Recipient Verification with Exchange 2013 and Later
The new hoops Microsoft makes you jump through...
Starting with Exchange 2013, Microsoft changed the Exchange FrontEnd Transport service so that it no longer rejects invalid recipients during the RCPT phase of the SMTP conversation, which breaks CanIt's recipient verification.
To work around this, please follow these instructions:
- Ensure the Exchange Anti-Spam Agents are installed. You can check
via Exchange Management shell with the following EMS command:
Make sure that Recipient Filter Agent is listed and enabled. If it is not, install it with the following command:
- Ensure that the Recipient Filter Agent is enabled. Use the following
Enable-TransportAgent "Recipient Filter Agent"
- Enable AddressBook. All of your domains need to be using Address Book
to check for recipients. To check, run the following command:
Get-AcceptedDomain | Format-List Name,AddressBookEnabled
If Address Book is disabled for any domains for which the Exchange server is authoritative, fix that with the following command, once for each such domain:
Set-AcceptedDomain name_of_domain -AddressBookEnabled $true
- At this point, restart the Microsoft Exchange Transport service.
- Ensure that Recipient Validation is enabled. Run the following
Set-RecipientFilterConfig -RecipientValidationEnabled $true
and again, restart the transport service.
- Allow access to the Default receive connector. In the Exchange Administrative Center, go to Mail Flow : Receive Connectors. Edit the default connector, go to the Security tab and ensure that anonymous users are allowed. This lets CanIt use the connector for recipient verification.
- Make sure that port 2525 on your Exchange server is open to all the IPs listed in Hosted CanIt under My Domains. If the Exchange server is behind a firewall, you may also need to make a port-forwarding rule.
- Test that Recipient Filtering works. Open a telnet session to port
2525 of your Exchange server. Type the bold text; the server responses
should be similar to those shown below. Replace example.com with
an actual domain name hosted on the Exchange server.
220 myexchange.example.com Microsoft ESMTP MAIL Service ready at...
250 myexchange.example.com Hello ...
250 2.1.0 Sender OK
550 5.1.1 User unknown
- Configure CanIt to use port 2525 for recipient verification; under Setup : Verification Servers, set the server to myexchange.example.com/2525