Margarita
asked on
Allow only one external user to send to an on-prem DL.
I need your help.
I have an on prem DL which I want to allow only one external email address to be able to send to it.
What I have thought is to create an Mail Contact for this external user and allow it through there but it doesn't seem to work.
Is there a cloud option?
Any Ideas?
Thanks.
I have an on prem DL which I want to allow only one external email address to be able to send to it.
What I have thought is to create an Mail Contact for this external user and allow it through there but it doesn't seem to work.
Is there a cloud option?
Any Ideas?
Thanks.
Hasin Ahmed Choudhary
Try creating a transport rule to deliver email to DG only from one specific email address <use contact you created> and drop other emails silently. Check if that helps?
ASKER
Hasin, Should I create this rule on prem or on cloud?
Okay, your question didn't mention the infra details. Wher is DG present? Based on mail routing, you will have to decide where the external email hit first and create accordingly.
ASKER
The distribution list is created on-prem
How external email enters your ORg from Cloud or on-prem? it is better to create Rule where your external email hits first.
how would the transport rule be configured? if you add a rule that allows sending a mail to the contact only from the permitted sender. How do you forward it to the desired distribution group?
To select one specific sender <contact created in this case>, we can use exception.
To make a condition for rest of the sender, we can use any conditions which match to incoming email like select DG mail address as recipient address and for sender address, we can use text pattern or sender is an External one.
If we use external sender condition, rules don't apply to an Internal sender. Any internal sender can send an email.
I asked to try this in first response as same behavior is not tested by me.
To make a condition for rest of the sender, we can use any conditions which match to incoming email like select DG mail address as recipient address and for sender address, we can use text pattern or sender is an External one.
If we use external sender condition, rules don't apply to an Internal sender. Any internal sender can send an email.
I asked to try this in first response as same behavior is not tested by me.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have never tried that but do the following and i am pretty confident it will do just what you need:
create the contact which you already have and run the following:
Set-DistributionGroup <DL Name> -RequireSenderAuthenticati
this way you are opening up the DL for external traffic at the same time ONLY that external contact will be able to send to it. if you want other internal users to send to it as well, you can add them to -AcceptMessagesOnlyFrom parameter of the set-distributiongroup command or if its a group of people you can add your contact and the internal group to -AcceptMessagesOnlyFromDLM
Please mark as solution.
create the contact which you already have and run the following:
Set-DistributionGroup <DL Name> -RequireSenderAuthenticati
this way you are opening up the DL for external traffic at the same time ONLY that external contact will be able to send to it. if you want other internal users to send to it as well, you can add them to -AcceptMessagesOnlyFrom parameter of the set-distributiongroup command or if its a group of people you can add your contact and the internal group to -AcceptMessagesOnlyFromDLM
Please mark as solution.
ASKER
Riaz is it possible to add multiple senders in buld with powershell for AcceptMessagesOnlyFrom <External Contact>
ASKER
in bulk
ASKER
Riaz what you described is what I had already said before you that I already did so why should I mark that as the solution when I had already done it and said I done it myself previously
Relax Margarita, you are not paying us to help you here, and you don't have to mark as Solution. I replied to your initial post.
My replies always say mark as solution at its end no need for the attitude.
and to answer your question YEs you can add users in bulk to -AcceptMessagesOnlyFrom only if you use @{Add="User"} otherwise it will not add and it will replace. to achieve that you can import all users from a csv file into a variable and then use a foreach loop with expression above like this
$Users = Import-Csv \\FilePath\File.csv
Foreach ($i in $Users)
{
Set-DistributionGroup "DL NAme" -AcceptMessagesOnlyFrom @{Add="$i"}
}
make sure your csv file does not have any header and always good to use user's SAMAcccountName in your import csv file.
that is to add users in bulk but my recommendation is to create a distribution group add all those users as member and then give the distribution group right to send to the DL by setting it to -AcceptMessagesOnlyFromDLM
this way if you need to add a user to be able to sent to the DL you can simply add it to that DL that has the members. you can hide that DL from GAL so users wont see if and you can name it accordingly like I always name mine like follow:
if the DL name is "Company NY" I name the DL that allows senders to "COmpany NY Allowed Senders" and hide the allowed senders DL from GAL since its only used to give rights to send to Company NY DL.
My replies always say mark as solution at its end no need for the attitude.
and to answer your question YEs you can add users in bulk to -AcceptMessagesOnlyFrom only if you use @{Add="User"} otherwise it will not add and it will replace. to achieve that you can import all users from a csv file into a variable and then use a foreach loop with expression above like this
$Users = Import-Csv \\FilePath\File.csv
Foreach ($i in $Users)
{
Set-DistributionGroup "DL NAme" -AcceptMessagesOnlyFrom @{Add="$i"}
}
make sure your csv file does not have any header and always good to use user's SAMAcccountName in your import csv file.
that is to add users in bulk but my recommendation is to create a distribution group add all those users as member and then give the distribution group right to send to the DL by setting it to -AcceptMessagesOnlyFromDLM
this way if you need to add a user to be able to sent to the DL you can simply add it to that DL that has the members. you can hide that DL from GAL so users wont see if and you can name it accordingly like I always name mine like follow:
if the DL name is "Company NY" I name the DL that allows senders to "COmpany NY Allowed Senders" and hide the allowed senders DL from GAL since its only used to give rights to send to Company NY DL.
ASKER
I have fixed the issue myself
LOL, Glad you did. it seems like you wasted your time posting here back and forth.