Exchange 2013 and 2016 can be configured for recipient address lookup (Callout), allowing to reject any invalid recipient addresses.
Exchange does not natively reject invalid addresses during the SMTP connection. This can cause problems for MailCleaner customers who select the SMTP Callout option.
However, Exchange 2013 and 2016 can be configured to reject invalid addresses, resulting in a “550 5.5.1 User unknown” error. MailCleaner, in turn, can bounce these messages. This will protect the infrastructure against Denial of Services and the user count will reflect only valid addresses in the system. To configure this ability on the Exchange server, follow the directions below.
The first step is to verify that the Anti-spam feature is activated. It is done through the Exchange Management Shell.
Get-transportAgent
The “Recipient Filter Agent” is missing and need to be added and activate like this (from Setup CD):
& $Env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1 Enable-TransportAgent "Recipient Filter Agent" Get-transportAgent
Now a restart of the Exchange Transport is needed:
Restart-Service MSExchangeTransport
To verify that the accepted domains use the AddressBook to verify existing recipients. It is normally the default when an Exchange has been defined as mail server authority for one domain. To verify that, just type the following command:
Get-AcceptedDomain | Format-List Name, AddressBookEnable
And verify if the list of all domains appears. To enable for all domains (caution, make sure you are not relaying any domains before running this):
EXCH2013: Get-AcceptedDomain | Set-AcceptedDomain -AddressBookEnabled $true EXCH2016: Get-AcceptedDomain | ? {$_.AddressBookEnabled -ne "True"} | Set-AcceptedDomain -AddressBookEnabled $true
Now a restart of the Exchange Transport is needed:
Restart-Service MSExchangeTransport
Now it probably does not work because the validation is not activated. Type the following command to verify:
Get-RecipientFilterConfig | FL Enabled,RecipientValidationEnabled
If the recipient Filter is enabled (True), but the validation is not (False), then activate it with the following command:
Set-RecipientFilterConfig –RecipientValidationEnabled $true
Then verify again that all is activated by typing:
Get-RecipientFilterConfig | FL Enabled,RecipientValidationEnabled
It is important to deactivate the filtering for the incoming mails on the Exchange if not already done!
To verify what is activated:
Get-ContentFilterConfig | Format-List
Now with the following command, the filtering for the incoming email can be deactivated:
Set-ContentFilterConfig -ExternalMailEnabled $false
Disable now all other unnecessary (and bad) filter - accepty with (Y)es if needed:
Set-SenderFilterConfig -Enabled $false Disable-TransportAgent "Sender Filter Agent" Set-SenderIDConfig -Enabled $false Disable-TransportAgent "Sender ID Agent" Set-ContentFilterConfig -Enabled $false Disable-TransportAgent "Content Filter Agent" Set-SenderReputationConfig -Enabled $false Disable-TransportAgent "Protocol Analysis Agent" Restart-Service MSExchangeTransport
Get-TransportAgent
Well it’s done !!
It is now possible to manually test the Callout through the MailCleaner Admin Interface, in the domain configuration Panel and under “Address verification”.
|