Recipient filtering procedures on Edge Transport servers

Recipient filtering is provided by the Recipient Filter agent. When recipient filtering is enabled on an Exchange server, it filters inbound messages that come from the Internet but aren't authenticated. These messages are handled as external messages. For more information about recipient filtering and the Recipient Filter agent, see Recipient filtering on Edge Transport servers.

Recipient filtering on Edge Transport servers

Note

Although the Recipient Filter agent is available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected. If you install the antispam agents on a Mailbox server, the Recipient Filter agent is enabled by default. However, it isn't configured to block any recipients. For more information, see Enable antispam functionality on Mailbox servers.

What do you need to know before you begin?

  • Estimated time to complete each procedure: less than 5 minutes

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Antispam features" entry in the Antispam and antimalware permissions topic.

  • You can only use PowerShell to perform this procedure. To learn how to open the Exchange Management Shell in your on-premises Exchange organization, see Open the Exchange Management Shell.

  • Although the Recipient Filter agent is available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected. The Recipient Filter agent is enabled when you install the antispam agents on a Mailbox server, but it isn't configured to block any recipients. For more information, see Enable antispam functionality on Mailbox servers.

  • The AddressBookEnabled parameter on the Set-AcceptedDomain cmdlet enables or disables recipient filtering for recipients in an accepted domain. By default, recipient filtering is enabled for authoritative domains, and disabled for internal relay domains and external relay domains. To view the status of the AddressBookEnabled parameter for the accepted domains in your organization, run the command: Get-AcceptedDomain | Format-List Name,AddressBookEnabled.

  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

Tip

Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

Use the Exchange Management Shell to enable or disable recipient filtering

To disable recipient filtering, run the following command:

Set-RecipientFilterConfig -Enabled $false

To enable recipient filtering, run the following command:

Set-RecipientFilterConfig -Enabled $true

Note

When you disable recipient filtering, the underlying Recipient Filter agent is still enabled. To disable the Recipient Filter agent, run the command: Disable-TransportAgent "Recipient Filter Agent".

How do you know this worked?

To verify that you've successfully enabled or disabled recipient filtering, run the following command to verify the Enabled property value:

Get-RecipientFilterConfig | Format-List Enabled

Use the Exchange Management Shell to enable or disable recipient filtering for external connections

By default, recipient filtering is enabled for external (unauthenticated) SMTP connections.

To disable recipient filtering for external connections, run the following command:

Set-RecipientFilterConfig -ExternalMailEnabled $false

To enable recipient filtering for external connections, run the following command:

Set-RecipientFilterConfig -ExternalMailEnabled $true

How do you know this worked?

To verify that you've successfully enabled or disabled recipient filtering for external SMTP connections, run the following command to verify the ExternalMailEnabled property value:

Get-RecipientFilterConfig | Format-List ExternalMailEnabled

Use the Exchange Management Shell to enable or disable recipient filtering for internal connections

As a best practice, you don't need to apply antispam filters to messages from trusted partners or from inside your organization. To reduce the chance that filters will mishandle legitimate email messages, you typically configure antispam agents to only run on messages from external sources.

To enable recipient filtering for internal (authenticated) SMTP connections, run the following command:

Set-RecipientFilterConfig -InternalMailEnabled $true

To disable recipient filtering for internal connections, run the following command:

Set-RecipientFilterConfig -InternalMailEnabled $false

How do you know this worked?

To verify that you've successfully enabled or disabled recipient filtering for internal SMTP connections, run the following command to verify the InternalMailEnabled property value:

Get-RecipientFilterConfig | Format-List InternalMailEnabled

Use the Exchange Management Shell to enable or disable the Recipient Block list

To enable the Recipient Block list, run the following command:

Set-RecipientFilterConfig -BlockListEnabled $true

To disable the Recipient Block list, run the following command:

Set-RecipientFilterConfig -BlockListEnabled $false

How do you know this worked?

To verify that you've successfully enabled or disabled the Recipient Block list, run the following command to verify the BlockListEnabled property value:

Get-RecipientFilterConfig | Format-List BlockListEnabled

Use the Exchange Management Shell to configure the Recipient Block list

To replace the existing values, use the following syntax:

Set-RecipientFilterConfig -BlockedRecipients <recipient1,recipient2...>

This example configures the Recipient Block list with the valuesmark@contoso.com and kim@contoso.com:

Set-RecipientFilterConfig -BlockedRecipients mark@contoso.com,kim@contoso.com

To add or remove entries without modifying other existing values, use the following syntax:

Set-RecipientFilterConfig -BlockedRecipients @{Add="<recipient1>","<recipient2>"...; Remove="<recipient1>","<recipient2>"...}

This example adds chris@contoso.com to the list of recipients, and removes michelle@contoso.com from the list of recipients in the Recipient Block list:

Set-RecipientFilterConfig -BlockedRecipients @{Add="chris@contoso.com"; Remove="michelle@contoso.com"}

How do you know this worked?

To verify that you've successfully configured the Recipient Block list, run the following command to verify the BlockedRecipients property value:

Get-RecipientFilterConfig | Format-List BlockedRecipients

Use the Exchange Management Shell to enable or disable Recipient Lookup

To enable Recipient Lookup to block messages to recipients that don't exist in your organization, run the following command:

Set-RecipientFilterConfig -RecipientValidationEnabled $true

To disable Recipient Lookup, run the following command:

Set-RecipientFilterConfig -RecipientValidationEnabled $false

Note: Recipient Lookup on an Edge Transport server requires an Edge subscription. For more information, see Edge Subscriptions.

How do you know this worked?

To verify that you've successfully enabled or disabled Recipient Lookup, run the following command to verify the RecipientValidationEnabled property value:

Get-RecipientFilterConfig | Format-List RecipientValidationEnabled