Make Exchange 2016 detect keyword in subject or body of incoming E-mail and bcc E-mail to a second internal recipient. Rule already in place and working for outgoing E-mail.

I set a mail flow rule in Exchange 2016 which scans the subject and body for a keyword (scarecrow for testing) and if found, sends a bcc of the E-mail to another internal E-mail recipient on my mail server.   The rule works fine for E-mail sent internally or E-mail sent out to an external address.    The rule does not apply to inbound E-mail whether newly created or in the form of a reply from an external address.  

I don't see a method of creating a mail flow rule to inspect incoming messages, maybe I'm missing it.   Is there another way for Exchange (Not the individual Outlook clients) to detect a keyword in the subject line or body of an incoming E-mail and bcc a copy of the incoming E-mail to a second internal address?

Thanks,
LVL 1
Dave SchaferDirector of ITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

timgreen7077Exchange EngineerCommented:
you will need to select the option if the sender is outside you organization. it will be a separate rule though. select that option and then add your other actions.
0
Dave SchaferDirector of ITAuthor Commented:
I missed it..... you must first choose "The sender is located....."   then select "Outside the organization"   I added it a new rule then sent two incoming E-mails from Yahoo, one with "scarecrow" in the subject, the other with it in the body.   Received them both but they didn't bcc to the second recipient.  I went back to the rule and noticed (shown in the attachment) that if you hit the drop down after "The sender is located" you see additional choices before the "Outside the organization" URL.   I selected "is external / internal" which didn't work.  I'll try a couple of other options and see if I can get it working.
Exchange-2016-mail-flow-rule.docx
0
David GipeCommented:
One note on these kinds of things and you may already be fine / aware of this or have it covered ...

Even though something is technically possible, depending on law and why you are doing this, you may need to issue a policy / cover yourself legally before you put this in production. If it is simply to relay production-related information to someone else when it is sent (and you are forgiving a lapse in human communication) that is one thing; but if it is HR / personnel-related, that's were the legality may come into play.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Dave SchaferDirector of ITAuthor Commented:
Great point.  The request came from our legal department.  I'll quiz them to ensure they covered all of their bases.   Thanks David
0
timgreen7077Exchange EngineerCommented:
The rule looks good, but try to move the rule up to priority 1 so that other rules don't interfere first.
0
Dave SchaferDirector of ITAuthor Commented:
I deleted and recreated the rule, bumped it up to priority 1, disabled the existing priority 0 rule, sent a test message to "fred smith" (my imaginary friend / test account) which worked fine, then sent an incoming E-mail from my Yahoo account to my account with the word scarecrow in the body.   Once again I received it by poor Fred was neglected.  I also checked his junk mail.    Is it necessary to restart a transport or other Exchange service?
0
timgreen7077Exchange EngineerCommented:
no you don't have to restart any services. instead of selecting subject or body includes, they selecting is subject or body has text pattern. I'm not in front of the console so speaking from memory.
0
timgreen7077Exchange EngineerCommented:
try selecting if subject or body has a text pattern.
0
Dave SchaferDirector of ITAuthor Commented:
No Love with "the subject or body matches these text patterns".  All come through to the primary but the secondary bcc doesn't make it.
Exchange-2016-mail-flow-rule.docx
0
timgreen7077Exchange EngineerCommented:
that looks good. that should be all it takes. I will try to set this up and see what happens.
0
Dave SchaferDirector of ITAuthor Commented:
I'll work with it at home this evening as well.  Thanks for the assist.
0
timgreen7077Exchange EngineerCommented:
I just tested this and it worked fine. I tested with the word in the subject alone, and i tested with the word in the body and both worked just fine and my other email account was bcc'ed. I sent from my external gmail account. see the rule i setup

Test Bcc Rule

If the message...Includes these words in the message subject or body: 'Advance'
and Is received from 'Outside the organization'

Do the following...Blind carbon copy(Bcc) the message to 'Support@myemaildomain.com'

Rule comments

Rule modeEnforce
0
Dave SchaferDirector of ITAuthor Commented:
Even if I take the keyword portion out so the rule simply bccs' a second recipient (also tried redirect to another recipient) it doesn't work.  I'm going to explore two possible causes.
1.  We utilize Mimecast cloud based security which touches every E-mail before delivering it to our organization.  
2.  We are in coexistence mode w/ Exchange.  All the mailboxes have been migrated from 2007 - 2016, we only need to finish archiving and removing old public folders before completing the migration and decommissioning Exchange 2007.  As it stands now, mail flow is and has been working fine in coexistence with the exception of this mail flow rule I am attempting to get working.  Again, the internal mailflow rule works fine, it is only the rule to capture external E-mails.
0
timgreen7077Exchange EngineerCommented:
I'm also in Co-Existence with 2010 and 2016, along with a hybrid setup for O365 but it worked perfectly for me. Currently migrating mailboxes from 2010 to 2016 with O365 hosted archive.

Try adding the trigger word with other words in the subject or body. Don't send the test email with just 1 single word in either the subject or the body.
0
Dave SchaferDirector of ITAuthor Commented:
If I take the keyword condition completely out of the mix and my only condition is -the sender is located.... outside the organization It doesn't bcc.  with the same single condition in place I changed the action  from bcc to redirect the message and entered two mailboxes for the recipients.

In both cases, the E-mail came through to the intended, 1st named recipient and was completely unphased by the rule in place.   So now maybe I should focus my attention on Mimecast.
0
timgreen7077Exchange EngineerCommented:
Agreed.
0
Dave SchaferDirector of ITAuthor Commented:
Attached is the only rule I have active.   No go.  Stumped,  will call Mimecast and may be able to create the rule there.
Exchange-2016-mail-flow-rule.docx
0
timgreen7077Exchange EngineerCommented:
Agreed, check to see if they are interfering because it works perfectly for me with the rule I created:

Test Bcc Rule

If the message...Includes these words in the message subject or body: 'Advance'
and Is received from 'Outside the organization'

Do the following...Blind carbon copy(Bcc) the message to 'Support@myemaildomain.com'

Rule comments

Rule modeEnforce
Report Comment
0
Dave SchaferDirector of ITAuthor Commented:
Hey Tim,  In your working rule,  can you give me the condition line(s) you were using in addition to ""The sender is located outside of the organization"?
0
timgreen7077Exchange EngineerCommented:
Here is a screenshot.

screen
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dave SchaferDirector of ITAuthor Commented:
I always seem to get into trouble when I assume things.  The IT career field isn't really a great place for assumptions.    Mine wouldn't work as pictured above.  Mine now works but I also had to add a condition "and the recipient is located inside the organization" which I assumed should have happened automatically, and did in your case.  Everything else remained the same.  Thanks for your assistance.

Screen-Shot-05-17-18-at-12.55-PM.JPG
0
Dave SchaferDirector of ITAuthor Commented:
Thanks to timgreen7077 for the assist and getting us pointed in the right direction.   The mail flow rules are pretty simple to construct but in our case didn't work by adding the condition "when the sender is located outside of the organization".  We had to add a second condition "when the recipient is located inside of the organization"  Maybe something that changed with a cumulative update?   Working now though.
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.