none
Exchange 2013 reject email for not existed user in a mailing list

    Question

  • I have an Exchange 2013 server. Faced with a strange issue of email delivery what I can not solve. Exchange is rejecting email
    if one of the recipients is not exist in a domain Email will be rejected totally and sender will receive NDR for not existing user. 

    scenario:
    Exchange mailboxes user@domain.com  // valid user
    user1@domain.com  //**user mailbox is not exist**
    Sending email from external domain to my exchange server:
    TO: user@domain.com,user1@domain.com
    Reciving NDR Remote Server returned '550 5.1.1 RESOLVER.ADR.RecipNotFound;
    valid user didn't receive email also.
    email is rejected

    I start to google and found that   How do I reject incoming email for unknown users in MS Exchange 2013?exchange has a user validation feature that is enabled by default I disable it on a console restart transport role. Set-RecipientFilterConfig -RecipientValidationEnabled $false

    run the same scenario again user@domain.com, user1.domain.com I receive NDR for not existing user. but email was delivered to valid user.

    Is it a normal behavior for exchange?

    What is right by RFC deliver for valid users or reject email if one of the user is not exist?

    how it will affect our server hit the public spam list?

    Does this not reduce our spam filter resistance?

    Please advice.

    Thank you.

    Tuesday, November 8, 2016 2:03 PM

All replies

  • Hi,

    It's normal behavior, please check it with below scenario:
    External user send message which contain invalid recipient and valid recipient to Exchange server.

    Scenario: RecipientValidationEnabled --- Enabled
    Exchange validates the e-mail address before Exchange accepts the e-mail message, if it contain invalid user, sending SMTP server send NDR to user.

    Scenario: RecipientValidationEnabled --- False
    Exchange accept message and expand recipient to deliver message, then Exchange generate an DNR to sender if it contain invalid recipient.
    Note: Max time period of email in queue is 2 days by default, thus this NDR message will send to sender after 2 days ago.

    The different between those two scenario is who generate DNR and send to sender.

    If Exchange server get more e-mails with invalid recipient, and server will cost more resource to deliver message and send NDR. Therefore, we can enable RecipientValidationEnabled to prevent NDR attack.


    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 9, 2016 8:55 AM
    Moderator
  • Hello Alen,

    First scenario:

    Scenario: RecipientValidationEnabled --- Enabled 

    Exchange sends NDR to sender and rejects current email.  (valid users did not receive this email)

    Second scenario:

    Scenario: RecipientValidationEnabled --- False

    Exchange sends NDR to sender and accepts current email.  (valid users receive this email)

    is it possible to leave RecipientValidationEnabled $True and say to exchange pass the emails for valid users?  Do not reject!

    Thank you.

    Best Regards, 

    Marija.


    Wednesday, November 9, 2016 12:35 PM
  • as an addon to other replies here, enabling recipientvalidation also protects your server agains relaying.

    This means if people manage to relay to your server, they wont be able to send email to other domains other than those you have on accepted domains list.

    For sure it is good to have it on..


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Wednesday, November 9, 2016 1:50 PM
  • Hi Marija,

    This behavior is how it works, that is Exchange server will verify recipient is valid before accept message, then reject message if message contain invalid user once set RecipientValidationEnabled  to true.


    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 10, 2016 6:39 AM
    Moderator