This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

recipient verification in active directory

 I'm trying to configure my UTM to filter out all external email to non-existent addresses using Active Diectory.

I have two trusted domains and I put a domain controller from each in "Authentication Services\Servers". So far, any email I send is making it through to my Exchange servers, no matter if the address is valid or not.

Ideas?



This thread was automatically locked due to age.
Parents
  • Please show a pic of the 'Recipient Verification' box on the 'Routing' tab.  Is there a reason you don't use "With callout" there, or is your Exchange server not configured to reject messages to non-existent mailboxes?

    Also, confirm that you have no Host/Network definitions that violate #3 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  •  

     

    We might change to callout, but we currently have over 100 distribution groups that are not part of our global catalog. If we configure Exchange to block email, it will block all those groups.

     

Reply Children
  • Steve, on the 'Exceptions' tab in 'Quarantine Report', there is a place to enter 'Mailing Lists' aka AD Distribution Groups.  The SMTP Proxy should accept messages to those accounts.  Then again, I don't know how to configure Exchange in such a way that blocking messages to non-existent addresses would also block those to Distribution Groups.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob I'll check that out.

     

    As far as I know, the only ways to block nonexistant addresses in Exchange is to block all addresses not on the Global Address List. Most of our dist groups aren't in the GAL because execs don't want them cluttering up the list. Most of the groups are customer specific, like CSR-ThisGuy, CSR-ThatGuy. That makes it possible for us to shift customers between CSRs seamlessly.

  • Thanks for the explanation, Steve.  In this case, you might need to make an Exception containing each of the Distribution groups.  I probably would have done it your way, too - cleaner, given how you're configured overall.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA