Enable Recipient Filtering to Prevent Directory Harvesting
Posted by Carlos Rios on 16 November 2017 07:18 PM
Recipient filtering is a very important, often overlooked setting. It allows you to fight spam attacks. Take a dictionary attack, for example. Spammers send mail to a list of common names, hoping to find users that exist in your domain by reading NDRs generated by Exchange.
To enable recipient filtering, run the following command:
Set-RecipientFilterConfig -Enabled $true
When you disable recipient filtering, the underlying recipient filter agent is still enabled. To disable the recipient filter agent, run the following command:
Disable-TransportAgent "Recipient Filter Agent"
To verify that you have successfully enabled or disabled recipient filtering:
In Exchange 2007/2010, the process of rejecting emails sent to invalid users is called recipient validation. Enabling this is made complicated in Exchange 2007/2010 by the way Microsoft split the functions of Exchange into different roles.
Recipient validation is part of the anti-spam features that are present by default only on the server performing the edge transport role.
The problem is that if you only have one Exchange server in your company, as most people do, it will be performing the hub transport, client access and mailbox roles but not the edge transport role, as this has to be on a separate server (an Exchange email system will work fine without the edge transport role).
The solution is to install the anti-spam features on the hub transport role, so we'll start by doing this. If you do happen to have a separate edge transport server, then skip ahead to the next section.
Step 1: Install the anti-spam agent on the hub transport role
Step 2: Configure Recipient Validation
Step 3: Disable all other anti-spam features
If you just installed the anti-spam agents in Step 1, some of these features will now be active by default. Whether you enable or disable these other anti-spam features is something you need to think about carefully and perhaps experiment with a little. Today's job is to enable recipient filtering, not to reconfigure your entire anti-spam system. So we recommend that, for now, you disable all the other new features by right-clicking on each feature, in turn, (except Recipient Filtering, of course!) and selecting Disable.