Exchange 2007 - Recipient filtering not working

Hallo.
we have enabled recipient filtering for our organization as we are requested 
to reject with a SMTP connection error messages addressed to non existent 
recipients as follows:

EMC - Organization Configuration - Hub Transport - Anti-spam - Recipient 
Filtering enabled
Block messages sent to recipients not listed in the GAL

Still, if I telnet on port 25 I get a 250 2.1.5 Recipient OK message to a 
RCPT TO:non_existent_user@mydomain.com

We have 2 Exchange 2007 SP1 servers:
both are  HubTransport+ClientAccess+Mailbox+UnifiedMessaging
Exch1 is Windows Server 2003 Ent R2 SP2
Exch2 is Windows Server 2008 Ent SP2
GFI Mail Essentials for Exchange/SMTP is installed on both

Can you point to anything I could check?
Thank you for your help

MT



0
Utf
5/19/2010 3:09:01 PM
exchange.admin 57650 articles. 2 followers. Follow

6 Replies
1034 Views

Similar Articles

[PageSpeed] 52

On Wed, 19 May 2010 08:09:01 -0700, MM <MM@discussions.microsoft.com>
wrote:

>Hallo.
>we have enabled recipient filtering for our organization as we are requested 
>to reject with a SMTP connection error messages addressed to non existent 
>recipients as follows:
>
>EMC - Organization Configuration - Hub Transport - Anti-spam - Recipient 
>Filtering enabled
>Block messages sent to recipients not listed in the GAL
>
>Still, if I telnet on port 25 I get a 250 2.1.5 Recipient OK message to a 
>RCPT TO:non_existent_user@mydomain.com
>
>We have 2 Exchange 2007 SP1 servers:
>both are  HubTransport+ClientAccess+Mailbox+UnifiedMessaging
>Exch1 is Windows Server 2003 Ent R2 SP2
>Exch2 is Windows Server 2008 Ent SP2
>GFI Mail Essentials for Exchange/SMTP is installed on both
>
>Can you point to anything I could check?

What are the permissions on the receive connectors? If you've use the
"Externally Secured" permission then it bypasses all anti-spam
checking.
---
Rich Matheisen
MCSE+I, Exchange MVP
0
Rich
5/19/2010 9:57:47 PM
Thank you.
On the receive connectors "Externally secured" is not selected.

I've also tried to add a blocked recipient address directly to the list but 
I get the same behaviour and messages are delivered regularly, so I don't 
even think the problem is in accessing the GAL.



"Rich Matheisen [MVP]" wrote:

> On Wed, 19 May 2010 08:09:01 -0700, MM <MM@discussions.microsoft.com>
> wrote:
> 
> >Hallo.
> >we have enabled recipient filtering for our organization as we are requested 
> >to reject with a SMTP connection error messages addressed to non existent 
> >recipients as follows:
> >
> >EMC - Organization Configuration - Hub Transport - Anti-spam - Recipient 
> >Filtering enabled
> >Block messages sent to recipients not listed in the GAL
> >
> >Still, if I telnet on port 25 I get a 250 2.1.5 Recipient OK message to a 
> >RCPT TO:non_existent_user@mydomain.com
> >
> >We have 2 Exchange 2007 SP1 servers:
> >both are  HubTransport+ClientAccess+Mailbox+UnifiedMessaging
> >Exch1 is Windows Server 2003 Ent R2 SP2
> >Exch2 is Windows Server 2008 Ent SP2
> >GFI Mail Essentials for Exchange/SMTP is installed on both
> >
> >Can you point to anything I could check?
> 
> What are the permissions on the receive connectors? If you've use the
> "Externally Secured" permission then it bypasses all anti-spam
> checking.
> ---
> Rich Matheisen
> MCSE+I, Exchange MVP
> .
> 
0
Utf
5/19/2010 11:04:01 PM
On Wed, 19 May 2010 16:04:01 -0700, MM <MM@discussions.microsoft.com>
wrote:

>Thank you.
>On the receive connectors "Externally secured" is not selected.
>
>I've also tried to add a blocked recipient address directly to the list but 
>I get the same behaviour and messages are delivered regularly, so I don't 
>even think the problem is in accessing the GAL.


"GFI Mail Essentials for Exchange/SMTP is installed on both"

Shouldn't your spam filter be rejecting those messages?

