Transport Rules: Beating smart users.
Experts,
I have a problem. My users are smarter than my transport rules. Let me explain in further detail. I have created transport rules on my Exchange 2007 SP1 server to disallow the sending of attachments to particular distribution groups. My users have figured out that they can manually select those specific users and then send the attachments that they want to send. I had a user in HR select all of the employees manually, close to 5000, and send her attachments out, which totaled 1 Meg x5000.
What I am trying to accomplish is rather simple. I would like to create a transport rule that will not let a user send attachments if the To Field is greater than 30 users. I know this has to be possible via power shell, as the predefined syntax/rules will not let you word it in such a way; however, I haven't found any type of syntax that supports this. Any direction would be great.
Thanks!
I have a problem. My users are smarter than my transport rules. Let me explain in further detail. I have created transport rules on my Exchange 2007 SP1 server to disallow the sending of attachments to particular distribution groups. My users have figured out that they can manually select those specific users and then send the attachments that they want to send. I had a user in HR select all of the employees manually, close to 5000, and send her attachments out, which totaled 1 Meg x5000.
What I am trying to accomplish is rather simple. I would like to create a transport rule that will not let a user send attachments if the To Field is greater than 30 users. I know this has to be possible via power shell, as the predefined syntax/rules will not let you word it in such a way; however, I haven't found any type of syntax that supports this. Any direction would be great.
Thanks!
ASKER
Right, I understand SIS and how it works, but on the other hand you have to also realize that almost all of these users have black berry's and they are running cached mode on outlook. So tons of network traffic.
All of my users are on Office 2007; however, only certain authenticated users have permissions to send to those particular distribution groups. Also, I do not allow my users to enumerate users in the distribution groups they do not have access too. The majority of these distribution groups are mainly ones of geographical location.
Ubuntop, if you do have a rule similar to this that would be great. I really appreciate it!
All of my users are on Office 2007; however, only certain authenticated users have permissions to send to those particular distribution groups. Also, I do not allow my users to enumerate users in the distribution groups they do not have access too. The majority of these distribution groups are mainly ones of geographical location.
Ubuntop, if you do have a rule similar to this that would be great. I really appreciate it!
Sorry Leadcrew for the delay in response.
In the Transport Rule, Conditions section, there is a option called "when the message header contains text patterns". These text patterns can take regular expressions (regex); furthermore you can set the header to "To" or "CC" without quotes. Your specific need is not identical to my existing rule so this is going to take some testing. Luckily you can have the rule only apply to your email address.
The following two links talk about the regex that exchange 2007 supports.
http://www.exchangeninjas.com/textpatterns
http://technet.microsoft.com/en-us/library/aa997187.aspx
To sum it up, you may need two separate rules that will only activate if X amount of recipients are in either the To or CC field. The regex pattern will be something like [*@*]{30,} to trigger on 30 or more @ symbols (thus 30 recipients). Test this out, my regex skills are not that great. The pages above should help. I am going to try to achieve the same result right now.
The other option is to create a custom Transport Agent to write the "recipient-count" to a header field. If you have any skills with C# and have VS2005, it is not that daunting of a task.
In the Transport Rule, Conditions section, there is a option called "when the message header contains text patterns". These text patterns can take regular expressions (regex); furthermore you can set the header to "To" or "CC" without quotes. Your specific need is not identical to my existing rule so this is going to take some testing. Luckily you can have the rule only apply to your email address.
The following two links talk about the regex that exchange 2007 supports.
http://www.exchangeninjas.com/textpatterns
http://technet.microsoft.com/en-us/library/aa997187.aspx
To sum it up, you may need two separate rules that will only activate if X amount of recipients are in either the To or CC field. The regex pattern will be something like [*@*]{30,} to trigger on 30 or more @ symbols (thus 30 recipients). Test this out, my regex skills are not that great. The pages above should help. I am going to try to achieve the same result right now.
The other option is to create a custom Transport Agent to write the "recipient-count" to a header field. If you have any skills with C# and have VS2005, it is not that daunting of a task.
ASKER
Okay thanks. I had a power outage last night. Once I recover from that I will post my response, but it looks very promising!
ASKER
Okay, I'm having a little trouble with it. This is how the rule reads:
Apply rule to message
when the AnyOfToCcHeaderMemberOf contains [/w*@*]{25,}
Do stuff
What do you think?
Apply rule to message
when the AnyOfToCcHeaderMemberOf contains [/w*@*]{25,}
Do stuff
What do you think?
ASKER
Sorry, the above message was a type it should read like this:
Apply rule to message
when the AnyOfToCcHeaderMemberOf contains [\w*@*]{25,}
Do stuff
Apply rule to message
when the AnyOfToCcHeaderMemberOf contains [\w*@*]{25,}
Do stuff
ASKER
I changed the header to be: AnyOfToCcHeader and still no love
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You said it. I contacted Microsoft and this is not possible, or so they say.
I looks like the users win.
I looks like the users win.
Hi,
Did you find a solution for catch more than X recipients by transport rule? I need that to prevent users send email to external recipients.
Did you find a solution for catch more than X recipients by transport rule? I need that to prevent users send email to external recipients.
I did want to point out something about your comment; 1Meg x5000. This is not entirely accurate. It essentially breaks down to 1 Meg per store, due to single instance storage. In other words, all of those attachments are stored as one. Unless you are specifically concerned with cached mode and/or pop users bandwidth as they grab the file; then nevermind.
One other thing, in certain versions of outlook, you can load the distribution group (To:), then expand it fully to individual users by clicking the plus sign next to it.