none
Restrict external mail - transport rule misfire

    Question

  • We've just deployed Exchange 2013 (replacing Exchange 2007) and all seems to be generally working well... except a pre-existing transport rule.

    This rule is designed to prevent members of a particular group from being able to send external mail. So it's basically - "Apply this rule is the recipient is located "Outside the organisation" and the sender is a member of <ADGroup>. Do the followinging: Redirect to message to <ITSupport> and prepend the subject of the message  with..."*** External mail attempt - ".

    The rule refuses to fire. If I change it to specific recipient it fires ok, and if I change it to "the recipient is located "Inside the organization" it fires for all addresses. So it seems like the server cannot distinguish between 'inside' and 'outside' the organisation.

    I thought it compared the address to the list of accepted domains and anything where the recipient domain was different to that was deemed 'external'?


    Thursday, May 4, 2017 1:37 PM

All replies

  • Add the condition with a recipient that matches everything, like a pattern match of ".*@.*". 


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!


    Friday, May 5, 2017 1:37 AM
    Moderator
  • Hi Danurney,

    If recreate a new rule on Exchange 2013, does it work as expected ? please have a try.

    Best Regards,


    Niko Cheng
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 5, 2017 9:59 AM
    Moderator
  • Hi Niko,

    Newly created rule behaves the same.

    and Ed,

    It won't let me add a pattern like that in ecp: I get the error "pattern". In any case, would this not block all mail , not just external?

    I think the crux of the problem is to do with how Exchange determines the difference between inside and outside the organization, but I can't find anywhere that explains this.

    Monday, May 8, 2017 9:46 AM
  • Please post exactly and completely what you set and the exact and complete error message.

    I suggested you add the pattern condition to the existing rule, so it would apply only to senders that are a member of ADGroup sending mail to users outside the organization that match the pattern.

    I see what the issue is with that pattern.  It's perfectly valid from a regular expression standpoint, but Exchange just doesn't allow it in a rule.

    At this point I'd recommend that you open a ticket with Microsoft Support and report this as a bug to see if you can get a fix in process.  I think this particular issue has been brought up in the forums.  Using "Recipient is Outside the Organization" should work properly by itself.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!



    Monday, May 8, 2017 8:17 PM
    Moderator