How can I block emails that are arriving to email addresses that do not exist in my Microsoft Exchange server?

The information in this article applies to:

  • GFI MailEssentials for Exchange/SMTP 10
  • GFI MailEssentials for Exchange/SMTP 11
  • GFI MailEssentials for Exchange/SMTP 12
  • GFI MailEssentials for Exchange/SMTP 14
  • GFI MailEssentials for Exchange/SMTP 9
  • GFI MailSecurity for Exchange/SMTP 10
  • GFI MailSecurity for Exchange/SMTP 8
  • GFI MailSecurity for Exchange/SMTP 9

Article ID: KBID002019

Query keywords: directory harvesting

NOTE: Starting from GFI MailEssentials 10.1, you can configure the Directory Harvesting feature which will check the recipients' email address with your Active Directory to determine if the email is destined to an existent recipient. If the recipient email address is not found in Active Directlorym the email will be blocked. In GFI MailEssentials 11, this feature has been extended to allow querying an LDAP server.

The same functionality can be achieved if you are using Microsoft Exchange 2003 and Microsoft Exchange 2007. Previous versions of Microsoft Exchange server did not have this functionality.

Please follow this procedure to enable Microsoft Exchange to allow emails only for valid recipients:

Microsoft Exchange 2003

A. Enable filtering for recipients which are not found in Active Directory.

  1. Open Exchange System Manager -> Global Settings -> right-click on Message Delivery and choose Properties.
  2. Change to the "Recipient Filtering" tab. 
  3. Enable the option "Filter recipients who are not in the Directory" 
  4. Click OK to close the window and save your changes.


B. Enable the recipient filter on the SMTP Virtual Server. This will only need to be enabled on the SMTP virtual server that is receiving emails from the internet.

  1. Open Exchange System Manager -> Administrative Groups -> Administrative Group Name ->  Servers -> Protocols -> SMTP.
  2. Right-click on the SMTP Virtual Server and select Properties 
  3. On the "General" tab click the "Advanced..." button 
  4. Choose the IP binding that that is listening on the Internet.  Click the "Edit..." button. 
  5. Enable the option "Apply Recipient Filter" 
  6. Click OK through all the windows to save your changes.

Microsoft Exchange 2007 Edge Server Role

  1. Open the Microsoft Exchange Management Console on the Edge Server.
  2. Click on the ‘Edge Transport’ Node.
  3.  Click on the Anti-spam Tab.
  4. Right click on 'Recipient Filtering' and select 'Enable' (If Recipient Filtering is already enabled, you will only have the option to 'Disable')
  5. Right click on 'Recipient Filtering' once again and select 'Properties'
  6. Under the 'Blocked Recipients' tab, tick the 'Block messages sent to recipients not listed in the Global Address List' option.
  7. Click 'Ok' to save changes.

When someone tries to send an email to a user that does not exist in your Active Directory domain, they will receive the error:
550 5.5.1 User unknown

The email is not received by Microsoft Exchange server, since the error is given during the SMTP transmission.

If the Microsoft Exchange Recipient Filtering feature is already enabled, it is recommended to disable the GFI MailEssentials Directory Harvesting feature.


Notes:

  • The AntiSpam agents are only installed on the Microsoft Exchange Server 2007 Edge Transport server role. The agents are not installed on the Hub Transport Role by default.
  • Enabling Microsoft Exchange server to refuse connections for emails that are destined to not existing email addresses can allow spammers to build a list of valid email addresses in your domain. This would not occur if such emails are blocked by GFI MailEssentials, since GFI MailEssentials can be configured not to notify the sender that the email has been blocked. You may also want to use the SPAM Tar Pit feature as per: http://support.microsoft.com/?id=842851
     
  • Recently spammers have been trying to send emails to invalid email address. These will result in an NDR, however since the FROM email address of the original email would be the spammers target, the NDR would be sent to the spammers target. Enabling the above setting will help decrease these emails.

 

Get the latest SPAM news at AllSpammedUp.com!