Open the Exchange Management Shell on the Exchange Server. and enter the command:
Get-TransportAgent
Check for 'Recipient Filter Agent' to see if it is enabled, if not install this feature:
& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1 Restart-Service MSExchangeTransport
To enable the feature, run:
Enable-TransportAgent "Recipient Filter Agent"
To verify that the accepted domains use the AddressBook to verify existing recipients. It is normally the default when an Exchange has been defined as mail server authority for one domain. To verify that, just type the following command:
Get-AcceptedDomain | Format-List Name, AddressBookEnable
And verify if the list of all domains appears. To enable for all domains (caution, make sure you are not relaying any domains before running this):
Get-AcceptedDomain | ? {$_.AddressBookEnabled -ne "True"} | Set-AcceptedDomain -AddressBookEnabled $true
Enable the recipient filter:
Set-RecipientFilterConfig -RecipientValidationEnabled $true
Verify if the list of all domains appears. To enable for all domains (caution, make sure you are not relaying any domains before running this):
Get-AcceptedDomain | ? {$_.AddressBookEnabled -ne "True"} | Set-AcceptedDomain -AddressBookEnabled $true
Restart-Service MSExchangeTransport
Enable validation with the following command:
Set-RecipientFilterConfig –RecipientValidationEnabled $true
It is important to deactivate the filtering for the incoming mails on the Exchange if not already done! To verify what is activated:
Get-ContentFilterConfig | Format-List
Now with the following command, the filtering for the incoming email can be deactivated:
Set-ContentFilterConfig -ExternalMailEnabled $false
Disable now all other unnecessary (and bad) filter - accepty with (Y)es if needed:
Set-SenderFilterConfig -Enabled $false
Disable-TransportAgent "Sender Filter Agent"
Set-SenderIDConfig -Enabled $false
Disable-TransportAgent "Sender ID Agent"
Set-ContentFilterConfig -Enabled $false
Disable-TransportAgent "Content Filter Agent"
Set-SenderReputationConfig -Enabled $false
Disable-TransportAgent "Protocol Analysis Agent"
Restart-Service MSExchangeTransport
Verify again:
Get-TransportAgent
Now configure the Hub Transport receive connector to receive filtered email, and correctly validate users addresses issue the command:
Get-ReceiveConnector | fl name,bindings
Note the name of the connector with binding ending :2525 (listening on connections from port 2525).
Set the receive connector to accept unauthenticated SMTP connections using command:
Set-ReceiveConnector -identity 'connector name from above' -PermissionGroups 'AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers'
Restart-Service MSExchangeTransport Set-RecipientFilterConfig -RecipientValidationEnabled $true
Open now port 2525/tcp incomming on the Exchange Server firewall.
Open port 25/tcp icomming on the hardware firewall and redirect to the exchange server, limit access to the IP address of our Mailgateway only (see below).
Open port 2525/tcp incomming on the hardware firewall and redirect to the exchange server, limit access to the IP address of our Mailgateway only (see below).
IP addresses of our Mailgateway servers: 82.197.176.89 and 62.2.175.82