Allowing Messages to be Sent to Recipients of Internal and External Relay Domains

Thursday, October 25, 2012

If you have Exchange 2010 Edge Transport servers in your environment you probably have Recipient Filtering configured to "Block messages sent to recipients that do not exist in the directory".
This setting configures the Edge Transport server to drop messages destined to email addresses that do not exist in Active Directory.  The messages are dropped with a "550 5.1.1 User unknown" permanent error, rather than generating a Non Deliverable Report (NDR) to the sender.  This prevents "backscatter," a condition where your domain ends up on a real-time block list (RBL) due to issuing NDRs to accounts that never really sent the original email (spoofing).
This type of recipient blocking won't work for Internal Relay or External Relay domains because the Edge server can't query those domain's directories.  This causes emails bound for these domains to fail with the "550 5.1.1 User unknown" error, above.
Internal Relay Domains and External Relay Domains are configured in the New Accepted Domain wizard on the Hub Transport server.  The accepted domain configuration then syncs to the Edge server using the EdgeSync process.

External Relay Domains route from the Edge Transport server to the external domain's mail server.  Internal Relay Domains route email from the Hub Transport server to external domain's mail server if the email does not resolve internally.  Both relay domains use a dedicated Send Connector for remote domain.
You can disable address book lookups for internal and external relay domains using the Set-AcceptedDomain cmdlet, as shown below:
Set-AcceptedDomain -AddressBookEnabled $False
This command needs to be run from the Hub Transport server and then synced to the Edge server by the EdgeSync process.  You can force the sync immediately using the Start-EdgeSynchronization cmdlet.