If that spam filter receives the messages and then sends the message
(with SMTP) to Exchange, then Echange probaby has been instructed to
consider that sending software's IP address as an internal address (or
maybe the sapm filter is usinag an authenticated connection to send
the mail to Exchange).
---
Rich Matheisen
MCSE+I, Exchange MVP
0
Rich
5/20/2010 2:16:24 AM
"Rich Matheisen [MVP]" wrote:

> On Wed, 19 May 2010 16:04:01 -0700, MM <MM@discussions.microsoft.com>
> wrote:

> 
> "GFI Mail Essentials for Exchange/SMTP is installed on both"
> 
> Shouldn't your spam filter be rejecting those messages?
> 
> If that spam filter receives the messages and then sends the message
> (with SMTP) to Exchange, then Echange probaby has been instructed to
> consider that sending software's IP address as an internal address (or
> maybe the sapm filter is usinag an authenticated connection to send
> the mail to Exchange).
> ---
> Rich Matheisen
> MCSE+I, Exchange MVP
> .
> 

Thank you again.
Actually GFI is configured to perform Directory Harvest filtering not at the 
SMTP level. Exchange should be doing Recipient filtering before GFI gets the 
mail.
(http://kbase.gfi.com/showarticle.asp?id=KBID003427)

To be sure they're not conflicting I disabled GFI DH filter, but I still get 
a Recipient OK reply instead of the SMTP connection error.

Our organization is expressly required to send a SMTP connection error on 
RCPT TO:non-existent, that's why I'm trying to make Exchange Recipient 
filtering work. 

From what I've seen GFI would block an email for all recipients when the 
configured non-existent-users threshold is reached: setting the threshold to 
1 would be too restrictive and >1 doesn't fulfill our requirement, so I'm 
afraid we can'use this option.

Sicerely 
MM


0
Utf
5/20/2010 11:31:01 AM
On Thu, 20 May 2010 04:31:01 -0700, MM <MM@discussions.microsoft.com>
wrote:

					[ snip ]

>Actually GFI is configured to perform Directory Harvest filtering not at the 
>SMTP level. Exchange should be doing Recipient filtering before GFI gets the 
>mail.
>(http://kbase.gfi.com/showarticle.asp?id=KBID003427)
>
>To be sure they're not conflicting I disabled GFI DH filter, but I still get 
>a Recipient OK reply instead of the SMTP connection error.
>
>Our organization is expressly required to send a SMTP connection error on 
>RCPT TO:non-existent, that's why I'm trying to make Exchange Recipient 
>filtering work. 
>
>From what I've seen GFI would block an email for all recipients when the 
>configured non-existent-users threshold is reached: setting the threshold to 
>1 would be too restrictive and >1 doesn't fulfill our requirement, so I'm 
>afraid we can'use this option.

Does get-transportagent show the "Recipient Filtering Agent" to be
enabled? And at which position in the array of agents is the recipient
filtering agent? Are there multiple agents doing the same job (e.g.
ForeFront Protection Manager)?

Check the "message delivery" tab on the "Transport Settings" property
page. You'll find that on the "Global Settings" tab of the "Hub
Transport" node in the "Organization Configuration" of the EMC. Or you
can just run "get-transportconfig | fl InternalSMTPServers".

Have you checked the SMTP Receive log on the server? Are the IP
addresses of the sending servers in the "InternalSMTPServers" set of
addresses?
---
Rich Matheisen
MCSE+I, Exchange MVP
0
Rich
5/20/2010 9:20:07 PM
Thank you for your helpful information.

IT management has decided for an antivirus and antispam software upgrade + 
Exchange SP2 installation, so we have suspended testing on recipient 
filtering until the above are ok.

I'll bring you up to date as soon as I can work on the configuration.

Thank you
MM


0
Utf
6/3/2010 8:33:16 AM
Reply:

Similar Artilces:

Front End Exchange 2003 OWA for a Back end 2000
Hey everybody, At the minute we're in the process of upgrading our 30 odd servers to Windows Server 2003. The Domain Controllers are still running Windows 2000. My question is : Can I install an Exchange 2003 OWA on a Windows Server 2003 to connect to an Exchange 2000 Server in a Windows 2000 Domain (Native Mode) Do I have to upgrade the whole domain first ? What about notions of Front End / Back End ? We would like to do this to benefit from the new OWA (As it's sooooo cool :)) Thanks for your replies, Mike You can use an E2K3 FE to connecto to an E2K BE, but you only get OW...

