Also On This Page

 

How to enable Recipient Filtering on your Exchange Server to stop it generating emails in response to Spam


What's Recipient Filtering all about?
If an email arrives at your Exchange server, addressed to a non-existent user at your domain, the sensible thing to do would be to reject it, giving the reason "No such user here" to the sending server.
It would then be the sending mail-server's job to send a Non-Delivery Report (NDR) email back to the original sender.

By default Exchange doesn't do this! It accepts the email, and then decides to reject it and so has to generate its own NDR email and attempt to send it to the original sender of the email.

What's the problem with this?

Well, these days spammers can send thousands of emails to addresses at your domain that they have guessed - usually wrongly - and, to try and add legitimacy to their spam, the From Address of these emails appears to be some real person who's innocent of sending any spam.
If your Exchange server rejects these emails, the spamming mail-server doesn't send a NDR to the forged sender but just moves on to sending the the next spam email.ing the the next spam email.

If your Exchange server does accept these emails it means it has to use resources processing them and then, for each incoming spam email, it will generate a pointless NDR email which often can't be delivered and, if it can, will, itself, appear to be spam to the innocent person who didn't send the original email in the first place.
The technical term for sending an NDR to someone who didn't send you the original email is "Backscatter".

Those good people at www.backscatter.org don't think there's any excuses for letting your email system send backscatter emails and have started a blacklist of mail-servers that send these types of emails.
In order to stay off this blacklist we do our best to filter out and delete any backscatter emails that our smarthost customers attempt to send through our servers.
Also, if you're using our Smarthost service, you're paying for outgoing emails at something under 0.3p each, so it's a good idea to make sure your are not sending out ones you don't need to.
We had one customer where Backscatter NDRs made up 80% of their total out-going emails. We don't like them coming through our servers, even though we charge for them and attempt to filter them out, as they often can't be delivered and, if they can, they risk annoying the recipients.

Here's an example of the type of email we mean:-


An email generated by Exchange to spam sent to a non-existent user


Enabling Recipient Filtering to reject emails to non-existent users on your Exchange Server has no downsides.
Here are the upsides:-


Less load on your server when it's being targeted for spam

You won't get blacklisted for sending NDRs to people who haven't sent you any emails

If you are using our Smarthost service, you won't be paying for needless emails



Possible objections:-

Q1

When a genuine customer sends me an email and, because or a typo, they send it to a non-existent address, if my Exchange server doesn't send a Non-Delivery Report, how will they know the email didn't reach me?

A1

They will still get a Non-Delivery Report from the genuine mail-server sending the email after your Exchange server refuses to accept it.


Q2

I want to see every email sent to my domain, even if the email address is invalid so that if a potential customer has made a typo I'll still get to see it. Is this possible?

A2

Yes, but you'll have to put up with all the spam as well. To do this, don't enable Recipient Filtering but instead create a Catch-All mailbox - perhaps make it a Public Folder.
To make a catch-all mailbox in Exchange you need to use a free 3rd Party Add-on - details here.



Step-By-Step instructions of how to configure Recipient Filtering in Exchange 2003


This takes 2 easy steps.

Step 1
In Exchange System Manager go to Global Settings, right-click on Message Delivery and chose Properties


 
Global Settings, right-click Message Delivery


On the Recipient Filtering tab, select "Filter recipients who are not in the Directory" then click OK


 
Global Settings, right-click Message Delivery


Click OK to the warning message that pops-up - it's just saying we need to perform a further step.

Step 2
Go to Servers - <SERVER NAME> - Protocols - SMTP
Right-click on Default SMTP Virtual Server and click Properties


 
Global Settings, right-click Message Delivery


On the General tab, click Advanced
Select the IP Address and then click Edit


 
Select the IP Address and then click Edit


Select Apply Recipient Filter then click OK - OK - OK


 
Select Apply Recipient Filter

Finished!


^ Top of Page ^




Step-By-Step instructions of how to configure Recipient Filtering in Exchange 2007


In Exchange 2007, the process of rejecting emails sent to invalid users is called Recipient Validation and enabling this is made complicated, in Exchange 2007, by the way Microsoft has split the functions of Exchange into different roles.
Recipient Validation is part of the Anti-spam features that are present, by default, only on the server performing the Edge Transport Role.
The problem is, if you only have one Exchange server in your company, as most people do, it will be performing the Hub Transport, Client Access and Mailbox roles but not the Edge Transport role as this has to be on a separate server. An Exchange email system will work fine without the Edge Transport role.

The solution is to install the Anti-spam features on the Hub Transport role so we'll start by doing this.
If you do happen to have a separate Edge Transport server then skip ahead to the next section.

Step 1 - How to Install the Anti-spam Agents onto the Hub Transport Role
Open Exchange Management Shell and enter the command:-

cd "c:\Program Files\Microsoft\Exchange Server\Scripts"

This "changes directory" to the folder containing a Powershell script, provided by Microsoft, for installing the Anti-spam features on the Hub Transport.
Type the following command to run this script:-

.\install-antispamagents.ps1


Copy and Paste the commands from this Webpage to avoid spelling mistakes.

To paste into the Exchange Management Shell use Right-click + Paste as Ctrl + V doesn't work

Install the anti-spam agents onto the Hub Transport role


Close the Exchange Management Shell window and either reboot the server or go to:-

Start - Run
and type:-
services.msc then click OK

Locate the service called Microsoft Exchange Transport, right-click on it and select Restart


Restart the Microsoft Exchange Transport service


Step 2 - How to Configure Recipient Validation

Open the Exchange Management Console and go to:-

Organization Configuration - Hub Transport and select the new Anti-spam tab

Right-click on Recipient Filtering and select Properties


If you have a separate Edge Transport server then you'll find the the Anti-spam tab under Edge Transport

Find Recipient Filtering in Exchange System Manager


Go to the Blocked Recipients tab and select:-

Block messages sent to recipients not in the Global Address List


 

Then click OK


Block invalid local recipients
 


3 - Disable the Other Anti-Spam Features


If you just installed the Anti-spam agents in Section 1 then, by default, some of these features will now be active.
Whether you enable or disable these other Anti-spam features is something you need to think about carefully and perhaps experiment with a little.

Today's job is to enable Recipient Filtering and not to reconfigure your whole anti-spam system so we recommend that, for now, you disable all the other new features.

Right-click on each feature, in turn, (except Recipient Filtering!) and select Disable


 
Disable all other Anti-spam features  

That's it!


^ Top of Page ^


Feedback Form

Type your message below:-

Anonymous feedback is fine. If you'd like a reply then we'll need an email address to send it to.
We'll only use it to reply to your feedback, nothing else!

 

Email Address:
(optional)

We sometimes like to publish visitor feedback, but only if you give us your permission:-

Choose a Screen Name for Published Comments:

 

If you prefer, you can, instead, email your comments to support@arrowmail.co.uk

^ Top of Page ^


 

© 2017 Arrowmail Ltd, a UK-registered company, number 4079706, registered VAT Number GB 895 0987 60
We welcome any comments about this website, good or bad. Send them to webmaster@arrowmail.co.uk