none
Transport Rule to fetch all mails for second maildomain except certain user adresses - how to achieve?

    Question

  • Hi There,

    i have the following problem here, which drives me nuts. can't find a solution up now.

    i have 2 maildomains on our exchange server. domain1.com and domain2.com. certain users on domain1.com have the domain2.com domain as a secondary mailadress listed.

    i need a transport rule which checks incoming email and if it's for any @domain2.com adress AND NOT for the few specific users with the additional @domain2.com adress sends those emails to a specific mailbox.

    basically i want sort of a "catch all" rule for unknown recipients for this specific domain2.com maildomain.

    thus far i tried a rule which checks the mailheaders "to" for "domain2.com" but this seems not to work. we have a similar rule for the domain1.com maildomain but it checks the "to" header for a specific domain1.com adress - this works.

    i hope it's clear, what i want ;-) i hope there is someone who can give me a helping hand or some hint!

    regards

    Mark


    Friday, June 3, 2016 12:33 PM

Answers

  • Hey Ed,

    that was a good hint, thanks for that! sadly that doesn't work. exchange returns an error msg stating that the regular exxpression is invalid - at least when you start with * or \.

    but jumping from your hint i found an article with the solution. it wasn't really the transport - rule it was the way i configured the additional maildomain dom2.com.

    i configured it - like other additional maildomains - as authorative. here http://serverfault.com/questions/501584/can-exchange-create-catch-all-addresses-for-address-domain-com someone stated that exchange rejects all mails BEFORE even start using the transport rules if its an authorative domain.

    so thanks for the hint, Ed!

    Monday, June 6, 2016 11:27 AM

All replies

  • It's hard for us to comment on a rule when you don't supply the specific settings of the rule.

    You might want to consider using an Edge Transport server for this.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Friday, June 3, 2016 3:34 PM
    Moderator
  • Hello Ed,

    i thought that my explanation was simple enough that maybe someone can point me to "it won't work, because of" or "its done that way".

    this is the Ruleset i got via get-transportrule...

    [PS] C:\Windows\system32>Get-TransportRule "domain2 Abwurf" |fl
    
    
    RunspaceId                                   : db709ce3-9902-4758-bb19-808c880bc936
    Priority                                     : 30
    DlpPolicy                                    :
    DlpPolicyId                                  : 00000000-0000-0000-0000-000000000000
    Comments                                     :
                                                   alle domain2 mails an test@domain2.com shared mbox, ausser es wird an bekannte adressen versendet.
    ManuallyModified                             : False
    ActivationDate                               :
    ExpiryDate                                   :
    Description                                  : Wenn die Nachricht folgende Bedingungen erfüllt:
                                                       Kopfzeile 'to' enthält ''@domain2.com''
                                                   Führen Sie die folgenden Aktionen aus:
                                                       Nachricht an "'test@domain2.com'" umleiten
                                                   Außer wenn die Nachricht folgende Bedingungen erfüllt:
                                                       Wurde an "'user1@domain1.com' oder 'user2@domain1.com' oder 'user3@domain1.com' gesendet
    
