locked
How to configure users for internal mail routing only

    Question

  • Hi Guys!

    I have a scenario here that i have three (3) group of users, one group is able to have an inbound and outbound mail, meaning they can send and recieved emails from internal and external.The second group of users should have inbound mail(local mail) only (cannot send and recieved mails from internet), and the third (3) user is they can recieved an outbound mail but they are not allowed to send mail directly to the client,(Ex. distributionlist1@mydomain.com,member1@mydomain.com,member2@mydomain.com) instead they will use the distributionlist1@mydomain.com as the reply to the client. Please let me know how to configure group user 2 and 3.

    Thank you.

    regards,

    LRMCP
    Friday, December 19, 2008 12:13 PM

Answers

  • Hi LRMCP,

     

    Procedure is perfect which is given by Benoit, just elaborating steps.

     

    Prevent form Sending Mails:

     

    Create a transport rule on Hub Transport Server:

    Organization Configuration -> Hub Transport -> Transport Rules -> New Transport Rule -> Give Name “Group2 - No Internet Mail”
    Conditions: select "From a member of a distribution list" & select group "Group2"

    Select another condition "Sent to users inside or outside the organization" & Select Outside.

    Actions: select "send bounce message to sender with enhanced status code" & write your custom message like “You are not authorized to send mails to internet”

     

    Prevent from Receiving Mails:

     

    New User: You can select “require that senders are authenticated” while creating new users which will stop receiving mails from internet.

    User -> properties -> Mail Flow Settings -> Message Delivery Restrictions -> Properties -> set Sender Authentication.

     

    For Existing Users:

    You have already a group named "Group2" so set sender authentication for all members with this single command.

     

    Get-DistributionGroup "Group2" | Set-Mailbox -RequireSenderAuthenticationEnabled $true


    Same procedure mentioned for group2 can be followed for Group3 to prevent from sending mails.


    Amit Tank || MVP - Exchange || MCITP - Exchange 2007 || http://ExchangeShare.WordPress.com
    • Marked as answer by LRMCP Friday, July 24, 2009 8:30 AM
    Friday, December 19, 2008 3:20 PM
  • Hello,

    You should be able to use Transport Rules to do that. Make sure those groups are Distribution Groups (they can eventually be hidden from Address Lists).

    To forbid sending E-mails outside of Exchange, create a rule:
    • if sender is member of group2
    • and message is sent outside the organization
    • then drop the message
    • and send NDR with status code (choose code and message)

    To forbid receiving E-mails from the Internet:

    • either use the same principle (if user is member of group2 and sender is outside the organization, drop with a custom message
    • or in the delivery options for those users, only allow messages from authenticated users
    • you can make exceptions, for instance if you have custom applications sending messages directly to Exchange

    For group3, then

    • create a rule that forbids sending to member of a distribution list when sender is member of group3
    • and send NDR etc

    Hope this helps,
    Benoit.


    Benoit Boudeville - Avanade France & Belux http://unifiees.blogspot.com
    • Proposed as answer by Amit Tank Friday, December 19, 2008 3:23 PM
    • Marked as answer by Alan.Gim Monday, December 22, 2008 2:58 AM
    Friday, December 19, 2008 1:52 PM

All replies

  • Hello,

    You should be able to use Transport Rules to do that. Make sure those groups are Distribution Groups (they can eventually be hidden from Address Lists).

    To forbid sending E-mails outside of Exchange, create a rule:
    • if sender is member of group2
    • and message is sent outside the organization
    • then drop the message
    • and send NDR with status code (choose code and message)

    To forbid receiving E-mails from the Internet:

    • either use the same principle (if user is member of group2 and sender is outside the organization, drop with a custom message
    • or in the delivery options for those users, only allow messages from authenticated users
    • you can make exceptions, for instance if you have custom applications sending messages directly to Exchange

    For group3, then

    • create a rule that forbids sending to member of a distribution list when sender is member of group3
    • and send NDR etc

    Hope this helps,
    Benoit.


    Benoit Boudeville - Avanade France & Belux http://unifiees.blogspot.com
    • Proposed as answer by Amit Tank Friday, December 19, 2008 3:23 PM
    • Marked as answer by Alan.Gim Monday, December 22, 2008 2:58 AM
    Friday, December 19, 2008 1:52 PM
  • Hi LRMCP,

     

    Procedure is perfect which is given by Benoit, just elaborating steps.

     

    Prevent form Sending Mails:

     

    Create a transport rule on Hub Transport Server:

    Organization Configuration -> Hub Transport -> Transport Rules -> New Transport Rule -> Give Name “Group2 - No Internet Mail”
    Conditions: select "From a member of a distribution list" & select group "Group2"

    Select another condition "Sent to users inside or outside the organization" & Select Outside.

    Actions: select "send bounce message to sender with enhanced status code" & write your custom message like “You are not authorized to send mails to internet”

     

    Prevent from Receiving Mails:

     

    New User: You can select “require that senders are authenticated” while creating new users which will stop receiving mails from internet.

    User -> properties -> Mail Flow Settings -> Message Delivery Restrictions -> Properties -> set Sender Authentication.

     

    For Existing Users:

    You have already a group named "Group2" so set sender authentication for all members with this single command.

     

    Get-DistributionGroup "Group2" | Set-Mailbox -RequireSenderAuthenticationEnabled $true


    Same procedure mentioned for group2 can be followed for Group3 to prevent from sending mails.


    Amit Tank || MVP - Exchange || MCITP - Exchange 2007 || http://ExchangeShare.WordPress.com
    • Marked as answer by LRMCP Friday, July 24, 2009 8:30 AM
    Friday, December 19, 2008 3:20 PM
  • I gotten through setting up everything except the below? where do i find this? i am doing this through EMC Serer 2010

    Get-DistributionGroup "Group2" | Set-Mailbox -RequireSenderAuthenticationEnabled $true

    Wednesday, January 8, 2014 9:30 PM
  • I think its suppose to be ...

    Get-DistributionGroupMember "Group2" | Set-Mailbox -RequireSenderAuthenticationEnabled $true

    Thursday, January 9, 2014 8:34 PM
  • you open the Exchange Management Shell
    Thursday, January 9, 2014 8:35 PM