Allow only one external user to send to an on-prem DL.

I need your help.

I have an on prem DL which I want to allow only one external email address to be able to send to it.

What I have thought is to create an Mail Contact for this external user and allow it through there but it doesn't seem to work.

Is there a cloud option?

Any Ideas?

Thanks.
MargaritaSystems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hasin Ahmed ChoudharyExchange AdministratorCommented:
Try creating a transport rule to deliver email to DG only from one specific email address <use contact you created> and drop other emails silently. Check if that helps?
0
MargaritaSystems AdministratorAuthor Commented:
Hasin, Should I create this rule on prem or on cloud?
0
Hasin Ahmed ChoudharyExchange AdministratorCommented:
Okay, your question didn't mention the infra details. Wher is DG present?  Based on mail routing, you will have to decide where the external email hit first and create accordingly.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

MargaritaSystems AdministratorAuthor Commented:
The distribution list is created on-prem
0
Hasin Ahmed ChoudharyExchange AdministratorCommented:
How external email enters your  ORg from Cloud or on-prem? it is better to create Rule where your external email hits first.
0
carlos sotoIT AdministratorCommented:
how would the transport rule be configured? if you add a rule that allows sending a mail to the contact only from the permitted sender. How do you forward it to the desired distribution group?
0
Hasin Ahmed ChoudharyExchange AdministratorCommented:
To select one specific sender <contact created in this case>, we can use exception.
To make a condition for rest of the sender, we can use any conditions which match to incoming email like select DG mail address as recipient address and for sender address, we can use text pattern or sender is an External one.  

If we use external sender condition, rules don't apply to an Internal sender. Any internal sender can send an email.

I asked to try this in first response as same behavior is not tested by me.
0
MargaritaSystems AdministratorAuthor Commented:
This is what I did and worked.
Created DL onprem. Added the members.
Created a Mail Contact from the external email address
Under DL mail flow settings I added the Mail Contact and unticked the authenticated users.
When I tried to email to the email from that email address the email was received
When I tried to email to the DL form another external email address it did not work
When I tried to email the DL from an internal email address it did not work so problem fixed.

Thank you all
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Riaz Alexander AnsaryEnterprise Infrastructure Systems EngineerCommented:
I have never tried that but do the following and i am pretty confident it will do just what you need:
create the contact which you already have and run the following:

Set-DistributionGroup <DL Name> -RequireSenderAuthenticationEnabled $False -AcceptMessagesOnlyFrom <External COntact>

this way you are opening up the DL for external traffic at the same time ONLY that external contact will be able to send to it. if you want other internal users to send to it as well, you can add them to -AcceptMessagesOnlyFrom parameter of the set-distributiongroup command or if its a group of people you can add your contact and the internal group to -AcceptMessagesOnlyFromDLMembers and have the contact be a member of that internal DL. the only that external contact and internal users that are member of that DL will be able to send to it.

Please mark as solution.
0
MargaritaSystems AdministratorAuthor Commented:
Riaz is it possible to add multiple senders in buld with powershell for AcceptMessagesOnlyFrom <External Contact>
0
MargaritaSystems AdministratorAuthor Commented:
in bulk
0
MargaritaSystems AdministratorAuthor Commented:
Riaz what you described is what I had already said before you that I already did so why should I mark that as the solution when I had already done it and said I done it myself previously
0
Riaz Alexander AnsaryEnterprise Infrastructure Systems EngineerCommented:
Relax Margarita, you are not paying us to help you here, and you don't have to mark as Solution. I replied to your initial post.
My replies always say mark as solution at its end no need for the attitude.

and to answer  your question YEs you can add users in bulk to -AcceptMessagesOnlyFrom only if you use @{Add="User"} otherwise it will not add and it will replace. to achieve that you can import all users from a csv file into a variable and then use a foreach loop with expression above like this

$Users = Import-Csv \\FilePath\File.csv
Foreach ($i in $Users)
{
Set-DistributionGroup "DL NAme" -AcceptMessagesOnlyFrom @{Add="$i"}
}


make sure your csv file does not have any header and always good to use user's SAMAcccountName in your import csv file.

that is to add users in bulk but my recommendation is to create a distribution group add all those users as member and then give the distribution group right to send to the DL by setting it to -AcceptMessagesOnlyFromDLMembers paramter if set-distributiongroup command.
this way if you need to add a user to be able to sent to the DL you can simply add it to that DL that has the members.  you can hide that DL from GAL so users wont see if and you can name it accordingly like I always name mine like follow:
if the DL name is "Company NY" I name the DL that allows senders to "COmpany NY Allowed Senders" and hide the allowed senders DL from GAL since its only used to give rights to send to Company NY DL.
0
MargaritaSystems AdministratorAuthor Commented:
I have fixed the issue myself
0
Riaz Alexander AnsaryEnterprise Infrastructure Systems EngineerCommented:
LOL, Glad you did. it seems like you wasted your time posting here back and forth.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.