none
Restrict Mailbox user from sending internal mails RRS feed

  • Question

  • Hi,

    Is there a way to restrict Mailbox owner from sending internal and external mails?
    Are there any restrictive permissions which can be set on the user object in AD which will deny the user from sending any mails from his mailbox. The user should be able to receive and read the mails from the mailbox.

    I have tried the option to set the sending limit of the user to 1 KB however i need to know if we can achieve this using permissions.


    Mahendra

    Wednesday, March 3, 2010 12:26 PM

Answers

  • It is exchange 2003..

    Hi there,

    It is not possible to deny a user sending email internally by changing rights on their AD account or mailbox, however other users under Exchange General | Delivery Restrictions have the possibility of 'Accept Messages from Everyone, except'. You would have to put that user as an exception for all Users in your Org.. Not desirable at all really, and not managable.

    You can stop the user from sending external emails in Exchange 2003 by using the Delivery Restrictions settings on your SMTP Connector. This puts alot of overhead on your Exchange Org if you have multiple SMTP Connectors - so be warned.

    You also have to enable a reg key on all the Bridgehead Servers that are responsible for routing for the SMTP Connector, follow this guide here:

    http://support.microsoft.com/kb/277872

    Exchange 2003 kind of sucks for this kind of thing as you can see, but Exchange 2007 onwards makes this process _a lot_ easier with Transport Rules as others have already said.

    Anyhow I hope this gives you some resolution.

    Take care,

    Oliver



    Oliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com |
    • Proposed as answer by Allen Song Monday, March 8, 2010 9:26 AM
    • Marked as answer by Allen Song Monday, March 15, 2010 2:18 AM
    Wednesday, March 3, 2010 3:46 PM

All replies

  • You could remove the Send As rights for that user.

    Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:EMA 2K7,EDA Win 7,ES,SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com
    Wednesday, March 3, 2010 1:46 PM
  • I tried removing the send as rights from SELF however the user can still send mails.

    Mahendra

    Wednesday, March 3, 2010 1:55 PM
  • Assuming you are using either Exchange 2007 or 2010 you can use a Transport Rule to accomplish this, while it wouldn't stop them from composing and sending the email, it would prevent it from being delivered and if you wanted to could then bounce back an error message.

    What may be useful is if you explain why you want to stop a user from sending any emails as there may be a better solution available, it would also be good to know what version of exchange you run as this affects what features are available too.
    My blog: http://www.monkeydust.net | Twitter: http://www.twitter.com/MrYiff
    Wednesday, March 3, 2010 1:55 PM
  • It is exchange 2003..
    Wednesday, March 3, 2010 3:19 PM
  • Bah, unfortunately much of my experience is with newer versions of exchange, I have just had a quick test on our old legacy 2003 server and tried playing around with AD permissions but even setting the send as permission to deny it was still sending emails. I may just have not been giving time for the changes to propagate but it is probably best to wait and see if anyone has any better suggestions.
    My blog: http://www.monkeydust.net | Twitter: http://www.twitter.com/MrYiff
    Wednesday, March 3, 2010 3:40 PM
  • It is exchange 2003..

    Hi there,

    It is not possible to deny a user sending email internally by changing rights on their AD account or mailbox, however other users under Exchange General | Delivery Restrictions have the possibility of 'Accept Messages from Everyone, except'. You would have to put that user as an exception for all Users in your Org.. Not desirable at all really, and not managable.

    You can stop the user from sending external emails in Exchange 2003 by using the Delivery Restrictions settings on your SMTP Connector. This puts alot of overhead on your Exchange Org if you have multiple SMTP Connectors - so be warned.

    You also have to enable a reg key on all the Bridgehead Servers that are responsible for routing for the SMTP Connector, follow this guide here:

    http://support.microsoft.com/kb/277872

    Exchange 2003 kind of sucks for this kind of thing as you can see, but Exchange 2007 onwards makes this process _a lot_ easier with Transport Rules as others have already said.

    Anyhow I hope this gives you some resolution.

    Take care,

    Oliver



    Oliver Moazzezi | Exchange MVP, MCSA:M, MCTS:Exchange 2010, BA (Hons) Anim | http://www.exchange2007.com | http://www.exchange2010.com | http://www.cobweb.com |
    • Proposed as answer by Allen Song Monday, March 8, 2010 9:26 AM
    • Marked as answer by Allen Song Monday, March 15, 2010 2:18 AM
    Wednesday, March 3, 2010 3:46 PM
  • Hi Nick,

    We have Exchange 2010 - Could you please tell us what that Transport Rule would be?

    We have a user mailbox that multiple users can log onto, but we do not want them to be able to send emails.

     

    Thanks in advance.

     

     

    Thursday, January 27, 2011 11:22 AM
  • Got the answer: http://technet.microsoft.com/en-us/library/aa998315.aspx

    Created a rule with "Delete the message without notifying anyone"

     

    that worked :)

     

    • Proposed as answer by Brookzum Tuesday, March 18, 2014 3:51 PM
    Thursday, January 27, 2011 11:51 AM
  • I know Mahendra it might be tooooo late for a reply but I feel its NEVER too late- This can be done on Exchange 2003 in very simpler way!!!! Recently we had the same requirement for 2 internal users and this worked for us!!!

    IN ADUC goto User Properties->Exchange General ->Delivery Options

     

    IN the Recipient Limits-> Instead of using Use Default Limit select "Maximum Recipients" and change the value to 0.

     

    That Works!!!!!

     

     


    • Edited by Akash Phoenix Friday, December 2, 2011 12:34 PM
    • Proposed as answer by Tonyfuenca Tuesday, January 17, 2012 10:11 AM
    Friday, December 2, 2011 7:11 AM
  •  

    Thanks Akash, I've been searching for a solution a couple of days, and yours is the only one I've found that works fine and is the simplest way for lock a user sending any mail in an Exchange 2003 environment.

    Yes it really works without buying Exchange 2007 (WTF!!!)

    Thanks again, Tony.

     

     

    Tuesday, January 17, 2012 10:19 AM
  • You can set up a transport rule.

    Create a distribution group for the users you want to block.

    Now create a transport rule that will either drop the messages or send a rejection message when the users atempt to send E-Mail.


    Gil Gross | Project Manager & Technical Consultant | G-Net Network Solutions | www.g-net.co.il
    Tuesday, January 17, 2012 10:27 AM