Exchange 2010 Transport rule to restrict recipients

We have some reports which are emailed.  We have a transport rule which searches the attachment for a phrase only found in these attachments.  

I have an exception which allows the report to be sent to certain email addresses.  The action sends a rejection message if additional recipients are included.

The problem is that while incorrect recipients are blocked they are not removed from the message header sent to approved recipients making it appear as if the email was sent to unauthorized recipients.  I would prefer to have all recipients blocked rather than sending misleading header information.

Is anyone familiar with a solution for changing the behavior of the transport rule to either alter the header information or block all recipients?

Exchange appears to be checking each separate instance of the email (one per recipient) against the transport rule as opposed to checking the entire email as a whole.  As there may be no way around this is there a way to use the message header pattern match in order to reject all recipients except for a specific header with correct recipients or otherwise alter the exceptions?
LVL 2
YMartinAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

I don't think in Exchange 2010 has any transport rule which can modify the message headers and remove the unauthorized recipients. Also there is no specific rule which can look for specific message header pattern in order to reject all recipients except for specific header with correct recipients

https://technet.microsoft.com/en-us/library/bb124703%28v=exchg.141%29.aspx?f=255&MSPPError=-2147217396

Thanks
Manikandan
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

However you can use the regular expression in transport rules for to match text patters in different part of message. Check the below link

https://technet.microsoft.com/en-us/library/aa997187(v=exchg.141).aspx

Thanks
Manikandan
YMartinAuthor Commented:
Thanks for the response.

I have tried to use the header pattern match for the "To" field as a rule exception.  I attempted various combinations of ^user@domain.tld$, ^User Name <user@domain.tld>$ etc.  in order to only allow emails with a single recipient specified in the rule however I have been unable to get a match on the correct header (single recipient only) despite matching the header shown in the NDR.

It was my intention to nest rules to allow only empty CC header, then single recipient To header.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Like i said there is no rules action in Exchange 2010 to filter the message header its just not possible

Thanks
Manikandan
YMartinAuthor Commented:
I do understand I cannot remove items from the header but I should be able to use the header content as an exception to a rule.  Is there no rule exception possible based on the header?

For example:
Set-TransportRule -Identity 'Test' -Name 'Test' -Comments '' -ExceptIfHeaderMatchesMessageHeader 'To' -ExceptIfHeaderMatchesPatterns 'user@domain.tld'

Open in new window

Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Please refer the below link and see if you're setting the rules like this

https://technet.microsoft.com/en-us/library/aa998315(v=exchg.141).aspx

Thanks
Manikandan
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Make sure your action properties are set like the one displayed in the table

HeaderValue
Single string
HeaderValue accepts a single string that's applied to the header specified by using the MessageHeader action property. Enclose the string in quotation marks (").
MessageHeader
Single string
MessageHeader accepts a string that specifies which MessageHeader to add or modify. The string that's specified by using the HeaderValue action property is inserted into the header that's specified by MessageHeader. Enclose the string in quotation marks (").

Thanks
Manikandan

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
YMartinAuthor Commented:
Thanks.  I did get the header field to match but "^User Name$" does not prevent additional recipients from being included in the "To" header field.  Looks like I cannot improve this any further.  Appreciate the assistance.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.