    RuleVersion                                  : 14.0.0.0
    Conditions                                   : {HeaderContains}
    Exceptions                                   : {SentTo}
    Actions                                      : {RedirectMessage}
    State                                        : Enabled
    Mode                                         : Enforce
    RuleErrorAction                              : Ignore
    SenderAddressLocation                        : Header
    RuleSubType                                  : None
    UseLegacyRegex                               : False
    From                                         :
    FromMemberOf                                 :
    FromScope                                    :
    SentTo                                       :
    SentToMemberOf                               :
    SentToScope                                  :
    BetweenMemberOf1                             :
    BetweenMemberOf2                             :
    ManagerAddresses                             :
    ManagerForEvaluatedUser                      :
    SenderManagementRelationship                 :
    ADComparisonAttribute                        :
    ADComparisonOperator                         :
    SenderADAttributeContainsWords               :
    SenderADAttributeMatchesPatterns             :
    RecipientADAttributeContainsWords            :
    RecipientADAttributeMatchesPatterns          :
    AnyOfToHeader                                :
    AnyOfToHeaderMemberOf                        :
    AnyOfCcHeader                                :
    AnyOfCcHeaderMemberOf                        :
    AnyOfToCcHeader                              :
    AnyOfToCcHeaderMemberOf                      :
    HasClassification                            :
    HasNoClassification                          : False
    SubjectContainsWords                         :
    SubjectOrBodyContainsWords                   :
    HeaderContainsMessageHeader                  : to
    HeaderContainsWords                          : {@domain2.com}
    FromAddressContainsWords                     :
    SenderDomainIs                               :
    RecipientDomainIs                            :
    SubjectMatchesPatterns                       :
    SubjectOrBodyMatchesPatterns                 :
    HeaderMatchesMessageHeader                   :
    HeaderMatchesPatterns                        :
    FromAddressMatchesPatterns                   :
    AttachmentNameMatchesPatterns                :
    AttachmentExtensionMatchesWords              :
    AttachmentPropertyContainsWords              :
    ContentCharacterSetContainsWords             :
    HasSenderOverride                            : False
    MessageContainsDataClassifications           :
    SenderIpRanges                               :
    SCLOver                                      :
    AttachmentSizeOver                           :
    MessageSizeOver                              :
    WithImportance                               :
    MessageTypeMatches                           :
    RecipientAddressContainsWords                :
    RecipientAddressMatchesPatterns              :
    SenderInRecipientList                        :
    RecipientInSenderList                        :
    AttachmentContainsWords                      :
    AttachmentMatchesPatterns                    :
    AttachmentIsUnsupported                      : False
    AttachmentProcessingLimitExceeded            : False
    AttachmentHasExecutableContent               : False
    AttachmentIsPasswordProtected                : False
    AnyOfRecipientAddressContainsWords           :
    AnyOfRecipientAddressMatchesPatterns         :
    ExceptIfFrom                                 :
    ExceptIfFromMemberOf                         :
    ExceptIfFromScope                            :
    ExceptIfSentTo                               : {user1@domain1.com, user2@domain1.com, user3@domain1.com}
    ExceptIfSentToMemberOf                       :
    ExceptIfSentToScope                          :
    ExceptIfBetweenMemberOf1                     :
    ExceptIfBetweenMemberOf2                     :
    ExceptIfManagerAddresses                     :
    ExceptIfManagerForEvaluatedUser              :
    ExceptIfSenderManagementRelationship         :
    ExceptIfADComparisonAttribute                :
    ExceptIfADComparisonOperator                 :
    ExceptIfSenderADAttributeContainsWords       :
    ExceptIfSenderADAttributeMatchesPatterns     :
    ExceptIfRecipientADAttributeContainsWords    :
    ExceptIfRecipientADAttributeMatchesPatterns  :
    ExceptIfAnyOfToHeader                        :
    ExceptIfAnyOfToHeaderMemberOf                :
    ExceptIfAnyOfCcHeader                        :
    ExceptIfAnyOfCcHeaderMemberOf                :
    ExceptIfAnyOfToCcHeader                      :
    ExceptIfAnyOfToCcHeaderMemberOf              :
    ExceptIfHasClassification                    :
    ExceptIfHasNoClassification                  : False
    ExceptIfSubjectContainsWords                 :
    ExceptIfSubjectOrBodyContainsWords           :
    ExceptIfHeaderContainsMessageHeader          :
    ExceptIfHeaderContainsWords                  :
    ExceptIfFromAddressContainsWords             :
    ExceptIfSenderDomainIs                       :
    ExceptIfRecipientDomainIs                    :
    ExceptIfSubjectMatchesPatterns               :
    ExceptIfSubjectOrBodyMatchesPatterns         :
    ExceptIfHeaderMatchesMessageHeader           :
    ExceptIfHeaderMatchesPatterns                :
    ExceptIfFromAddressMatchesPatterns           :
    ExceptIfAttachmentNameMatchesPatterns        :
    ExceptIfAttachmentExtensionMatchesWords      :
    ExceptIfAttachmentPropertyContainsWords      :
    ExceptIfContentCharacterSetContainsWords     :
    ExceptIfSCLOver                              :
    ExceptIfAttachmentSizeOver                   :
    ExceptIfMessageSizeOver                      :
    ExceptIfWithImportance                       :
    ExceptIfMessageTypeMatches                   :
    ExceptIfRecipientAddressContainsWords        :
    ExceptIfRecipientAddressMatchesPatterns      :
    ExceptIfSenderInRecipientList                :
    ExceptIfRecipientInSenderList                :
    ExceptIfAttachmentContainsWords              :
    ExceptIfAttachmentMatchesPatterns            :
    ExceptIfAttachmentIsUnsupported              : False
    ExceptIfAttachmentProcessingLimitExceeded    : False
    ExceptIfAttachmentHasExecutableContent       : False
    ExceptIfAttachmentIsPasswordProtected        : False
    ExceptIfAnyOfRecipientAddressContainsWords   :
    ExceptIfAnyOfRecipientAddressMatchesPatterns :
    ExceptIfHasSenderOverride                    : False
    ExceptIfMessageContainsDataClassifications   :
    ExceptIfSenderIpRanges                       :
    PrependSubject                               :
    SetAuditSeverity                             :
    ApplyClassification                          :
    ApplyHtmlDisclaimerLocation                  :
    ApplyHtmlDisclaimerText                      :
    ApplyHtmlDisclaimerFallbackAction            :
    ApplyRightsProtectionTemplate                :
    SetSCL                                       :
    SetHeaderName                                :
    SetHeaderValue                               :
    RemoveHeader                                 :
    AddToRecipients                              :
    CopyTo                                       :
    BlindCopyTo                                  :
    AddManagerAsRecipientType                    :
    ModerateMessageByUser                        :
    ModerateMessageByManager                     : False
    RedirectMessageTo                            : {test@domain2.com}
    RejectMessageEnhancedStatusCode              :
    RejectMessageReasonText                      :
    DeleteMessage                                : False
    Disconnect                                   : False
    Quarantine                                   : False
    SmtpRejectMessageRejectText                  :
    SmtpRejectMessageRejectStatusCode            :
    LogEventText                                 :
    StopRuleProcessing                           : False
    SenderNotificationType                       :
    GenerateIncidentReport                       :
    IncidentReportOriginalMail                   :
    IncidentReportContent                        :
    RouteMessageOutboundConnector                :
    RouteMessageOutboundRequireTls               : False
    ApplyOME                                     : False
    RemoveOME                                    : False
    GenerateNotification                         :
    Identity                                     : domain2 Abwurf
    DistinguishedName                            : CN=domain2 Abwurf,CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=domain1,CN=Microsoft
                                                   Exchange,CN=Services,CN=Configuration,DC=domain1,DC=local
    Guid                                         : f9acf8cf-0e35-4c9e-8205-c05ae41aa27e
    ImmutableId                                  : f9acf8cf-0e35-4c9e-8205-c05ae41aa27e
    OrganizationId                               :
    Name                                         : domain2 Abwurf
    IsValid                                      : True
    WhenChanged                                  : 03.06.2016 13:10:44
    ExchangeVersion                              : 0.1 (8.0.535.0)
    ObjectState                                  : Unchanged

