Manage recipient filtering on Edge Transport servers

Applies to: Exchange Server 2013

Recipient filtering is provided by the Recipient Filter agent. When recipient filtering is enabled on an Exchange server, it filters inbound messages that come from the Internet but aren't authenticated. These messages are handled as external messages.

Note

Although the Recipient Filter agent is available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected. If you install the anti-spam agents on a Mailbox server, the Recipient Filter agent is enabled by default. However, it isn't configured to block any recipients. For more information, see Enable anti-spam functionality on Mailbox servers.

What do you need to know before you begin?

  • Estimated time to complete each procedure: 5 minutes

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Anti-spam features" entry in the Anti-spam and anti-malware permissions topic.

  • You can only use the Shell to perform this procedure.

  • By default, anti-spam features aren't enabled in the Transport service on a Mailbox server. Typically, you only enable the anti-spam features on a Mailbox server if your Exchange organization doesn't do any prior anti-spam filtering before accepting incoming messages. For more information, see Enable anti-spam functionality on Mailbox servers.

  • The AddressBookEnabled parameter on the Set-AcceptedDomain cmdlet enables or disables recipient filtering for recipients in an accepted domain. By default, recipient filtering is enabled for authoritative domains, and disabled for internal relay domains and external relay domains. To view the status of the AddressBookEnabled parameter for the accepted domains in your organization, run the following command:

    Get-AcceptedDomain | Format-List Name,AddressBookEnabled
    
  • If you disable recipient filtering using the procedure in this topic, recipient filtering functionality will be disabled, but the underlying Recipient Filter agent will remain enabled.

  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

Tip

Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server.

Use the Shell to enable or disable recipient filtering

To disable recipient filtering, run the following command:

Set-RecipientFilterConfig -Enabled $false

To enable recipient filtering, run the following command:

Set-RecipientFilterConfig -Enabled $true

Note

When you disable recipient filtering, the underlying Recipient Filter agent is still enabled. To disable the Recipient Filter agent, run the command: Disable-TransportAgent "Recipient Filter Agent".

How do you know you successfully enabled or disabled recipient filtering?

To verify that you successfully enabled or disabled recipient filtering, do the following steps:

  1. Run the following command:

    Get-RecipientFilterConfig | Format-List Enabled
    
  2. Verify the value displayed is the value you configured.

Use the Shell to enable or disable the Recipient Block list

Run the following command:

Set-RecipientFilterConfig -BlockListEnabled <$true | $false>

This example enables the Recipient Block list:

Set-RecipientFilterConfig -BlockListEnabled $true

How do you know you successfully enabled or disabled the Recipient Block list?

To verify that you successfully enabled or disabled the Recipient Block list, do the following steps:

  1. Run the following command:

    Get-RecipientFilterConfig | Format-List BlockListEnabled
    
  2. Verify the value displayed is the value you configured.

Use the Shell to configure the Recipient Block list

To replace the existing values, run the following command:

Set-RecipientFilterConfig -BlockedRecipients <recipient1,recipient2...>

This example configures the Recipient Block list with the valuesmark@contoso.com and kim@contoso.com:

Set-RecipientFilterConfig -BlockedRecipients mark@contoso.com,kim@contoso.com

To add or remove entries without modifying any existing values, run the following command:

Set-RecipientFilterConfig -BlockedRecipients @{Add="<recipient1>","<recipient2>"...; Remove="<recipient1>","<recipient2>"...}

This example adds chris@contoso.com to the list of recipients, and removes michelle@contoso.com from the list of recipients in the Recipient Block list:

Set-RecipientFilterConfig -BlockedRecipients @{Add="chris@contoso.com"; Remove="michelle@contoso.com"}

How do you know you successfully configured the Recipient Block list?

To verify that you successfully configured the Recipient Block list, do the following steps:

  1. Run the following command:

    Get-RecipientFilterConfig | Format-List BlockedRecipients
    
  2. Verify the values displayed are the values you configured.

Use the Shell to enable or disable Recipient Lookup

Run the following command:

Set-RecipientFilterConfig -RecipientValidationEnabled <$true | $false>

To block messages to recipients that don't exist in your organization, run the following command:

Set-RecipientFilterConfig -RecipientValidationEnabled $true

How do you know you successfully enabled or disabled Recipient Lookup?

To verify that you successfully enabled or disabled Recipient Lookup, do the following steps:

  1. Run the following command:

    Get-RecipientFilterConfig | Format-List RecipientValidationEnabled
    
  2. Verify the value displayed is the value you configured.