On 17.11.2014 10:08, Heiko Schlittermann wrote: > Heiko Schlittermann <[email protected]> (Mo 17 Nov 2014 10:06:44 CET): >> Patrick von der Hagen <[email protected]> (Mo 17 Nov 2014 10:03:22 CET): >>> On 17.11.2014 02:05, Viktor Dukhovni wrote: >>> [...] >>>>> - Unterstanding the AD structure of the Exchange (Forwardings, >>>>> Aliases, Groups, ?) is probably not straight forward ? >>>> >>>> Actually it is rather simple, I've used this for a decade: >>>> >>>> query_filter = proxyAddresses=smtp:%s >>>> result_attribute = mail >>> I'm not sure this will work easily in all situations, e.g. following >>> referrals. Still, why not just fix the exchange configuration? >>> https://support.prolateral.com/index.php?/Knowledgebase/Article/View/204/35/how-do-i-reject-incoming-email-for-unknown-users-in-ms-exchange-2013 >> >> Statement of the Exchange-Admin: this link describes settings you've to >> do anyway. It does not solve our problem. > > I do not read it that way, since the "screenshot" on the above page > indicates "success" I just had a chat with my exchange-admins and they confirmed that exchange 2013 is capable of rejectingt unknown recipients like we are used to. When we go in production with exchange 2013, exim will not detect any differences.
Some background (which might be wrong in details): Exchange is running several "roles" (http://exchangeserverpro.com/exchange-2013-server-roles/) which you can distribute over several servers or combine on a single one. All of them seem to open port 25 for communication and you do run into issues when you combine them on a single server, with different roles competing for port 25. You have (!) to talk to the Edge Transport Server, which might not be listening on port 25 if it shares a server with the other roles. It seems to be optional (http://blog.enowsoftware.com/solutions-engine/bid/182845/Does-your-environment-need-an-Exchange-2013-Edge-Transport-server), but I would consider setups without and Edge-Transport-server to be incomplete due to the recipient-verification issues. The other roles can't verify recipients in an exim-callout. So I guess, whenever there are issues with Exchange 2013 and callout, either the excange-staff decided not to install an edge-transport-server, since some anti-spam-appliance is considered to perform that task, or they run some other role on port 25 and the edge-transport-server on some non-standard-port, without realizing that this might be an issue.... -- Karlsruher Institut für Technologie (KIT) Steinbuch Centre for Computing (SCC) Patrick von der Hagen Zirkel 2, Gebäude 20.21, Raum 005.1 76131 Karlsruhe Telefon: +49 721 608-46433 E-Mail: [email protected] Web: http://www.scc.kit.edu KIT - Universität des Landes Baden-Württemberg und nationales Forschungszentrum in der Helmholtz-Gemeinschaft
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
