Solved

Limit user to specific recipients or specific domain

Posted on 2013-12-20
4
1,995 Views
Last Modified: 2013-12-25
Exchange 2010 SP2 Rollup 4.

I have a unique situation where I need to restrict users from sending to anyone that is not a member of a local distribution group  (all in the same email domain).  I want a closed cell of 20 users that can only send and receive from each other.  I have already used delivery restrictions to prevent them from receiving email from anyone else, but now I need to lock down sending.  They must not be able to send to any address outside a specific group, OU, or email domain.  If it helps, I have them broken out into their own GAL that is segregated from the rest of the Exchange org as well.

I had thought that 2010's transport rules could facilitate that, but all of the options I'm seeing would require a negative operator (NOT, NE, !=) and that doesn't appear to be an option.  I hope I'm missing something.  It wouldn't be the first time.

Is there a way to do this?  If so, what would transport overhead look like?  I'm pretty comfortable with EMS so Powershell it up if required.

Essentially, I am looking for an "approved recipients" restriction for a group of users.

Thanks!
0
Comment
Question by:Enphyniti
  • 3
4 Comments
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 499 total points
Comment Utility
I know this article is for Exchange 2007, but the process should be similar for 2010.
http://www.msexchange.org/articles-tutorials/exchange-server-2007/management-administration/restricting-users-send-receive-external-messages-exchange-server-2007.html

The second part of the article refers to block sending. You could block the sending and then create an exception based on criteria.
0
 
LVL 16

Author Comment

by:Enphyniti
Comment Utility
Thanks Diggisaur,

I guess I should have mentioned that I already have a rule in place to block messages sent to addresses external to Exchange, and that it is working well.  I need to lock it down further to a single distribution group or email domain.  I host several email domains, and want to specify this group is only allowed to email each other.  (Group/OU/emailDomain are unique to this set of users)
0
 
LVL 16

Accepted Solution

by:
Enphyniti earned 0 total points
Comment Utility
Man, I always end up figuring something out within hours of posting on EE.

y'all's mojo inspires me.


For those looking for something similar, here is the transport rule logic:


Apply rule to messages
from a member of <LockedDownGroup>

Redirect the message to <SuperDuperComplianceCop>

Except when the message is sent to a member of <LockedDownGroup>

Open in new window


I was thinking logical NOTs when I should have been thinking exceptions
0
 
LVL 16

Author Closing Comment

by:Enphyniti
Comment Utility
Assigning split points for getting me thinking about exceptions externally.  What I needed were exceptions internally, but this got me pointed in the right direction.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now