We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Security Gateway

How should I configure Microsoft Exchange to reject emails for invalid recipients so that Barracuda Spam Filtering will recognize the rejections?

  • Type: Knowledgebase
  • Date changed: 2 months ago
Solution #00003667

Scope:
All Email Security Gateways in use with Exchange 2007/2010 servers, all firmware versions.

Answer:

Exchange 2003:

Please follow this procedure to enable Microsoft Exchange Server 2003 to allow emails for valid recipients only. This step is necessary to allow the Microsoft Exchange 2003 server to work with the SMTP verification feature of the Email Security Gateway. First, enable filtering for recipients which are not found in Active Directory.
  1. Open Exchange System Manager > Global Settings, right-click on Message Delivery, and choose Properties.
  2. Go to the Recipient Filtering tab.
  3. Enable the option Filter recipients who are not in the Directory.
  4. Click OK to close the window and save your changes.
Then, enable the recipient filter on the SMTP Virtual Server. This will only need to be enabled on the SMTP virtual server that is receiving emails from the internet.
  1. Open Exchange System Manager > Administrative Groups > (Administrative Group Name) > Servers > Protocols > SMTP.
  2. Right-click on the SMTP Virtual Server and select Properties.
  3. Go to the General tab click the Advanced... button.
  4. Choose the IP binding that that is listening on the Internet. Click the Edit... button.
  5. Enable the Apply Recipient Filter option.
  6. Click OK through all the windows to save your changes.
When someone tries to send an email to a user that does not exist in your Active Directory domain, they will receive this error: 


550 5.5.1 User unknown


The email will not be received by Microsoft Exchange server, since the error is given during the SMTP transmission. Then, assuming your domain has this Exchange server configured as its Destination Server, the Email Security Gateway should begin to reject incoming mail addressed to invalid recipients at your domain.


Exchange 2007/2010

Please follow this procedure to enable Microsoft Exchange Server 2007/2010 to allow emails for valid recipients only. This step is necessary to allow the Microsoft Exchange server to work with the SMTP verification feature of the Email Security Gateway.

Recipient Verification is configured in the "Anti-Spam agents" module. The Anti-Spam agents are enabled by default on Edge Transport servers, but not Hub Transport servers. If you do not have an Edge Transport Exchange 2007 server, you can enable the Anti-Spam agents on a Hub Transport server. Please follow this link to a Microsoft knowledgebase article below if you need to enable the "Anti-Spam agents" module on your Exchange 2007 server.

Version:1.0 StartHTML:0000000167 EndHTML:0000008758 StartFragment:0000000487 EndFragment:0000008742

Once you have verified that the Anti-Spam agents are enabled, you can configure Exchange to block mail addressed to recipients that don't exist at your organization. This feature is called Recipient Lookup, and can be enabled by following these steps:

  1. Open the Exchange Management Console.
  2. Expand Organization Configuration.
  3. Click on Hub Transport.
  4. Click the Anti-Spam Tab.
  5. Double click Recipient Filtering.
  6. Click the Blocked Recipients tab.
  7. Check the first option, labeled Block messages sent to recipients not listed in the Global Address list.
When someone tries to send an email to a user that does not exist in your Active Directory domain, they will receive this error: 


550 5.5.1 User unknown


The email will not be received by Microsoft Exchange server, since the error is given during the SMTP transmission. Then, assuming your domain has this Exchange server configured as its Destination Server, the Email Security Gateway should begin to reject incoming mail addressed to invalid recipients at your domain.


Additional Notes:
Enabling LDAP/Active Directory verification will disable SMTP verification. This solution is not usually relevant when configuring LDAP/Active Directory verification. For more information on LDAP/Active Directory verification, see Solution #00002192.


Link to This Page: