none
Audit a transport rule

    Question

  • Hi all, 

    Currently we are running Exchange 2013 - Office 365 Hybrid configuration.

    I am trying to resolve internal email routing rule which should redirect messages sent to the help-desk email address to  the Internal ticketing system. Email senders are located on premises server but help-desk mailbox has been migrated to the office 365.

    The rule worked fine before help-desk mailbox move to the Office 365.

    How can I audit the rule , audit severity level set to High.

    any help greatly appreciated

    Thank you

    MG


    MG

    Monday, February 20, 2017 4:19 AM

Answers

  • :(.. Correctly, a@domain.com is an exist mailbox, it's just a example.

    Is it a sub domain or special domain with @domain.com?

    If it's a special domain, try to change sub.domain.com from Authoritative to internal relay domain in Office 365, also create connector between ticketing system as I mentioned above.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Milan_G Monday, March 6, 2017 8:56 PM
    Monday, February 27, 2017 2:54 AM
    Moderator

All replies

  • Hello MG,

    Base on your description, I suppose that the transport rule not trigger when deliver message, thus the log will not generate.

    As we know, the mailbox will be convert to a mail user enabled (MEU) object and the proxy address “alias@domain.onmicrosoft.com“ is set as the external e-mail address. 

    For testing, please re-configure the transport rule with new Exchange object.

    Meanwhile, use Set-Mailbox with ForwardingAddress (internal object) or ForwardingSmtpAddress (external object) to configure message forwarding.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 20, 2017 9:54 AM
    Moderator
  • Hi Allen Thank you for your help with the issue. I am noticing some strange transport rule behaviors'. For example if the email message is sent from user@domain.com to helpdesk@domain.com transport rule will trigger and redirect message to the support ticketing system. The rule will not trigger and redirect messages if the email message sent to helpdesk@domain.com has one or more CC recipients included. MG

    MG

    Monday, February 20, 2017 11:44 AM
  • Did you recreate the rule in Exchange Online?  You probably need to do that.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Tuesday, February 21, 2017 2:04 AM
    Moderator
  • Well, you can change rule condition to "The To or Cc contains" instead of "The To box contains", then try again and check the results.
       

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 21, 2017 2:10 AM
    Moderator
  • Hi Ed

    thank you for your help

    does that mean in the hybrid configuration all on premises rules have to be recreated  in the exchange online.

    Will recreate Helpdesk routing rule today and let you know how it goes

    Thank you

    MG


    MG

    Tuesday, February 21, 2017 9:01 PM
  • Yes, only Exchange mailbox object sync to Exchange Online, also sharing resource, and mail flow between On-premise and Exchange Online. However, the transport rule will not sync to cloud.

    How's going on after renew rule?

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, February 22, 2017 5:43 AM
    Moderator
  • Only the rules that would act in Exchange Online transport, which is probably most of them.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, February 22, 2017 11:10 PM
    Moderator
  • Hi Allen and Ed

    Current situation.

    Yes, I did recreated exchange online transport rule (same conditions as on premises rule) but it did not work.

    It seems to be some email routing relating issues.

    1. Message sent from on-premises user to the helpdesk@domain.com will redirect to the helpdesk ticketing system unless no CC recipients specified. If there is CC recipient message will not be redirected and gets delivered to the helpdesk mailbox (located on Exchange online) -

    2. Massages sent from the Exchange online user to the helpdesk@domain.com will not be delivered either to the ticketing system or helpdesk mailbox.

    message trace is showing message pending status.

    See pic below.


    MG

    Wednesday, February 22, 2017 11:19 PM
  • For your first scenario, I suppose there's something block this redirection action or the rule not be triggered. Please run "Get-TransportRule | FL Name,Description" to double check the condition of those rule, also run message tracking log to check the process of message deliver.

    For your second scenario, I suppose there's no send connector to route message from Exchange Online to internal ticketing system.
    More details, refer to: https://technet.microsoft.com/en-us/library/dn751020(v=exchg.150).aspx

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 23, 2017 2:49 AM
    Moderator
  • HI Allen,

    first scenario rule condition ,

    Name        :  internal mail routing
    Description : If the message:
                      Is sent to 'helpdesk@domain.com'
                      and Is received from 'Inside the organization'
                  Take the following actions:
                      Set audit severity level to 'High'
                      and Redirect the message to 'support@domain.com'
                  Except if the message:
                      Includes these words in the recipient's address 'word1' or 'word2' or 'word,3'
                      or includes any of these recipients in the Cc box: 'helpdesk@domain.com'
                      or Includes these patterns in the message subject: 'word1' or 'word2' or 'word3'


    MG

    Thursday, February 23, 2017 4:12 AM
  • Hello,

    Base on the description of transport rule, it will effect on message:
    1. From: Inside the organization
    2. To: Helpdesk@domain.com
    3. Redirect to: support@domain.com (suppose it's Internal Ticketing System)
    4. Except: Recipient's address contain 'word1' or 'word2' or 'word,3', or any of these recipients in the Cc box: 'helpdesk@domain.com', or message subject  contain 'word1' or 'word2' or 'word3'.

    How about send message from On-premise user to Helpdesk@domain.com and CC a@domain.com, please ensure the message address and subject not contain any keywords?

    For Exchange online user, try to send message directly to support@domain.com and check the results.
    If this domain is not an accept domain in Office 365, we need add it as accept domain, and set it as internal domain since the mailbox not exist on Exchange online. Meanwhile, we need special connector between this system with Exchange online as I mentioned before.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 24, 2017 8:28 AM
    Moderator
  • Hello Allen,

    Firstly thank you for your help with the issue.

    Please explain

     How about send message from On-premise user to Helpdesk@domain.com and CC a@domain.com, my understanding is that message sent to a@domain.com will not be delivered, as the recipient does not exist.

    Sorry for this but for the exchange online users issue I have not explained it correctly. Will try explaining it better.

    Message sent form the exchange online users to helpdes@domain.com should be redirected to the support@sub.domain.com.

    Sub.domain.com is the internal SMTP server running ticketing system.

    Please correct me if I am wrong but my understanding is sub.domain.com has to be added to the Office 365 accepted domains , then exchange online outbound connector has to be in place between on premises exchange server and Exchange online. Is there any changes needed on the on premises server receive connectors?

    Once again thank you for your time and help.


    MG

    Saturday, February 25, 2017 11:51 PM
  • :(.. Correctly, a@domain.com is an exist mailbox, it's just a example.

    Is it a sub domain or special domain with @domain.com?

    If it's a special domain, try to change sub.domain.com from Authoritative to internal relay domain in Office 365, also create connector between ticketing system as I mentioned above.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Milan_G Monday, March 6, 2017 8:56 PM
    Monday, February 27, 2017 2:54 AM
    Moderator
  • Hi Allen,

    sorry for the late response.

    office 365 support advised to modify exchange hybrid outbound connector and add

    *.domain.com under use this connector when messages are sent to these domains.

    This has resolved the issue.

    Thank you for your help.


    MG

    Monday, March 6, 2017 8:55 PM
  • Glad this issue solves by add *.domain.com into connector, you can mark your reply as answer to highlight it.

    Thanks for your cooperation.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 7, 2017 2:13 AM
    Moderator