    i'm not sure for 1 things...

    1. does the part where i want to check the "to" field for @domain2.com works the way i think it should? to be precisely: does it checks for @domain2.com being part of the "to" adress or checks it for being exactly the same? if its the latter, maybe thats the cause why its not working?

    maybe its clearer, what i want now?

    regards

    Joerg


    • Edited by KidStealth Monday, June 6, 2016 8:32 AM
    Monday, June 6, 2016 8:24 AM
  • I'd recommend that you post in a German-language forum.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Monday, June 6, 2016 8:36 AM
    Moderator
  • Hi,

    Try condition 'To' header matches the following patterns: '@domain2.com' instead of 'contains words' condition.

    Best Regards.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Lynn-Li
    TechNet Community Support

    Monday, June 6, 2016 8:44 AM
    Moderator
  • is my english that bad?
    Monday, June 6, 2016 8:57 AM
  • hey Linn-Li

    thanks for your comment. i tried your suggestion but the result is the same. when i send a msg to e.g. random@domain2.com it fails and i get a "Remote Server returned '550 5.1.1 RESOLVER.ADR.RecipNotFound; not found'" reply from our mailserver.

    i can't find any document on the exact transport rule logic of exchange, as obviously the rules logic seems correct but exchange thinks not :-)

    Monday, June 6, 2016 9:04 AM
  • No, but the rule is in German.

    I took a second look.  Instead of using "Header includes words" try using pattern matching, and you might need to use regular expressions to make it work properly.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!


    Monday, June 6, 2016 9:18 AM
    Moderator
  • shouldn't it be the same, regardless of the gui language in exchange? every single command is in english, every result in powershell is in english... etc. etc. i don't think MS programmed transport rules logic in exchange depending on the gui language, do you?

    so whats the point? for an mvp your sight and approach is somewhat narrow-minded for a forum/community like this.

    Monday, June 6, 2016 9:29 AM
  • When I first looked, I saw your Description in German and thought that was the rule.  I gave you advice based on my second look at your rule, which you appeared to have ignored so you accuse me of being narrow-minded.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Monday, June 6, 2016 9:43 AM
    Moderator
  • When using "words" predicates in rules, the engine looks for words and doesn't do character-type parsing.  You're going to want to use one of the ones that matches patterns, and that pattern should be in regular expression syntax, so your rue might be something like "The recipient address matches ".*@domain2.com$".

    This might help:

    https://msdn.microsoft.com/en-us/library/ae5bf541%28v=vs.90%29.aspx?f=255&MSPPError=-2147217396

    There are better regular expression pages out there, too.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Monday, June 6, 2016 9:50 AM
    Moderator
  • Hey Ed,

    that was a good hint, thanks for that! sadly that doesn't work. exchange returns an error msg stating that the regular exxpression is invalid - at least when you start with * or \.

    but jumping from your hint i found an article with the solution. it wasn't really the transport - rule it was the way i configured the additional maildomain dom2.com.

    i configured it - like other additional maildomains - as authorative. here http://serverfault.com/questions/501584/can-exchange-create-catch-all-addresses-for-address-domain-com someone stated that exchange rejects all mails BEFORE even start using the transport rules if its an authorative domain.

    so thanks for the hint, Ed!

    Monday, June 6, 2016 11:27 AM
  • You're welcome, happy to have helped.  Please feel free to mark responses as the answer and/or vote them as helpful as appropriate.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Tuesday, June 7, 2016 5:44 PM
    Moderator