Exchange 2013 recipient filtering - reject after RCPT TO
According to this forum thread, exchange 2013 has a new behaviour for recipient filtering. Apparently, mails to unknown users are only rejected after the DATA-Phase, not after RCPT TO as this was the case so far.
This would be a problem for many inbound gateway servers which rely on SMTP call-ahead probes to build up their local address cache (for example postfix address verification, milter-ahead, ...). Unfortunately, I don't have an exchange 2013 available to verify this myself, so my questions are:
- is it true that the new recipient filtering by default only rejects after DATA instead of after RCPT TO ?
- if this is true, is there any way to get the old behaviour back?
Yes, that appears to be the default behavior of the CAS relay agent. The CAS (which listens on port 25) does not verify addresses and simply accepts all of them until after the DATA phase, then looks up the correct MailBox Server and does all the verification then. That breaks many things (including RFC). There are some work-arounds. If you only have one mailbox server then you can by-pass CAS and go straight to the MailBox server receive connector (listening on 2525). Though note, you have to add Anonymous Users to the Default Receive Connector for that MailBox server's default hub transport (that has security implications you want to seriously consider). You can have your postfix/exim/whatever gateway route emails to port 2525 to that server and the old behavior will return (reject right after RCPT TO:).