none
Transport rule and NDR

    Question

  • Hi everyone,

    I have distributive group on my Exchange 2013 server some.name@myorganisation.com and it is used for communication between members of that group. There are 15 members of that group. Now we need to include external member (external.member@partner.com) to that group.

    I allowed mails to be sent to my group from outside organization and set transport rule to reject mail sent from outside organization except mail sent from external.member@partner.com. It all works fine but I have some issues. When mail is rejected because it is not permitted sender I get NDR with reason why email is rejected (Sender is not permitted) and below list of all emails members of that group to which email is not delivered. I find that pretty much excessive as it reveals all members of my group. Also all of members get undelivered report  which is not needed at all and is confusing for all users. It is pretty messy to look at those messages and is also somewhat security issue since spammer can get confirmation of existence of each emails in that group which makes them easy targets for future spam. 

    My question is if is there any way for these messages to be rejected silently without any NDR and undelivered report to each member of that group?

    Monday, March 28, 2016 10:18 AM

Answers

  • Sure. The following PowerShell command will do this:

    New-TransportRule -Name '<meaningful name>' -FromScope 'NotInOrganization' -SentTo <SMTP address of distribution group> -DeleteMessage $true -ExceptIfFrom <SMTP address of trusted external sender>


    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    • Marked as answer by Ivica Vujovic Tuesday, March 29, 2016 8:05 AM
    Monday, March 28, 2016 12:30 PM

All replies

  • Sure. The following PowerShell command will do this:

    New-TransportRule -Name '<meaningful name>' -FromScope 'NotInOrganization' -SentTo <SMTP address of distribution group> -DeleteMessage $true -ExceptIfFrom <SMTP address of trusted external sender>


    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    • Marked as answer by Ivica Vujovic Tuesday, March 29, 2016 8:05 AM
    Monday, March 28, 2016 12:30 PM
  • It is not acceptable solution. Yes, I could just delete messages but then they will appear in users mailboxes in Deleted Items. I want messages to be rejected before they arrive to user mailboxes.
    Monday, March 28, 2016 12:40 PM
  • That's what this rule will do - if someone external attempts to send to this group, the message will be dropped, unless the external sender is the one who is allowed to send to it.  Nothing will be sent to any mailboxes unless the message comes from the people you want to allow.

    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    Monday, March 28, 2016 8:56 PM
  • Thanks. I created similar rule before but it just redirect mails to deleted items folder. I don't know why. This rule works as it should.
    Tuesday, March 29, 2016 8:06 AM