TechNet
Export (0) Print
Expand All

Recipient filtering procedures on Edge Transport servers

 

Applies to: Exchange Server 2016

Topic Last Modified: 2016-04-20

Learn how to enable, disable, and configure recipient filtering in Exchange 2016, and how to verify the recipient filtering settings.

Recipient filtering is provided by the Recipient Filter agent. When recipient filtering is enabled on an Exchange server, it filters inbound messages that come from the Internet but aren't authenticated. These messages are handled as external messages. For more information about recipient filtering and the Recipient Filter agent, see Recipient filtering on Edge Transport servers.

Recipient filtering on Edge Transport servers

noteNote:
Although the Recipient Filter agent is available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected. If you install the antispam agents on a Mailbox server, the Recipient Filter agent is enabled by default. However, it isn't configured to block any recipients. For more information, see Enable antispam functionality on Mailbox servers.

  • Estimated time to complete each procedure: less than 5 minutes

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Antispam features" entry in the Antispam and antimalware permissions topic.

  • You can only use PowerShell to perform this procedure. To learn how to open the Exchange Management Shell in your on-premises Exchange organization, see Open the Exchange Management Shell.

  • Although the Recipient Filter agent is available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected. The Recipient Filter agent is enabled when you install the antispam agents on a Mailbox server, but it isn't configured to block any recipients. For more information, see Enable antispam functionality on Mailbox servers.

  • The AddressBookEnabled parameter on the Set-AcceptedDomain cmdlet enables or disables recipient filtering for recipients in an accepted domain. By default, recipient filtering is enabled for authoritative domains, and disabled for internal relay domains and external relay domains. To view the status of the AddressBookEnabled parameter for the accepted domains in your organization, run the command: Get-AcceptedDomain | Format-List Name,AddressBookEnabled.

  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

tipTip:
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

To disable recipient filtering, run the following command:

Set-RecipientFilterConfig -Enabled $false

To enable recipient filtering, run the following command:

Set-RecipientFilterConfig -Enabled $true
noteNote:
When you disable recipient filtering, the underlying Recipient Filter agent is still enabled. To disable the Recipient Filter agent, run the command: Disable-TransportAgent "Recipient Filter Agent".

To verify that you have successfully enabled or disabled recipient filtering, run the following command to verify the Enabled property value:

Get-RecipientFilterConfig | Format-List Enabled

By default, recipient filtering is enabled for external (unauthenticated) SMTP connections.

To disable recipient filtering for external connections, run the following command:

Set-RecipientFilterConfig -ExternalMailEnabled $false

To enable recipient filtering for external connections, run the following command:

Set-RecipientFilterConfig -ExternalMailEnabled $true

To verify that you have successfully enabled or disabled recipient filtering for external SMTP connections, run the following command to verify the ExternalMailEnabled property value:

Get-RecipientFilterConfig | Format-List ExternalMailEnabled

As a best practice, you don't need to apply antispam filters to messages from trusted partners or from inside your organization. To reduce the chance that filters will mishandle legitimate email messages, you typically configure antispam agents to only run on messages from external sources.

To enable recipient filtering for internal (authenticated) SMTP connections, run the following command:

Set-RecipientFilterConfig -InternalMailEnabled $true

To disable recipient filtering for internal connections, run the following command:

Set-RecipientFilterConfig -InternalMailEnabled $false

To verify that you have successfully enabled or disabled recipient filtering for internal SMTP connections, run the following command to verify the InternalMailEnabled property value:

Get-RecipientFilterConfig | Format-List InternalMailEnabled

To enable the Recipient Block list, run the following command:

Set-RecipientFilterConfig -BlockListEnabled $true

To disable the Recipient Block list, run the following command:

Set-RecipientFilterConfig -BlockListEnabled $false

To verify that you have successfully enabled or disabled the Recipient Block list, run the following command to verify the BlockListEnabled property value:

Get-RecipientFilterConfig | Format-List BlockListEnabled

To replace the existing values, use the following syntax:

Set-RecipientFilterConfig -BlockedRecipients <recipient1,recipient2...>

This example configures the Recipient Block list with the valuesmark@contoso.com and kim@contoso.com:

Set-RecipientFilterConfig -BlockedRecipients mark@contoso.com,kim@contoso.com

To add or remove entries without modifying other existing values, use the following syntax:

Set-RecipientFilterConfig -BlockedRecipients @{Add="<recipient1>","<recipient2>"...; Remove="<recipient1>","<recipient2>"...}

This example adds chris@contoso.com to the list of recipients, and removes michelle@contoso.com from the list of recipients in the Recipient Block list:

Set-RecipientFilterConfig -BlockedRecipients @{Add="chris@contoso.com"; Remove="michelle@contoso.com"}

To verify that you have successfully configured the Recipient Block list, run the following command to verify the BlockedRecipients property value:

Get-RecipientFilterConfig | Format-List BlockedRecipients

To enable Recipient Lookup to block messages to recipients that don't exist in your organization, run the following command:

Set-RecipientFilterConfig -RecipientValidationEnabled $true

To disable Recipient Lookup, run the following command:

Set-RecipientFilterConfig -RecipientValidationEnabled $false

Note:   Recipient Lookup on an Edge Transport server requires an Edge subscription. For more information, see Edge Subscriptions.

To verify that you have successfully enabled or disabled Recipient Lookup, run the following command to verify the RecipientValidationEnabled property value:

Get-RecipientFilterConfig | Format-List RecipientValidationEnabled
 
Show:
© 2016 Microsoft