Accepted Domains wierdo!

[TheMisio]

Dear All,

I thought I understood the concept of the accepted domains quite well. However, I've just started working for an Org, and I just cannot see the organization’s domain suffix in the accepted domains list. We are still receiving emails though. There are several sub domains of our main one i.e.

sub1.domain.com
sub2.domain.com
sub3.domain.com

Should I presume that if I create a sub domain in the Accepted Domains List, all domains within the DNS namespace will also be accepted?

Any clarification would be much appreciated.

Regards.

Michael.

 

[ShackDaddy]

That's news to me too. Interesting, but that must be how it works: it has to accept the higher level domain if it's going to accept the subdomain.

Dave Shackelford MVP
ThirdTier.net
TrainSignal.com

 

[TheMisio]

ShackDaddy,

Thanks for the reply. However, it gets better: I've realised (tested it) that our Exchange Org will accept emails for any domain! For example if I crate a domain: justanexample.com, create mx record for it and add an email address to my account with this suffix, our Exchange will deliver email sent to this address even though it doesn't exist anywhere within our Exchange Org (apart from an additional custom address in my account).

I just don't get this. I checked our receive connectors, and can't find anything unusual there.

According to all documentation out there, the Exchange Org should only accept messages destined for domains in its Accepted Domains list and reject all other.

Regards.

Michael.

 

[ShackDaddy]

So when you look at your Accepted Domains list, there are no domains that are just a wildcard? Did you do a migration from Exchange 2003 at some point and fail to remove a legacy email address policy that had a wildcard domain in it?

Dave Shackelford
ThirdTier.net
TrainSignal.com

 

[TheMisio]

ShackDaddy,

Nope. No wildcards there. Also (just for the sanity) I used PS to check Accepted Domain list. Only our subdomains are listed.

It isn't a massive issue, but I thought I knew Exchange well. It appears I don't.

Regards.

Michael.

 

[ShackDaddy]

Maybe it works like this:

You can't add a domain to the Email Address Policy unless it's listed in Accepted domains. But you can bypass both AcceptedDomains and the Address policy by manually adding an address to a mailbox. If the mail can get there by some means (MX record) then it will be delivered if it matches a local mailbox.

Dave Shackelford
ThirdTier.net
TrainSignal.com

 

[58sniper]

My understanding is it should NOT accept mail for a domain that's not listed in the accepted domains list.

Time for some lab testing....<scurries off to the lab>

Do you have your Tek-Tips.com Swag? I've got mine!

Stop by the new Tek-Tips group at LinkedIn.

 

[TheMisio]

58sniper,

That is exactly what I thought was the case. There's got to be something with this org (I've just inherited it from another admin) that allows all domains to get through.

Please let us know if you can find something in you the lab.

Here's the setup if it helps: Exchange 2007 SP1 RU6 running on Windows 2003 R2.

Regards.

Michael.

 

[Zelandakh]

Is this a relaying issue rather than an accepted domains issue? Since you are internal, you're able to send in to anyone?

 

[ShackDaddy]

Can you confirm that these tests were sent from EXTERNAL mailboxes and were then routed to the server for delivery?

I am wondering whether certain other conditions could account for internal mailboxes behaving as you described: add Johnboy@boyscoutcabal.org as an email address on an internal user and another internal user may be able to reach it, but an external user probably would not.

What are you seeing?

Dave Shackelford
ThirdTier.net
TrainSignal.com

 

[TheMisio]

ShackDaddy,

Definitely from external mailboxes: (gmail). I wasn't much surprised when it worked internally (although I still thought it should have NDR'ed).

I'm just not sure if it's a bug, a feature or there is another setting somewhere in our Org overwriting the "default" behavior.

Regards.

Michael