Some organizations have strict security policies when it comes to email. Most of you have seen a request from HR or Legal asking you to block a particular user (maybe a temp) from sending and receiving emails from outside the organization.
This can be accomplished with transport rules or a combination of transport rule and shell command.
We can configure a transport rule to block the user from sending emails externally. There are two options, either we can delete the emails which the user tries to send without notifying anyone or we can send an NDR back to the user with a customized message.
Launch EMC, navigate to Organization Configuration –> Hub Transport –> Transport Rules. Create a new rule and give a meaningful name. Select “from people” in conditions page and select the mailbox account. We can also create a group and add the group if more number of users have to be blocked and unblocked on a regular basis.
From the actions page, select one of the options depending on your choice.
Configure any exceptions if needed, click on “New” and “Finish” to create the rule.
Now, let’s block the user from receiving emails from the internet. Everyone knows that the distribution groups in Exchange 2010 doesn’t accept emails from outside the organization by default. This is because of the check box “Require that all senders are authenticated” in the group’s property.
The same can be applied to a mailbox as well. This option is not exposed in the EMC and hence the shell has to be used. By default, anyone can send an email to a mailbox, as the “RequireSenderAuthenticationEnabled” is set to false.
Run the following command to block external emails for a user, say ChakkaRajith in my case.
Set-Mailbox –identity “ChakkaRajith” –RequireSenderAuthenticationEnabled $true
We can also block emails from internet to a user using transport rule. It is advisable to create a group, say “NoExternalEmails” and add members to it, if the user list changes frequently. Create a transport rule as explained above with the below conditions.
The steps are same for Exchange 2007 and is explained in my article posted in 2009.
Just an FYI: The “Require that all senders are authenticated” setting for a mailbox *IS* exposed in the Exchange 2010 UI – it’s just in a different place than it is for Distribution Groups. On a mailbox, it’s under Mail Flow Settings | Message Delivery Restrictions
Thanks for the tip Garrett.
i am member of domain admini and exchange admini. but i could not able crate a tranportrole.
Which Exchange Management role are you a member of Ubais?
hi
why rule of sending to outside-org don’t work after creating it
thank u
Hi,
I need to create a transport rule for all users who no longer work at the company. I tried to do the following:
Transport Rule > Apply rule to messages from users that are ‘Outsite the Organization’ and sent to member of ‘Distribution Group’ send ‘rejection message’ to sender with ‘enhanced code’
But I could not include the message you want, explaining that this person is no longer official business. Does anyone know what is the best way to accomplish this task?
Thank you,
HI William,
Why don’t you login to the mailbox and set an automatic reply (OOF) rather than a transport rule.
hi
why rule of sending to outside-org don’t work after creating it
thank u
What are you trying to achieve? Bit more info pls Naser.
To block user send and receive externally, follow below steps:
Open Exchange Management Console from Exchange Server 2K7.
Go to Organization Configuration.
Select Hub Transport.
In right panel, click on New Transport Rule.
Give any name as per your convinience>>Next
Select “From People” and select name below as per your requirement>>Next
Select “Send bounce message to sender with enhance error code” option>>Next
Finish.
Thanks Pranay for the steps.
This is will not work it will block user from sending both internal and external users
Yeah, it will, as it is said in first paragrapsh dear.
regards
Thanks Saqi.