Publisher file made in Publisher 2007 won't open in 2007
I produced an 8.5 x 11 brochure two days ago in Publisher 2007. I was able to save, resave and reopen the file many times during the day. When I tried to open the file today, I get the "Publisher cannot open the file" error message. I've tried to open the file on two different machines with Publisher 2007 and get the error message both time. One has XP Pro, the other has Visa Home Basic. It's a 1.6 meg file. I have a smaller publisher file of a bumper sticker (40 kb) which was made a couple of weeks ago which opens with no problem. This is the second time I ha...

Microsoft Money 2007 Deluxe Canadian version?
I have been looking for Microsoft Money 2007 Deluxe Canadian version and I cannot find it. Where can I get one? There isn't one. See http://money.mvps.org/faq/article/422.aspx -- Regards Bob Peel, Microsoft MVP - Money For UK tips & fixes see http://support.microsoft.com/default.aspx?scid=fh;EN-GB;mny. I do not respond to any emails that I have not specifically asked for. "masai" <masai_chadi@hotmail.com> wrote in message news:op.tm81u5pvdvcnul@dikutoto.gv.shawcable.net... >I have been looking for Microsoft Money 2007 Deluxe Canadian version and I >ca...

does vista installed on virtual machine 2007 get wsus updates ?
It is searching for updates but it is not finding anything and saying that Windows is up to date. I have set the updates to install from the wsus server and assigned the updates to the same Vista virtual machine .. Thank you -- aconti ------------------------------------------------------------------------ aconti's Profile: http://forums.techarena.in/members/73272.htm View this thread: http://forums.techarena.in/active-directory/1290161.htm http://forums.techarena.in Hello aconti, If the machine is getting the correct GPO for the WSUS settings, check with rsop...

Office 2007 trial is very slow. Is this because it's a trial
I just started using the trial version of Office 2007. It takes forever for it to open on my computer but Office 2003 opens just fine. Is this just because it's a trial or is it naturally slow because of the additional features? It's likely due to the expanded feature set and increased hardware requirement over Office 2003. rtappan wrote: > I just started using the trial version of Office 2007. It takes forever for > it to open on my computer but Office 2003 opens just fine. Is this just > because it's a trial or is it naturally slow because of the ad...

Can't edit print styles in Outlook 2007
Weekly calendar view to print - Define print Styles - Edit "CANNOT DISPLAY THE DIALOG BOX" I'm using trial version - shouldn't be the case???? thks I'm having the same problem where I cant edit the print syles ... please let me know what ou find out. I think being able adjust the format and print the calendar is important, as I usually print my calendar. EggHeadCafe.com - .NET Developer Portal of Choice http://www.eggheadcafe.com Nate This is an Excel newsgroup. I would suggest posting this to an Outlook one -- HTH Nick Hodge Microsoft MVP - Excel Southampton...

Installed Second Exchange 2007SP1
I have ABC domain with two Sites STL and GVL. I had my exchange server 2007SP1 installed in STL. Now GVL installed a Exchange 2007SP1 server. All looks good but I get the following error message from time to time in the EMC on my Server in STL. There is a Firewall between us should there be some ports open for them to communicate. Thanks for your help! -------------------------------------------------------- Microsoft Exchange Error -------------------------------------------------------- The following error(s) were reported while loading topology information: Get-ActiveSync...

Exchange 2003 on a Domain Controller.
Hi All, I have a WinNT/Ex5.5 to AD 2000/03 and Ex2k3 migration to do. The client is a small company with only about 15 users. The are a network solutions company that needs flexibility so SBS is out of the question. My initial thought was to have 2 Win2k domain controllers/file servers and one Win2k3 member server running Ex2k3. They only have 2 Win2k server licenses and 1 Win2k3 server license. The problem is that they want to be able to use RPC over HTTPs. I understand that requires a 2003 Global Catalogue server. So, my plan of the 2000 DCs doesn't work. My question is:...

