Exchange 2013. Forward unknown recipients to another smtp server

We have email users on two sites (same email domain) and are migrating to Exchange from Altn MDaemon. Currently the main site MDaemon receives external mail and forwards to the remote MDaemon (it knows who is a user at the remote site) or main site Exchange for anyone else. All main site users are now using Exchange so I wish to turn off the main site MDaemon, as it is not required, and have main site Excahgne receive external mail.

How do I configure Exchange to forward unknown users to the remote site MDaemon?

Is it possible to configure a list of accepted users to forward (the are only twelve users in the remote office) and treat the remainder as SPAM?

This will only be a temporary arrangement until the remote office is moved to Exchange.

jostickIT DirectorAsked:
Who is Participating?
MarkMichaelConnect With a Mentor Commented:
You just need to change your Accepted domain to an Internal Relay instead of Authorartive.

Then setup another send connector to send to the server as a smarthost for your domain.

This works in terms of... if a user is not located in the Exchange organization, only then will it forward it on.
jostickIT DirectorAuthor Commented:
In case of completely unknown users, how does a non delivery report work in this situation? It can't come from the main site Exchange, so does the remote site server send it direct to the original sender?
This is one of the flaws, there are no NDRs generated using this method.

This has been acceptable for the clients I've dealt with for this temporary fix.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

jostickIT DirectorAuthor Commented:
For the future though, would NDRs work if we had two Exchange servers?
Jamie McKillopIT ManagerCommented:

I have to disagree. There would be NDRs generated. If the MDaemon server doesn't do recipient checking, it would accept all messages from the Exchange server then send an NDR back to the original sender. If the MDaemon server does recipient checking, the NDR would be generated by the Exchange server and sent back to the original sender.

Now, that said, it is likely that the original sender's mail gateway will block the NDR, thinking it is backscatter SPAM. Ideally, NDRs should be generated by the sending server itself after the receiving server does a recipient check and rejects the email because the recipient doesn't exist.


I've not come across that particular scenario. I've forwarded on emails to unresolved recipients and have never seen an NDR being delivered. I do stick to setting up the my Messaging platforms up the same was as often as possible.

Are you saying the server we forward on to, generates the NDR to the sender?

To be fair, when I normally relay to a recipient server, it is out of my control.. they may have always had NDRs disabled perhaps?
Jamie McKillopConnect With a Mentor IT ManagerCommented:
Unless the server has NDRs disabled, it will always generate one. Again, the server that generates the NDR depends on whether or not recipient filtering is enabled. To simplify things, let's just look at two servers (sender and receiver) and forget about the forwarding. If the sending server had recipient filtering enabled, when the sending server issues the "rcpt to" command and enters an invalid address, the recipient server will respond with a 5.1.x code and close the connection. The sending server will then generate an NDR from this code and send that NDR to the sender.

If the receiving server doesn't have recipient filtering enabled, it will accept any address for one of its domains and will complete the message transfer. When the recipient server then runs the message through its resolver, it will find the address doesn't exist and will generate a 5.1.x NDR back to the sender.

A common spamming tactic is to find a server that isn't doing recipient filtering and send spam messages to invalid addresses but with valid return address, which are the intended target of the spam. The server will then accept the message and then generate an NDR, with spam message, back to the intended target. For this reason a lot of email gateways are configured to just drop NDRs, which is possibly why you haven't seen NDRs generated in your experience.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.