Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Course Of The Month
2 days, 11 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Restricting email flow within a group within an organization
Posted on 2014-12-31
We have a client that has an in house exchange 2010 server.
The customer requests a small group of users to have the ability to email one another within said group without being able to email anyone else within the organization nor outside of the organization. Nor will they be able to receive email from outside of the small group within the organization, nor be able to receive email from the outside.
I have been able to restrict mail flow to within the organization, but not quite sure how to select the specified users from within the organization.
Any tips and advice on this would be helpful. An odd request indeed, but it is for students within a private school.
The customer requests a small group of users to have the ability to email one another within said group without being able to email anyone else within the organization nor outside of the organization. Nor will they be able to receive email from outside of the small group within the organization, nor be able to receive email from the outside.
I have been able to restrict mail flow to within the organization, but not quite sure how to select the specified users from within the organization.
Any tips and advice on this would be helpful. An odd request indeed, but it is for students within a private school.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
3
3- +1
11 Comments
Active 6 days ago
First, create two distribution groups. One that has the small group in it, and one that has everyone else.
In Exchange Management Console, expand Organization Configuration and click on Hub Transport.
Then click on the Transport Rules Tab.
Right click in the transport rules tab and select New Transport Rule.
Call it Prevent Users from Sending to Small Group and click Next
Select "From a member of a distribution list" and "sent to a member of a distribution list".
In the bottom half, click on "distribution list" next to "From a member of a distribution list" and add one of the distribution groups you created. Then click on the other "distribution list" next to "and sent to a member of" and select the other distribution list. Click Next.
Then choose "delete the message without notifying anyone" or something else, such as "send rejection message to sender with enhanced status code". If you select "send rejection..." then configure the message and code in the bottom half of the dialog box. Click next.
You can put in some exceptions if you want.
Then repeat this but reverse the groups, so now the from group is the group that was the to group and vice versa.
That will handle blocking mail sent internally between the groups. As new employees are hired, they need to be put into one of the two groups.
Then, you need to create two more rules as you did above, but under the conditions select "from users that are inside or outside the organization" and select "Outside the Organization" and "sent to a member of a distribution list". Configure the distribution list to be the small group distribution list you created. CLick next.
select the action you want as before, delete without notifying, or send rejection. click next. Add exceptions if you want. click next and new.
Then create one more rule, this one you'll reverse the conditions again. You'll select "From a member of a distribution list" and "to users that are inside or outside the organization, or partners" and you'll select your small group again, and select "Outside the organization", then select the action (rejection or deleted), exceptions, and you're done.
So you need four rules. One to stop the big group from sending to the small group, one to keep the small group from sending to the big group, one to stop outside people from sending to the small group, and one to stop the small group from sending to outside people.
And you need to make sure the distribution groups are kept up to date.
In Exchange Management Console, expand Organization Configuration and click on Hub Transport.
Then click on the Transport Rules Tab.
Right click in the transport rules tab and select New Transport Rule.
Call it Prevent Users from Sending to Small Group and click Next
Select "From a member of a distribution list" and "sent to a member of a distribution list".
In the bottom half, click on "distribution list" next to "From a member of a distribution list" and add one of the distribution groups you created. Then click on the other "distribution list" next to "and sent to a member of" and select the other distribution list. Click Next.
Then choose "delete the message without notifying anyone" or something else, such as "send rejection message to sender with enhanced status code". If you select "send rejection..." then configure the message and code in the bottom half of the dialog box. Click next.
You can put in some exceptions if you want.
Then repeat this but reverse the groups, so now the from group is the group that was the to group and vice versa.
That will handle blocking mail sent internally between the groups. As new employees are hired, they need to be put into one of the two groups.
Then, you need to create two more rules as you did above, but under the conditions select "from users that are inside or outside the organization" and select "Outside the Organization" and "sent to a member of a distribution list". Configure the distribution list to be the small group distribution list you created. CLick next.
select the action you want as before, delete without notifying, or send rejection. click next. Add exceptions if you want. click next and new.