Default Exchange Receive Connector
Hi all, I just installed Exchange 2007. There were two receive connectors already setup during install, I have a question on the "Default Exchange Receive Connector." If I want public mail servers to be able to send mail to my exchange server, do I need to enable "Anonymous Users" on the "Permissions Group Tab" of that connector? Robert Exchange Server 2007: internet email without Edge servers http://exchangepedia.com/blog/2006/07/exchange-server-2007-internet-email.html -- Bharat Suneja MVP - Exchange www.zenprise.com NEW blog location: exchangepedia....

iPhone Email to Entourage Using Exchange
Version: 2008 Operating System: Mac OS X 10.5 (Leopard) Processor: Intel When I answer an email on my iPhone, it does not register it in Entourage as answered. This function worked fine until the business I work for put everyone on Exchange. Is there a setting for this that I can change? <br><br>Thanks! ...

Office 2007 SP2
Has anyone else lost the little check box which is usually found next to each task in the task list in Outlook today? I'm assuming it's a bug? C. "Carmen Gauvin-O'Donnell" <seegod1@cogeco.ca> wrote in message news:ejYOAzcyJHA.4632@TK2MSFTNGP02.phx.gbl... > Has anyone else lost the little check box which is usually found next to > each task in the task list in Outlook today? I'm assuming it's a bug? > Nope - still there... -- Asking a question? Please tell us the version of the application you are asking about, your OS, Service Pack level...

Changing Interface OWA (exchange 2003)
Not sure if you all remember but back in the Exchange 5.5 days we use to be able to go onto a site and put in the username of the person mailbox you want to access, then a windows pop up would come up asking you for your credentials. I was wondering if that is still possible to do that in Exchange 2003? If so how can that be done? Configure Forms-Based Authentication (FBA). -- Ed Crowley MVP - Exchange "Protecting the world from PSTs and brick backups!" "John" <nospam@comcast.net> wrote in message news:evIllMndHHA.596@TK2MSFTNGP06.phx.gbl... > Not sure...

z-order of various lines and bars in an Excel 2007 chart
What is the procedure for changing the z-order of various lines and bars in an Excel 2007 chart, such as drop lines, high-low lines, up/ down bars, and error bars? I observed that when I add drop lines to an Excel 2007 chart, they appear in front of the underlying data -- in my case, the underlying data is displayed as a plotted area. I want the plotted area to be fully visible with no lines over it. I would like to send the drop lines to the back and keep the plotted area in the front, but there is no option to do this. So, is there a procedure for adjusting the z-order of drop...

Cannot reinstall Exchange 5.5 on Small Business Server 4.5
Our Small Business Server 4.5 crashed yesterday and could only be started by doing a repair of Windows NT. Unfortunately, this left the Small Business Server programs partially installed. Now, Exchange will not start. It has the message "A connection could not be made to the Microsoft Exchange Server". I tried to reinstall Exchange, but get the message "This component is already installed and cannot be modified". Microsoft Exchange does not appear under Add/Remove Programs, so I cannot uninstall it either. Any suggestions would be greatly appreciated. Deborah obxgi...

DLookup not working
My code is If DLookup("Mechanic", "PartSuffixTbl", "Mechanic = " & CLng(MechanicList.Column(0)) & "") = MechanicList.Value Then MechanicList.SetFocus MechanicBox.Value = "" MessageBox = "This Mechanic cannot be modified because" MessageBox2 = "there are Wheels assigned to it" Me.refresh This is to look in the Mechanic column of PartSuffixTbl and if the MechanicList.Value is found, the following code takes place. I have and else also but the problem is...

toggling between open work books
Re EXCEL97 under WinXP-Pro w/SR-2 Microsoft Windows allows you to easily toggle between applications using Alt-Tab. Is there a similar key board to toggle between two open workbooks in Excel? One can use Alt-W to display list of open workbooks, but you can�t just blinding hit the up or down arrow, because the most recently accessed workbook is not always at the top or bottom. I realize that I could get around the problem of opening two copies of Excel and then toggling using the Alt-Tab keys, but typically I�ve got two workbooks open in one copy of Excel before I realize I need the f...

Clip art works on first try from web then doens't.
Alright I am back. I got something to come up for the web collections clip art now but it seems to only work the first time I do a search right after I open the program, after that I either get a bunch of picture symbols with the little globe in the corner or I get nothing. This clip art thing is really driving me crazy. Anybody know what is up? ridergroov <ridergroov1@comcast.net> was very recently heard to utter: > Alright I am back. I got something to come up for the web collections > clip art now but it seems to only work the first time I do a search > right after I ope...

