Exchange 2013 CAS-MBX recipient validation rejects entire message if any of recipients are invalid

Hi,

How can I enable recipient validation work in this design:
2 Exchange 2013 servers with CAS and MAILBOX roles both, DAG and Hardware Load balancer for HTTP and SMTP traffic.

From Exchange documentation:
http://technet.microsoft.com/en-us/library/bb125187%28v=exchg.150%29.aspx
Although the Recipient Filter agent is available on Mailbox servers, you shouldn't configure it. When recipient filtering on a Mailbox server detects one invalid or blocked recipient in a message that contains other valid recipients, the message is rejected. If you install the anti-spam agents on a Mailbox server, the Recipient Filter agent is enabled by default. However, it isn't configured to block any recipients. For more information, see Enable Anti-Spam Functionality on Mailbox Servers.

If You have a setup like this:
Install antispam agents:

Identity                                           Enabled         Priority
--------                                           -------         --------
Transport Rule Agent                               True            1
Malware Agent                                      True            2
Text Messaging Routing Agent                       True            3
Text Messaging Delivery Agent                      True            4
Content Filter Agent                               True            5
Sender Id Agent                                    True            6
Sender Filter Agent                                True            7
Recipient Filter Agent                             True            8
Protocol Analysis Agent                            True            9

Have Recipient validation enabled:

Name                  Enabled RecipientValidationEnabled
----                  ------- --------------------------
RecipientFilterConfig    True                      True

Have AcceptedDomain AddressBook enabled:

DomainName     DomainType AddressBookEnabled
----------     ---------- ------------------
contoso.com Authoritative               True

Then You have a situation, where a single invalid recipient on an incoming email message would reject the entire message! I guess this is because the recipient filtering happens on the mailbox server.
So .. HOW? Is it possible without Edge servers? Have I missed something?

I hope this feature isn't "missing by design", because it will be very difficult to explain to the client, that such an expensive product cannot do what any mail server can - reject unknown recipients before taking E-Mail data. There are a lot of issues with this feature missing (possible DDOS with max attachments, or spoofed sender e-mail address that is a spamtrap, so NDR from Exchange would get You to SBL, etc.).

Sincerely,
Vince