Wednesday, December 31, 2014

Catch-All for MS Exchange 2013 SP1 on specific Authoritative Domains




I have an MS Exchange 2013 SP1 Environment with an Edge Server in the DMZ.
I have several email domains added to the accepted domains and all are authoritative.



For the purposes of this query, we will call them:



yyy.com (catch-all)
zzz.com (catch-all)
123.com (catch-all)



abc.com (mailbox email policy)




Three of these domains do not receive many emails and I am trying to get every email coming to these domains into my personal mailbox in the form of a catch-all.



I've set up a transport rule as follows:



If the message...recipients's address domain portion belongs to any of these domains: 'yyy.com' or 'zzz.com' or '123.com'

Do the following...Redirect the message to 'admin@abc.com'
and Stop processing more rules


Except if...Is sent to 'Inside the organization'


I've disabled (to the best of my knowledge) the recipient filtering on both the MBX and Edge server but when I send to test@yyy.com, it will still bounce back saying that the user does not exist.



Have restarted the transport service after each change and still to no avail.



These are the commands I ran:



[PS] C:\>Set-RecipientFilterConfig -Enabled $false

[PS] C:\>Disable-TransportAgent "Recipient Filter Agent"


These succeeded on the Edge server but returned the following error on the Mailbox Server:



Transport agent "Recipient Filter Agent" isn't found.
Parameter name: Identity
+ CategoryInfo : InvalidArgument: (:) [Disable-TransportAgent], ArgumentException
+ FullyQualifiedErrorId : [Server=SV-EXCH-01,RequestId=564e806d-465e-40e9-b120-6e7ae554f1f1,TimeStamp=13/08/2014 8
:31:56 AM] [FailureCategory=Cmdlet-ArgumentException] 11DD97EF,Microsoft.Exchange.Management.AgentTasks.DisableTra

nsportAgent


Any help or feedback would be much appreciated!


Answer



It seems that when you set the domain as Authoritative, Exchange will do a recipient look-up and then bounce when it doesn't find the user regardless of what the mail-flow rules are. To remedy this, the domain needs to be set to Internal Relay.



The other part of the problem was the mail-flow rule itself which states "Except if...Is sent to 'Inside the organization'". If the domain is part of the accepted domains list, it is considered "inside the organization". This exception needs to be taken out.



If you require a catch-all to complement users that do exist on that particular domain, a dynamic distribution group can be set up to list all existing emails on that domain.



No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...