SP2 Exchange default disclaimer
Hello: I am currently using free GFI tool to provide a default disclaimer on outgoing SMTP email. I was wondering if SP2 will provide this feature on Standard Exchange 2003 server. Thanks, Cindy I'm running the CTP of Exchange 2003 SP2 and haven't seen that as a feature. "Cindy" <Cindy@discussions.microsoft.com> wrote in message news:A2D2E367-BEB9-49BF-98D3-5C1AE2D08B03@microsoft.com... > Hello: > I am currently using free GFI tool to provide a default disclaimer on > outgoing SMTP email. I was wondering if SP2 will provide this feature on > Standar...

Store limit in Exchange
I'm currently researching the migration of my organization's mail system to Exchange and see that the standard edition of Exchange has a data store limit of 16GB. If we were to do a front end, back end setup with two server and the back end server that has the data store were to reach the 16GB limit would adding another back end server resolve this? I read in another post that this would double the space. But doing this the users that are currently create would have to be split up and some moved to the new data store server correct? Also since the Enterprise edition allows m...

Password not working
HI, I have been using my default folder set with a password for many years. Of late, i realised that I am not being asked for the password even when I restart the system. When I reset the password, my old password is being required for that. But again when I open Outlook, I am not being asked for the password. What could be the problem be? I recently installed YahooPop to have POP access to my Yahoo account. Could that be a possible reason for this? Thanks for any help. Regarsd Ramesh ...

Work spreadsheet issue
If I have multiple rows of data on a worksheet and on another worksheet I want various counts of rows that have certain things in common, how would I do that? Thanks. -- jenrenea ------------------------------------------------------------------------ jenrenea's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=23098 View this thread: http://www.excelforum.com/showthread.php?threadid=373900 Can you provide a sample of your data along with your expected results? -- Domenic ------------------------------------------------------------------------ Domenic's...

Exchange 2003 environment
Hello, I have one Windows 2000 server as a domain controller running Exchange 2000. Is it possible to do an upgrade of exchange only to Exchange 2003 but leave Windows on 2000? or will I need to upgrade windows to 2003 as well? From what I have read it looks as if Exchange 2003 will run in a Windows 2000 domain but I just want word from someone who has some experience. Thanks, Chris DeFreitas Yes you can upgrade to Exchange 2003 without upgrading to Windows 2003 -- Mark Fugatt Exchange MVP http://www.exchangetrainer.com http://www.msexchange.org "Chris DeFreitas" <chris@N...

Outlook xp Offline folders vs O2k3 Cached Exchange mode
I recently upgraded a group of executives from Outlook XP to Outlook 2003. I used the "upgrade" option. I also installed O2K3 SP1. They all have laptops and use offline folders. Several have had various offline folder issues since the upgrade. Is there something I need to configure in order for them to continue to use their offline folders? or Does Cached Exchange mode replace Offline folders? Are there known issues with the upgrade and offline folders? I'm not sure what to look for. Thanks in advance for your time! techguyasap <anonymous@discussions.microsoft.com&g...

Outlook 2007: is there a way to use it as a Diary
I'd like to keep a daily journal of important notes, etc. In other words , I would like to keep a Diary. Does Outlook 2007 have this capability? TIA Sure - Ctrl+8 to view the journal or you can create a Mail and Post folder type and post to it. -- Diane Poremsky [MVP - Outlook] Outlook Tips: http://www.outlook-tips.net/ Outlook & Exchange Solutions Center: http://www.slipstick.com/ Outlook Tips by email: mailto:dailytips-subscribe-request@lists.outlooktips.net EMO - a weekly newsletter about Outlook and Exchange: mailto:EMO-NEWSLETTER-SUBSCRIBE-REQUEST@PEACH...

Upgrade Path from DPM 2007 to DPM 2010
Is there going to be an upgrade path from DPM 2007 to 2010? Yes. Look at the following DPM 2010 documentation: https://connect.microsoft.com/Downloads/DownloadDetails.aspx?SiteID=840&DownloadID=22070 "DPM supports upgrading from DPM 2007 SP1 on a Windows Server 2008 x64-bit operating system to DPM 2010. If DPM 2007 SP1 is installed on a Windows Server 2003 x64-bit operating system, you must upgrade to Windows Server 2008 before upgrading to DPM 2010". Also, here are my notes on DPM 2007 to DPM 2010 upgrade: http://santhoshsivarajan.blogspot.com/2009/09/dpm-2007-t...