EveryCloud Technologies    


The Following article will provide a guideline on how to setup Recipient verification in Microsoft Exchange and Office 365. Please read it carefully.


The Microsoft Exchange mail server should reject email to non-existing users. If it's wrongly configured, as a result it may be accepting email to non-existent users. Regular mail servers should always have recipient filtering enabled, to automatically reject emails to non-existent users.

The mechanism behind a wrongly setup Exchange is that it first accepts the email, and then decides if it will reject or accept the email, thus generating its own Non-Delivery Report and try to send it back to the sender.

This can consume resources to generate the local NDR and send it back to the original sender, which will then be flooded with Non-Delivery Reports.

To avoid such situations, we recommend to enable the recipient verification on your Exchange email server, as follows:


Exchange 2007


The Recipient Filtering can be enabled or disabled in Microsoft Exchange 2007 email server via the Management Console or the Management Shell, as follows:


Exchange Management Console:


In the Exchange Management Console, go to Edge Transport.

Then in the work pane, select the Anti-Spam tab, and then choose Recipient Filtering.

Now just enable the Recipient Filtering feature.


Exchange Management Shell:


First open the Management Shell and issue the following command to enable the Recipient Filtering:


Set-RecipientFilterConfig -Enabled $true


To disable recipient filtering, issue the following command in the Management Shell:


Set-RecipientFilterConfig -Enabled $false


For more information, check this article from the Exchange 2007 knowledgebase.


Exchange 2010


The Recipient Filtering can be enabled or disabled in Microsoft Exchange 2010 email server via the Management Console or the Management Shell, as follows:


Exchange Management Console:


First open the Management Console on the Edge Transport server.

Click on Edge Transport from the console tree, and select the Anti-Spam tab from the work pane. Now go to Sender Filtering and click enable.

Be advised: You need the necessary permissions to access the anti-spam features from Exchange 2010.


Exchange Management Shell:


First open the Management Shell and issue the following command to enable the Recipient Filtering:


Set-SenderFilterConfig -Enabled $true


To disable recipient filtering, issue the following command in the Management Shell:


Set-SenderFilterConfig -Enabled $false


Be advised: You need the necessary permissions to access the anti-spam features from Exchange 2010. For more information, check this article from the Exchange 2010 knowledgebase.


If you are using a standalone installation with no Edge Transport server, Please note that the Anti-Spam function is not installed, and will need to be enabled.


Exchange 2013


Exchange 2013 has changed the way it handles recipient callouts, by doing this check post DATA. This means even if the recipient validation is enabled on the mail server, any recipient callout responds with a "250 OK" response for invalid recipients, therefore leaving us with no valid way of checking if the recipient is valid or not currently.


Office 365


The Recipient Filtering can be enabled or disabled in Office 365 via the Exchange Management Console as follows:


Please note you will need to use a Global Admin or an Exchange Company Administrator account to perform the following tasks.


To enable Recipient Verification in Office 365 you need to have Exchange Online Protection enabled on the server, and you need to configure The Directory Based Edge Blocking (DBEB) feature, this is used to reject messages for nonexistent recipients.

To configure and Enable DBEB, please follow the steps below.


  1. Verify that your accepted domain in Exchange Online is to Internal relay: a. In the EAC, go to Mail flow > Accepted domains.

  2. Select the domain and click Edit.

  3. Ensure that the domain type is set to Internal relay. If it's set to Authoritative, change it to Internal relay and click Save.

  4. Set your accepted domain in Exchange Online to Authoritative: a. In the EAC, go to Mail flow > Accepted domains. b. Select the domain and click Edit. c. Set the domain type to Authoritative.
  5. Choose Save to save your changes, and confirm that you want to enable DBEB.


Notes:

  • Until all of your valid recipients have been added to Exchange Online and replicated through the system, you should leave the accepted domain configured as Internal relay. Once the domain type has been changed to Authoritative, DBEB is designed to allow any SMTP address that has been added to the service (except for mail-enabled public folders). There might be infrequent instances where recipient addresses that do not exist in your Office 365 organization are allowed to relay through the service.


For more information check this article from Microsoft.


Our Support team are available to help you contact details can be found Here.