My problem basically boils down to this: Exchange (2016) is accepting mail for non-existent addresses and then later sending out DSNs (delivery status notification) to notify the sender of failure. I want it to instead immediately reject mail sent to non-existent addresses with a 550 response.
More background
My setup looks roughly like this:
+-----+
Datacenter Office |User1|
+----------+ +---------+ +----------+ +-----+ +-----+
| Internet | <--> | Postfix | <--> | Exchange | |UserN|
+----------+ +---------+ +----------+ +-----+ +-----+
|User2|
+-----+
Incoming mail hits my postfix server first, which does virus scanning, spam filtering and quarantine. It then gets forwarded on to our office Exchange server.
Postfix is configured to do recipient verification against the exchange server. This involves connecting to the server and performing a partial SMTP transaction, up to the RCPT TO
command. If the server responds with code 250 then the recipient is considered valid.
The problem is that Exchange is always responding with 250... it apparently does not even attempt to do any validation upon receiving the RCPT TO
command.
I have followed the instructions on technet for enabling the anti-spam functionality and recipient validation in Exchange, but I have no idea what it did, because the behavior of Exchange's SMTP server is exactly the same as it was before I did anything.
Here are the commands I have run on the Exchange server trying to get this working.
& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1
Restart-Service MSExchangeTransport
Set-RecipientFilterConfig -Enabled $true
Set-RecipientFilterConfig -RecipientValidationEnabled $true
Is Exchange's recipient validation supposed to make it perform immediate validation upon receiving RCPT TO
? (And if not, what exactly does it do?)