Setting up recipient filtering on Exchange 2013 and 2016 with EDGE

by Stephane

Recipient filtering on Microsoft Exchange 2013

This procedure describes how to set up recipient filtering on Microsoft Exchange 2013 and Exchange 2016 servers with an EDGE server. By default, recipient filtering on Exchange 2013-2016 is performed after DATA. If it is not performed at RCPT TO level, the function is not correctly configured. The benefits of this filtering are described in the article: Mail server configuration and recipient filtering.

> If you don’t have an EDGE server in front of your Microsoft Exchange 2013 or Exchange 2016 server, use the following procedure: https://www.altospam.com/actualite/2016/12/configuration-filtrage-destinataires-exchange-2013-2016-serveur-edge/

 

550 5.1.1 User unknown

Here’s the detailed procedure for modifying this behavior and ensuring that destination filtering is carried out after RCPT TO.

 

1) Install and activate the Antispam feature on Exchange

Get-TransportAgent

Must return “Recipient Filter Agent True”. If this is not the case, run the following commands:

& $env:ExchangeInstallPathScriptsInstall-AntiSpamAgents.ps1
Enable-TransportAgent "Recipient Filter Agent"
Restart-Service "MSExchangeTransport"

All other services can be disabled by executing the commands below:

Set-SenderFilterConfig -Enabled $false
Set-SenderIDConfig -Enabled $false
Set-ContentFilterConfig -Enabled $false
Set-SenderReputationConfig -Enabled $false

Then, one by one, the following commands:

Disable-TransportAgent "Sender Filter Agent"
Disable-TransportAgent "Sender ID Agent"
Disable-TransportAgent "Content Filter Agent"
Disable-TransportAgent "Protocol Analysis Agent"

The result of the “Get-TransportAgent” command will then be :



activer la fonctionnalité Antispam 

 

2) AcceptedDomains must use Exchange addresses

The command below should show all domains with “AdressBookEnabled” set to “True”:

Get-AcceptedDomain | select Name,DomainType,AddressBookEnabled
 AcceptedDomains doit utiliser les adresses Exchange

If your domains do not appear, run the command below for each of them:

Set-AcceptedDomain <domaine_name> -AddressBookEnabled $true

 

3) Activate recipient filtering

All that remains is to activate recipient filtering with the command below:

Get-RecipientFilterConfig | FL Enabled,RecipientValidationEnabled

Enable recipient filtering

The return must be of the following form: “Enabled: True” and “RecipientValidationEnabled: True”, otherwise execute the following commands:

Set-RecipientFilterConfig -Enabled $true
Set-RecipientFilterConfig -RecipientValidationEnabled $true

Once this last step has been completed, the mail server will reply that the user is unknown as of the “RCPT TO” phase.

550 5.1.1 User unknown

 

Update – Important addition:

If you’re using an Exchange 2013 or 2016 mail server alone (without an Edge server), it’s possible that after the configurations below, recipient filtering still doesn’t work. Refusal is made after the data rather than after the RCPT TO! This is a problem linked to the presence of 2 reception connectors on the mail server. In this case, prefer the procedure described in this article: https://www.altospam.com/actualite/2016/12/configuration-filtrage-destinataires-exchange-2013-2016-serveur-edge/

 

 

The procedure under Exchange 2003 is different, and is described in our article: Recipient filtering under Exchange 2003. The one for Microsoft Exchange 2007 and Microsoft Exchange 2010 servers is described in the article: Configuring Exchange 2007 and 2010 for recipient filtering.

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …