• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2974
  • Last Modified:

Limit user to specific recipients or specific domain

Exchange 2010 SP2 Rollup 4.

I have a unique situation where I need to restrict users from sending to anyone that is not a member of a local distribution group  (all in the same email domain).  I want a closed cell of 20 users that can only send and receive from each other.  I have already used delivery restrictions to prevent them from receiving email from anyone else, but now I need to lock down sending.  They must not be able to send to any address outside a specific group, OU, or email domain.  If it helps, I have them broken out into their own GAL that is segregated from the rest of the Exchange org as well.

I had thought that 2010's transport rules could facilitate that, but all of the options I'm seeing would require a negative operator (NOT, NE, !=) and that doesn't appear to be an option.  I hope I'm missing something.  It wouldn't be the first time.

Is there a way to do this?  If so, what would transport overhead look like?  I'm pretty comfortable with EMS so Powershell it up if required.

Essentially, I am looking for an "approved recipients" restriction for a group of users.

Jon Brelie
Jon Brelie
  • 3
2 Solutions
Gareth GudgerCommented:
I know this article is for Exchange 2007, but the process should be similar for 2010.

The second part of the article refers to block sending. You could block the sending and then create an exception based on criteria.
Jon BrelieSystem ArchitectAuthor Commented:
Thanks Diggisaur,

I guess I should have mentioned that I already have a rule in place to block messages sent to addresses external to Exchange, and that it is working well.  I need to lock it down further to a single distribution group or email domain.  I host several email domains, and want to specify this group is only allowed to email each other.  (Group/OU/emailDomain are unique to this set of users)
Jon BrelieSystem ArchitectAuthor Commented:
Man, I always end up figuring something out within hours of posting on EE.

y'all's mojo inspires me.

For those looking for something similar, here is the transport rule logic:

Apply rule to messages
from a member of <LockedDownGroup>

Redirect the message to <SuperDuperComplianceCop>

Except when the message is sent to a member of <LockedDownGroup>

Open in new window

I was thinking logical NOTs when I should have been thinking exceptions
Jon BrelieSystem ArchitectAuthor Commented:
Assigning split points for getting me thinking about exceptions externally.  What I needed were exceptions internally, but this got me pointed in the right direction.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now