Exchange Server: Active Directory Attributes Behind Mail Flow

Today I would like to talk a bit about the Active Directory attributes related with mail flow on Exchange server.

There are five settings on an exchange recipient that control mail flow (represented by the name of the Powershell parameter of the relative cmdlets):
  1. AcceptMessagesOnlyFrom
  2. AcceptMessagesOnlyFromDLMembers
  3. RejectMessagesFrom
  4. RejectMessagesFromDLMembers
  5. RequireAllSendersAreAuthenticated
Let's examine them one by one!

AcceptMessagesOnlyFrom
When this is set, the recipient will only be able to receive messages from the specified recipients. Corresponding AD attribute: "authOrig".

AcceptMessagesOnlyFromDLMembers
Same as above but for the members of the specified DLs. The relative AD attribute is "dLMemSubmitPerms".

RejectMessagesFrom
When this is set, messages from the specified recipients will be rejected. The AD attribute behind this setting is "unauthOrig".

RejectMessagesFromDLMembers
Same as above but for the members of the specified DLs. AD attribute: "dLMemRejectPerms".

RequireSenderAuthenticationEnabled
When this is set to True, only authenticated users are able to send messages to the recipient (users that have authenticated to the Exchange server). Related AD attribute: "msExchRequireAuthToSendTo".

If AcceptMessagesOnlyFrom and AcceptMessagesOnlyFromDLMembers are both empty, this is equilevant to "All Senders".

I have included the Active Directory attributes for each setting because you may find them useful in a MIM/FIM/ILB environment where the identity of the recipients is synchronized from another forest.

Moreover, be very careful when setting these attributes because most of them are multi-valued and you have to add the recipient or DL instead of just setting it.

Last but not least, since we are dealing with Active Directory attributes, I would recommend taking an Active Directory snapshot just in case.

Popular posts from this blog

Domain Controller Machine Password Reset

Managing Active Directory User Certificates using PowerShell

Configuring a Certificate on Exchange Receive Connector