Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Limit user to specific recipients or specific domain

Posted on 2013-12-20
4
Medium Priority
?
2,755 Views
Last Modified: 2013-12-25
Exchange 2010 SP2 Rollup 4.

I have a unique situation where I need to restrict users from sending to anyone that is not a member of a local distribution group  (all in the same email domain).  I want a closed cell of 20 users that can only send and receive from each other.  I have already used delivery restrictions to prevent them from receiving email from anyone else, but now I need to lock down sending.  They must not be able to send to any address outside a specific group, OU, or email domain.  If it helps, I have them broken out into their own GAL that is segregated from the rest of the Exchange org as well.

I had thought that 2010's transport rules could facilitate that, but all of the options I'm seeing would require a negative operator (NOT, NE, !=) and that doesn't appear to be an option.  I hope I'm missing something.  It wouldn't be the first time.

Is there a way to do this?  If so, what would transport overhead look like?  I'm pretty comfortable with EMS so Powershell it up if required.

Essentially, I am looking for an "approved recipients" restriction for a group of users.

Thanks!
0
Comment
Question by:Jon Brelie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 1996 total points
ID: 39733254
I know this article is for Exchange 2007, but the process should be similar for 2010.
http://www.msexchange.org/articles-tutorials/exchange-server-2007/management-administration/restricting-users-send-receive-external-messages-exchange-server-2007.html

The second part of the article refers to block sending. You could block the sending and then create an exception based on criteria.
0
 
LVL 16

Author Comment

by:Jon Brelie
ID: 39733256
Thanks Diggisaur,

I guess I should have mentioned that I already have a rule in place to block messages sent to addresses external to Exchange, and that it is working well.  I need to lock it down further to a single distribution group or email domain.  I host several email domains, and want to specify this group is only allowed to email each other.  (Group/OU/emailDomain are unique to this set of users)
0
 
LVL 16

Accepted Solution

by:
Jon Brelie earned 0 total points
ID: 39733281
Man, I always end up figuring something out within hours of posting on EE.

y'all's mojo inspires me.


For those looking for something similar, here is the transport rule logic:


Apply rule to messages
from a member of <LockedDownGroup>

Redirect the message to <SuperDuperComplianceCop>

Except when the message is sent to a member of <LockedDownGroup>

Open in new window


I was thinking logical NOTs when I should have been thinking exceptions
0
 
LVL 16

Author Closing Comment

by:Jon Brelie
ID: 39738976
Assigning split points for getting me thinking about exceptions externally.  What I needed were exceptions internally, but this got me pointed in the right direction.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
New style of hardware planning for Microsoft Exchange server.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question