For years, people have been asking me, "how can I make Exchange work just like sendmail, where it rejects invalid recipients during the SMTP protocol?"  Sendmail has historically not had a directory, and so checking if a recipient was valid was just a getpwnam() call, which is quick.  Of course, when Exchange accepts a user who is not in the directory, it will issue a non-delivery report later once it has done a directory lookup, so Exchange is not actually open for relay as some people might think. Accepting mail for nonexistant users in a local domain does not meet my definition for "open for relay".   For three major reasons, Exchange has not had this feature:

1. Because Exchange has a distributed directory, it's possible that one machine doesn't know about users added elsewhere in the system, so you don't want one server to deny those users just because the user hasn't replicated to that location
2. For performance: At one point, we thought that we didn't want to do a directory lookup during the SMTP protocol conversation.  The risk is that MUAs that are connecting to us might not appreciate needing to hang on for a second or two while we do a directory lookup.
3. (perhaps most importantly nowadays) Because doing this allows a spammer to harvest known good recipient addresses by doing a brute-force dictionary attack.  Some systems solve this today by "tarpitting", where say the 20th RCPT command and higher all add a sleep (1) after each one.  This can slow down legitimate mail traffic so it is best done with care.

Well enough people asked for this that we actually put this recipient lookup feature into Exchange 2003.  Enough people have asked me about it, and I don't see a KB article that explains it (I'm going to mail the right people to get that solved as well), so I wanted to quickly describe how to enable it.

Enable directory lookup for recipients in the recipient filter

1. Open Exchange System Manager. 
2. Open Global Settings, right-click on Message Delivery, choose Properties
3. Choose the "Recipient Filtering" tab
4. Check the box "Filter recipients who are not in the Directory"
5. Click OK to close.

Enable the recipient filter on the SMTP protocol binding that accepts mail from the Internet

1. Navigate to the SMTP Virtual Server that listens on the Internet (repeat all of these steps if you have more than one)
2. Right-click on the SMTP Virtual Server, choose Properties
3. On the "General" tab (already open), click the "Advanced..." button next to IP address
4. Choose the IP/port binding that corresponds to the one that listens on the Internet.  Either double-click or click the "Edit..." button.
5. Click the checkbox next to "Apply Recipient Filter"
6. Click OK three times to close this.

Now, when someone does a RCPT TO: invaliduser@localdomain, they will get a:

550 5.5.1 User unknown

Keep the questions about Exchange 2003 coming, I'll post the answers here so everyone can see them.