Configuring Recipient Filtering
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3
Topic Last Modified: 2006-08-21
This topic explains how to use the Exchange Management Console or the Exchange Management Shell to configure the Recipient Filter agent. This topic also provides an overview of how to configure the Recipient Filter agent. For basic configuration, see the procedures in this topic. For more customized or advanced configuration, see the links in each section of this topic. For more information about how the Recipient Filter agent works, see Recipient Filtering.
When you configure the Recipient Filter agent, you must follow these steps:
Enable the Recipient Filter agent.
Add recipients to the Recipient Block list.
Configure Active Directory Application Mode (ADAM) for recipient lookup.
Configure the tarpitting interval.
As a best practice, you should not filter messages from trusted partners or from inside your organization. When you run anti-spam filters, there is always a chance that the filters will detect false positives. To reduce the chance of mishandling legitimate messages, you should enable anti-spam agents to run only on messages from potentially untrusted and unknown sources.
|Configuration changes that you make to the Recipient Filter agent by using the Exchange Management Console or the Exchange Management Shell are only made to the local computer that has the Edge Transport server role installed. If you have multiple instances of the Edge Transport server role running in your organization, you must make Recipient Filter configuration changes to each computer.|
By default, recipient filtering is enabled on the computer that has the Microsoft Exchange Server 2007 Edge Transport server role installed for inbound messages that come from the Internet but are not authenticated. These messages are handled as external messages. You can disable the Recipient Filter agent in individual computer configurations by using the Exchange Management Console or the Exchange Management Shell.
When the Recipient Filter agent is enabled on a computer, the Recipient Filter agent filters all messages that come through all Receive connectors on that computer. As noted earlier in this topic, only messages that come from external sources are filtered. External sources are defined as non-authenticated sources, which are considered anonymous Internet sources.
For more information about how to enable the Recipient Filter agent, see How to Enable Recipient Filtering.
As explained in Recipient Filtering, you can configure recipient filtering to block inbound messages for specific recipients in your organization. If an inbound message contains a recipient that is on the Recipient Block list, the Edge Transport server sends a "550 5.1.1 User unknown" Simple Mail Transfer Protocol (SMTP) session error to the sending system.
By default, recipient blocking is not enabled. After you add recipients to the Recipient Block list, you must enable recipient blocking.
For more information about how to add recipients to the Recipient Block list, see How to Add Recipients to the Recipient Block List.
One of the most effective ways to reduce spam is to validate recipients before accepting inbound messages from the Internet. Therefore, it is a good idea to configure the ADAM instance that runs on the Edge Transport server to synchronize with your Active Directory directory service. By default, ADAM is installed and configured on the Edge Transport server. However, you must configure ADAM to communicate with an Active Directory domain-joined global catalog server. Most of the time, you must also configure your firewall to enable specific ports to communicate with ADAM. For more information, see Subscribing the Edge Transport Server to the Exchange Organization.
After you configure ADAM to replicate a Recipient Block list from Active Directory, you must then enable blocking of messages that are sent to recipients who are not present in the Exchange organization. You enable message blocking on the Blocked Recipients tab of the Recipient Filtering Properties page in the Exchange Management Console. You can also enable message blocking by using the Set-RecipientFilterConfig command in the Exchange Management Shell. For more information, see Set-RecipientFilterConfig.
As explained in Recipient Filtering, you can configure the Receive connectors that process inbound messages from the Internet to slow down the SMTP response. Make sure that you enable tarpitting functionality on the Receive connectors, especially if you have enabled the Recipient Lookup feature of recipient filtering. If you do not enable tarpitting, and you have enabled the Recipient Lookup feature, you are exposing your organization to a directory harvest attack. A directory harvest attack will likely cause more spam.
When you specify a tarpitting interval time on a Receive connector, tarpitting is enabled. The default value is 5 seconds. We recommend that you start with a value of 5 (seconds). Use caution if you decide to change this value. An overly long interval could disrupt ordinary mail flow, whereas an overly brief interval may not be as effective in thwarting a directory harvest attack. If you change the tarpitting interval value, do so in small increments.
You set the tarpitting interval on the Security tab of the Receive connector property pages in the Exchange Management Console. For more information about how to use the Exchange Management Console to configure the tarpitting interval, see How to Modify the Configuration of a Receive Connector.
You can also set the tarpitting interval by using the Set-ReceiveConnector command in the Exchange Management Shell.
For more information about how to configure recipient filtering by using the Exchange Management Shell, see the following topics:
For more information about Receive connectors, see the following topics:
For more information about how to configure Recipient filtering, see the following topics: