With our Exchange 2010 installation (Exchange HTS inside LAN, Cisco IronPort internet facing) I have the requirement that a mailbox is to be kept open (not disabled/detached from the AD user) but all incoming mail must be rejected. The SMTP reject must be done by the Exchange Server as the IronPort are configured to use call-ahead.
So the requirements are:
- incoming mail must not be accepted (SMTP REJECT during SMTP connection) for a particular set of mailboxes.
- these mailboxes must not be detached/disabled/deleted
- process must be automated (e.g. Powershell) and reversible
To force a SMTP reject (550) on incoming mail, what I found so far was to enable Recipient Filtering and configure the block list. This alone does not prevent internal users from sending to the mailbox. To prevent internal (authoritative and internal relay domain) users to send to the mailbox I thought of configuring the AcceptMessagesOnlyFromSendersOrMembers property of the mailbox to only allow itself as sender - but for that it seems to me that the mail is accepted and then the NDR is sent. That is acceptable for internal users, but a clean SMTP reject would be preferred.
Creating a Transport rule to reject mail for the mailbox also accepted the incoming email during SMTP and sending a NDR later
What I'm wondering is, is there a more elegant way to achive this? Are there any pitfalls with the approach described (limits on entries etc.)?
I'm thankfull for any hints!
Gregor