cyberleo2000
asked on
Transport rule not working in Exchange Online Protection
I use Exchange Online Protection and I am trying to configure a transport rule that will route email through a specific outbound connector. I have a default outbound connector and it works fine. I used these commands to create a second outbound connector and a rule to route email through it:
New-OutboundConnector -Name AMER -ConnectorType OnPremises -IsTransportRuleScoped $true -UseMXRecord $false -SmartHosts "123.45.67.89"
New-TransportRule -Name "Route to AMER" -RecipientADAttributeConta insWords "Country:United States" -RouteMessageOutboundConne ctor "AMER"
Set-TransportRule "Route AMER" -PrependSubject "AMER ROUTE"
So basically, if the recipient's country field equals "United States", the email should be routed through the AMER outbound connector and the subject prepended with the text "AMER ROUTE"
It doesn't work. I double-checked the mailbox's country attribute and it is set to United States. The mail is delivered but it is not prepended with "AMER ROUTE", meaning it is routing via the default outbound connector instead.
What am I missing?
Thank you.
New-OutboundConnector -Name AMER -ConnectorType OnPremises -IsTransportRuleScoped $true -UseMXRecord $false -SmartHosts "123.45.67.89"
New-TransportRule -Name "Route to AMER" -RecipientADAttributeConta
Set-TransportRule "Route AMER" -PrependSubject "AMER ROUTE"
So basically, if the recipient's country field equals "United States", the email should be routed through the AMER outbound connector and the subject prepended with the text "AMER ROUTE"
It doesn't work. I double-checked the mailbox's country attribute and it is set to United States. The mail is delivered but it is not prepended with "AMER ROUTE", meaning it is routing via the default outbound connector instead.
What am I missing?
Thank you.
Be sure you are using the IP address of the destination server
ASKER
yes, that is how I have the outbound connectors configured.
Have you followed the documentation at http://technet.microsoft.com/en-us/library/jj950234(v=exchg.150).aspx
ASKER
That the exact article I followed. when it didn't work the first time, I deleted the transport rule and connector and recreated them using powershell. But it still does not work.
could be a problem with the attributes used to identify US. You have to update the c, co and CountryCode at the same time and with the correct values:
c (Country-Name): ISO-3166 2-digit string value
co (Text-Country): Open string value
countryCode (Country-Code): ISO-3166 Integer value
Can you verify what all three are set to?
c (Country-Name): ISO-3166 2-digit string value
co (Text-Country): Open string value
countryCode (Country-Code): ISO-3166 Integer value
Can you verify what all three are set to?
ASKER
I'm sorry but I don't see how those other attributes come into play here. EOP is looking specifically at the County AD attribute which you can set via ADUC or Exchange Mgmt. Console. See attached screenshot. thank you.
eop.jpg
eop.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
stop processing other rules is set to false on all rules, i'm testing with other attributes
Are you doing a AD sync? EOP will not have any clue of your recipients AD attributes unless you do a AD sync as well.
ASKER
yes, all my mailboxes are synced in to Office365 and I have confirmed the Country field is correctly populated
Then I see just two probabilities
1. The attribute is called different in the synced data
2. It is a bug in EOP (for e.g. the page size parameter is documented incorrectly in EOP, ToIPAddress and FromIPAddress switches do not work in Get-MessageTrace cmdlets etc).
You may want to ask MS the same (If you have recently switched to EOP then you may have access to IPM - Implementation Project Manager - from MS who may be able to help you).
1. The attribute is called different in the synced data
2. It is a bug in EOP (for e.g. the page size parameter is documented incorrectly in EOP, ToIPAddress and FromIPAddress switches do not work in Get-MessageTrace cmdlets etc).
You may want to ask MS the same (If you have recently switched to EOP then you may have access to IPM - Implementation Project Manager - from MS who may be able to help you).
ASKER
we've changed the attribute that the rule uses from Country to UserLogonName. This attribute is different depending on what region of the world our employee is in. The rules work perfectly now.