Only From" under "Message Restrictions" and do either of the following:

Add the user account itself to this list.
Create a dummy account that no one will use and add it to the list.
Wait for AD Replication or Force AD Replication. Test sending mail to disbled user, you should get NDR as expected.

Logic here: Messages will be received on this account "ONLY FROM" the dummy account/the user itself.  Everyone else will receive an NDR as expected, though the actual NDR that is generated will be one for delivery restrictions (i.e. you don't have access to send to this person).

Option 2:

If Receiving message Size (Max) is set to Zero (0 KB), the sending user will get an NDR (Though the reason of NDR would be different).

To modify this option, go to the following location:
AD User properties=>Exchange General=> Delivery Restrictions=>Receiving Message Size=>Maximum KB = 0

Note: Options 1 and 2 should be able to be set in bulk by using either an import file (LDIFDE), or by using a tool such as ADModify, but they would need to be run each time another account is disabled.

Option 3:

If you set the size limit of mailbox as 0KB, you will receive an NDR (Though reason of NDR would be different)

To modify this option, go to AD User Properties=>Exchange General=> Storage limits=> Prohibit send and receive at (KB): 0

Note: Option 3 can be implemented using an Exchange System Policy.  Simply create a new System Policy, define the Send/Receive limits, and then apply that System Policy to a Mailbox Store. Once the account is disabled, you would simply move the mailbox to the Mailbox Store managed by the policy, and the Send/Receive limit will automatically be enforced.

If a System Policy is used, it may also be desirable to not send warning messages to those mailboxes. This can be accomplished using the same policy, and setting the warning message interval to custom, and deselecting all time periods.

Option 4:

Remove the SMTP addresses from the disabled account.  This will result in an NDR being generated as the destination address will not exist.

Note: The Primary SMTP Address for a user account *cannot* be removed by using Active Directory Users and Computers.  The interface will not allow it to be removed.  If you choose this option, you would have to use another editing tool, such as ADSIEdit (available in the Windows Support Tools), or perhaps something such as ADMofity.

While none of these workarounds provide the same exact functionality the existed prior to this change, they are nonetheless valid workarounds.  The third option appears to be the easiest to implement in my opinion, but in today's world, it is all about choice.


Perfect! Thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial