Exchange 2013 and 2016 Setup
Gepostet von Support it factory ag an 07 January 2017 10:11 PM

Exchange 2013 and 2016 can be configured for recipient address lookup (Callout), allowing to reject any invalid recipient addresses.

Exchange does not natively reject invalid addresses during the SMTP connection. This can cause problems for MailCleaner customers who select the SMTP Callout option.

However, Exchange 2013 and 2016 can be configured to reject invalid addresses, resulting in a “550 5.5.1 User unknown” error. MailCleaner, in turn, can bounce these messages. This will protect the infrastructure against Denial of Services and the user count will reflect only valid addresses in the system. To configure this ability on the Exchange server, follow the directions below.

The first step is to verify that the Anti-spam feature is activated. It is done through the Exchange Management Shell.


The “Recipient Filter Agent” is missing and need to be added and activate like this (from Setup CD):

& $Env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1
Enable-TransportAgent "Recipient Filter Agent"

Now a restart of the Exchange Transport is needed:

Restart-Service MSExchangeTransport

To verify that the accepted domains use the AddressBook to verify existing recipients. It is normally the default when an Exchange has been defined as mail server authority for one domain. To verify that, just type the following command:

Get-AcceptedDomain | Format-List Name, AddressBookEnable

And verify if the list of all domains appears. To enable for all domains (caution, make sure you are not relaying any domains before running this):

EXCH2013: Get-AcceptedDomain | Set-AcceptedDomain -AddressBookEnabled $true
EXCH2016: Get-AcceptedDomain | ? {$_.AddressBookEnabled -ne "True"} | Set-AcceptedDomain -AddressBookEnabled $true

Now a restart of the Exchange Transport is needed:

Restart-Service MSExchangeTransport

Now it probably does not work because the validation is not activated. Type the following command to verify:

Get-RecipientFilterConfig | FL Enabled,RecipientValidationEnabled

If the recipient Filter is enabled (True), but the validation is not (False), then activate it with the following command:

Set-RecipientFilterConfig –RecipientValidationEnabled $true

Then verify again that all is activated by typing:

Get-RecipientFilterConfig | FL Enabled,RecipientValidationEnabled

It is important to deactivate the filtering for the incoming mails on the Exchange if not already done!

To verify what is activated:

Get-ContentFilterConfig | Format-List

Now with the following command, the filtering for the incoming email can be deactivated:

Set-ContentFilterConfig -ExternalMailEnabled $false

Disable now all other unnecessary (and bad) filter - accepty with (Y)es if needed:

Set-SenderFilterConfig -Enabled $false
Disable-TransportAgent "Sender Filter Agent"
Set-SenderIDConfig -Enabled $false
Disable-TransportAgent "Sender ID Agent"
Set-ContentFilterConfig -Enabled $false
Disable-TransportAgent "Content Filter Agent"
Set-SenderReputationConfig -Enabled $false
Disable-TransportAgent "Protocol Analysis Agent"
Restart-Service MSExchangeTransport


Well it’s done !!

It is now possible to manually test the Callout through the MailCleaner Admin Interface, in the domain configuration Panel and under “Address verification”.

Kommentare (0)