Then create one more rule, this one you'll reverse the conditions again. You'll select "From a member of a distribution list" and "to users that are inside or outside the organization, or partners" and you'll select your small group again, and select "Outside the organization", then select the action (rejection or deleted), exceptions, and you're done.
So you need four rules. One to stop the big group from sending to the small group, one to keep the small group from sending to the big group, one to stop outside people from sending to the small group, and one to stop the small group from sending to outside people.
And you need to make sure the distribution groups are kept up to date.
You can do a couple of things.
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28589085.html#
First to stop them from receiving messages but from a select few people, you can do Message Delivery Restrictions on the user account itself. To block outside users you can check Require that all senders are authenticated. Or, in your case, to restrict it to just a few inside users, select, Only Senders in the following list. Then click Add to pick who you want to be allowed to send. You can also add a distribution group here rather than adding each individual mailbox. So if you have a Students distro, you can just add that. See the screenshot below.
To prevent sending you will need to create a Transport Rule. It could look something like this. I sent a rule that any message from my distribution group (again could be a Students distro) is prevented from being sent, unless it is sent to another member of that same distro. See the screenshot below.
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28589085.html#
First to stop them from receiving messages but from a select few people, you can do Message Delivery Restrictions on the user account itself. To block outside users you can check Require that all senders are authenticated. Or, in your case, to restrict it to just a few inside users, select, Only Senders in the following list. Then click Add to pick who you want to be allowed to send. You can also add a distribution group here rather than adding each individual mailbox. So if you have a Students distro, you can just add that. See the screenshot below.
To prevent sending you will need to create a Transport Rule. It could look something like this. I sent a rule that any message from my distribution group (again could be a Students distro) is prevented from being sent, unless it is sent to another member of that same distro. See the screenshot below.
You could create a transport rule, that will block the mail leaving the organization from the restricted users or the restricted users from receiving the mails externally, also make one for internal emails if need to.
http://exchangeserverpro.com/restrict-outbound-email-transport-rule/
http://exchangeserverpro.com/restrict-outbound-email-transport-rule/
Active 6 days ago
Gareth Gudger has a good point. With 1 group and two transport rules (rather than use restrictions in one case and a transport in another, I'd go with two transport rules to keep it consistent).
So one rule, as GG says, deletes if from Small Group except if to Small Group. The second deletes if to Small Group except if from Small Group.
Then any emails the small group sends gets deleted (inside or outside) unless it's to someone in the small group. Any emails sent to the small group (inside or outside) likewise get deleted unless from the small group.
And then you only have one distribution group to maintain.
In any case, GG's solution is simpler than mine.
So one rule, as GG says, deletes if from Small Group except if to Small Group. The second deletes if to Small Group except if from Small Group.
Then any emails the small group sends gets deleted (inside or outside) unless it's to someone in the small group. Any emails sent to the small group (inside or outside) likewise get deleted unless from the small group.
And then you only have one distribution group to maintain.
In any case, GG's solution is simpler than mine.
Mail flow restrictions from certain users and transport rule sending to members in the distribution group.
Happy New Years!
Happy New Years!
Active 6 days ago
Blackjack11, the rule you posted a screenshot for will always let mail through to or from a member of TestDG.
Message comes through from outside to TestDG member. Rule applies *except* if the message is to a member of TestDG, so it goes through.
Message sent from TestDG member to any internal or external address. Rule applies *except* if the message is from a member of TestDG, so it also goes through.
Message comes through from outside to TestDG member. Rule applies *except* if the message is to a member of TestDG, so it goes through.
Message sent from TestDG member to any internal or external address. Rule applies *except* if the message is from a member of TestDG, so it also goes through.
Featured Post
Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article explains how to install and use the NTBackup utility that comes with Windows Server.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.:
Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month2 days, 11 hours left to enroll
Earn Certification
MTA Networking Fundamentals Exam 98-366
$59.00$53.10
696 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.