A regularly configured Exchange server should automatically reject messages to non-existent email addresses.
However, an incorrectly configured server may also accept messages to non-existent users, because Exchange first accepts the incoming message and only then decides whether to reject or accept it. If the message is rejected, the Exchange creates its own non-deliverability report and attempts to return it to the sender. This unnecessarily consumes resources, which can be avoided with the following measures. The following changes allow EuropeanMX to perform a recipient callout on your mail server to verify that a recipient is actually existing. Messages to non-existent recipients will be automatically rejected by EuropeanMX.
No changes are necessary for Exchange 2003. Recipients should be easily verified and incoming messages delivered.
Recipient verification can be easily enabled or disabled from the Exchange 2007 management console or from the management shell.
Set-RecipientFilterConfig -Enabled $true
Set-RecipientFilterConfig -Enabled $false
Recipient verification can be easily enabled or disabled from the Exchange management console or from the management shell. First, make sure that you are not using the Edge Transport Server standalone installation, which does not have anti-spam functionality installed. In order to enable it, please use the knowledgebase article from Microsoft (https://docs.microsoft.com/en-us/previous-versions/office/exchange-server-2010/bb201691(v=exchg.141)).
Set-SenderFilterConfig -Enabled $true
Set-SenderFilterConfig -Enabled $false
For more information, please visit the Microsoft's Knowledgebase for Exchange 2010 (https://docs.microsoft.com/en-us/previous-versions/office/exchange-server-2010/bb124087(v=exchg.141)).
For Exchange 2013, Microsoft has changed the way Recipient Callouts are handled. DATA checks are now performed, which means that the server returns the status "250 OK" for messages to invalid recipients, even if recipient validation is enabled, and thus does not give us the opportunity to check a recipient address for validity.
However, this behavior can be prevented with the following workaround. By default, a second port (2525) is opened when installing Exchange 2013. If you now enable the "Anonymous Users" option on the default hub transport, it is possible to use port 2525 for a proper recipient validation.
Please note that this setup has only been verified in a closed test environment and may need to be tested before use in a Live Setup.
Get-TransportAgent
& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1
& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1
Get-AcceptedDomain | Format-List Name,AddressBookEnabled
Set-AcceptedDomain example.com -AddressBookEnabled $true
Set-RecipientFilterConfig -RecipientValidationEnabled $true
HELO example.com
MAIL From:
RCPT To:
In order to set up recipient validation in Office 365, Exchange Online Protection must be enabled on the server and you must have a global administrator or an Exchange Company administrator account.
The Directory Based Edge Blocking (DBEB) feature of Office365 allows you to reject messages to non-existent recipients. To enable the feature, please follow these steps:
EAC > Mail Flow > Accepted Domains
, then clicking on "Edit" and then checking that the domain type is set to "Internal Relay". If not, change the option and save the change.EAC > Mail Flow > Accepted Domains
and set it to "Authoritative". After clicking "Save", please confirm that you want to use "Directory Based Edge Blocking".For more information, please visit the knowledgebase article from Microsoft (https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/use-directory-based-edge-blocking)