none
Exchange 2013 Restrict Mail Flow b/w Specific Mailboxes

    Question

  • I have an Exchange 2013 On-prem deployment and have been tasked with the following:
    Requirement 1:Configure a VIP mailbox where mail sent to the mailbox can only be from a specific list of individuals.

    (This I can accomplish)


    Requirement 2: Only approved users can be on the To, Cc and Bcc lines.  If there is an address not included in the approved list of individuals, the entire message must be rejected.  Not just the message to the non-approved individual.

    (I am stuck here. I don't see a mail flow rule that can reject an entire message if one recipient is not an approved user/whitelisted).


    This only pertains to internal communications. All external is blocked.

    Basically, there is a whitelist of internal individuals that can email a specific VIP mailbox.

    Only emails containing these whitelisted individuals on the To, CC or BCC line will be delivered.  If a non-whitelisted/approved user in on the To, Cc or BCC line, the entire message will be rejected.  Not just a rejection of the message to the non-approved user.


    For example:
    VIP Mailbox = Victor

    Approved Users = Joe, Harry & Sally


    Joe sends an email to Victor and it is delivered.  Joe is an approved sender.

    J

    oe sends another email to Victor with Harry and Sally on the cc line. Again, Joe is approved and so are Harry and Sally. Message delivered.


    Joe sends a third email to Victor with Mike, Harry & Sally on the cc line.  The message to all recipients must be rejected.  Mike is not on the approved list of individuals.

    The one item that will remain consistent is that the VIP will always be addressed in the To or CC line on the initial email.

    Thanks,

    Mike

    Friday, May 18, 2018 4:49 AM

All replies

  • Go to the mailbox -> mail flow settings 0> message delivery restrictions and change the "accept messages from" to "only senders in the following list:". Add the allowed senders.

    The NDR will only bounce to the recipient with the restriction and not on the other users in the To, CC or BCC of the email.

    Friday, May 18, 2018 6:51 AM
  • I guess you can try to cook something up via the "Any recipient -> address includes/matches string" predicate for transport rules. You will have to add a list of all "approved" users though. And there is no way to match against the BCC line.
    Friday, May 18, 2018 6:53 AM
  • Hi Mike,

    Based on my test, Vasil's suggestion is great, the whole message will be rejected with condition "Any recipient -> address includes/matches string".

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, May 21, 2018 10:14 AM
    Moderator
  • Allen - 

    I am having a hard time picturing this rule when using Vasil's suggestion.

    Can you provide me an example of how you did this for your test?

    Thank you.

    Mike

    Wednesday, May 23, 2018 1:43 AM
  • Here's my test, "test4@mydomain.com" is my VIP mailbox, thus all messages send to "test4" will be rejected.
    Ps: you can add an exception to "allowed" user.

     

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 23, 2018 2:44 AM
    Moderator
  • Hi,

    Sorry to interrupt your again.
    I just want to check the current status of your question.
    Is there any update or any other assistance I could provide on this issue?

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 30, 2018 1:56 AM
    Moderator
  • Hello Mike_BRG,

    I think you have to create a custom piece of software to get what you want.


    Exchange and Outlook utilities at
    https://www.ivasoft.com

    Tuesday, June 05, 2018 9:35 AM