使用 Directory Based Edge Blocking 拒绝发送给无效收件人的邮件Use Directory Based Edge Blocking to reject messages sent to invalid recipients

通过 Exchange Online 和 Exchange Online Protection (EOP) 中基于目录的边缘阻止 (DBEB) 功能,您可以在服务网络外围拒绝发送给无效收件人的邮件。DBEB 可让管理员向 Office 365 添加已启用邮件的收件人,并阻止发送到 Office 365 中不存在的电子邮件地址的所有邮件。The Directory Based Edge Blocking (DBEB) feature in Exchange Online and Exchange Online Protection (EOP) lets you reject messages for invalid recipients at the service network perimeter. DBEB lets admins add mail-enabled recipients to Office 365 and block all messages sent to email addresses that aren't present in Office 365.

如果邮件发送到 Office 365 中存在的有效电子邮件地址,则继续通过其余服务筛选层(反恶意软件、反垃圾邮件、传输规则)。如果地址不存在,服务甚至会在进行筛选之前阻止邮件,并向发件人发送未送达报告 (NDR) 以通知其邮件未送达。NDR 的内容将如下所示:'550 5.4.1 [< nosuchuser >@< recipient_domain >]:收件人地址被拒绝:拒绝访问'。If a message is sent to a valid email address present in Office 365, the message continues through the rest of the service filtering layers (anti-malware, anti-spam, transport rules). If the address is not present, the service blocks the message before filtering even occurs, and a non-delivery report (NDR) is sent to the sender informing them that their message was not delivered. The contents of the NDR will be similar to the following: '550 5.4.1 [< nosuchuser >@< recipient_domain >]: Recipient address rejected: Access denied'.

配置 DBEBConfigure DBEB

配置 DBEB 的步骤如下:The steps for configuring DBEB are as follows:

  1. 确保接受的域设置为内部中继Ensure that your accepted domain to Set to Internal relay:

  2. 在 EAC 中,转到邮件流 > 接受域In the EAC, go to Mail flow > Accepted domains.

  3. 选择域并单击编辑Select the domain and click Edit.

  4. 确保域类型设置为内部中继。如果它设置为权威,将其更改为内部中继,然后单击保存Ensure that the domain type is set to Internal relay. If it's set to Authoritative, change it to Internal relay and click Save.

  5. 添加到 Office 365 的有效用户。您可以通过以下方式之一来执行此操作:Add valid users to Office 365. You can do this in one of the following ways:

    • 目录同步。 Office 365 有效用户添加到云中的Azure Active Directory同步从内部部署 Active Directory 环境。有关如何设置目录同步的详细信息,请参阅Manage Mail Users in EOP中的"使用目录同步管理收件人"。Directory synchronization. Add valid users to Office 365 by synchronizing from your on-premises Active Directory environment to Azure Active Directory in the cloud. For more information about how to set up directory synchronization, see "Use directory synchronization to manage recipients" in Manage Mail Users in EOP.

    • 添加用户通过远程 Windows PowerShell。 有关如何将用户添加这种方式,请参阅"使用远程 Windows PowerShell 管理邮件用户" Manage Mail Users in EOP管理邮件用户(适用于 Exchange Online 客户)。Add users via remote Windows PowerShell. For more information about how add users in this manner, see "Use remote Windows PowerShell to manage mail users" in Manage Mail Users in EOP or Manage mail users (for Exchange Online customers).

    • 直接在 Exchange 管理员中心 (EAC) 中添加用户。 有关如何将用户添加这种方式,请参阅"使用 EAC 管理邮件用户" Manage Mail Users in EOP管理邮件用户(针对 Exchange Online 客户)。Add users directly in the Exchange admin center (EAC). For more information about how add users in this manner, see "Use the EAC to manage mail users" in Manage Mail Users in EOP or Manage mail users (for Exchange Online customers).

  6. 设置接受的权威域Set your accepted domain to Authoritative:

  7. 在 EAC 中,转到邮件流 > 接受域In the EAC, go to Mail flow > Accepted domains.

  8. 选择域并单击编辑Select the domain and click Edit.

  9. 设置为权威域类型。Set the domain type to Authoritative.

    备注

    所有的有效用户具有已添加到 Office 365 和系统通过复制之前,应该将配置为内部中继域类型。后已更改为权威域类型,DBEB 旨在允许任何已添加到的服务 (除已启用邮件的公用文件夹) 的 SMTP 地址。可能允许您的 Office 365 组织中不存在的收件人地址以通过服务中继的非频繁实例。Until all of your valid users have been added to Office 365 and replicated through the system you should leave the domain type configured as Internal relay. Once the domain type has been changed to Authoritative, DBEB is designed to allow any SMTP address that has been added to the service (except for mail-enabled public folders). There might be infrequent instances where recipient addresses that do not exist in your Office 365 organization are allowed to relay through the service.

  10. 单击保存以保存所做的更改,并确认您想要启用 Directory Based Edge Blocking。Click Save to save your changes, and confirm that you want to enable Directory Based Edge Blocking.