Link to home
Start Free TrialLog in
Avatar of Michael Campellone
Michael CampelloneFlag for United States of America

asked on

I need a better way to control email delivery restrictions for limited employee accounts

At our bank, we have two domains; one is hosted through Office 365 and we utilize Exchange Online as part of the package.  However, on our other domain, we have an on-premises Exchange Server 2010 running on Server 2008 Standard.  This server will be retired by the new year, and the domain/Exchange accounts will then also be migrated to 365.  In the meantime, however, I have a confusing/cumbersome configuration question, and my query is only concerning the old on-premises Exchange 2010 server.

As part of our job requirements and under stringent compliance rules (being a bank that handles large cash transactions), we have a good amount of the workforce that has email, but is *ONLY ALLOWED* to receive email from all internal users on our domain, and a specific list of external domains (for health insurance emails, payroll and benefits companies, outside card processors etc.)  - and aside from all internal users, and this specific list of external email addresses, they are not allowed to receive any other email.  This is not by my design, but is relegated by requirements set forth by the board of directors at this bank.  I am not happy lol...

This affects a large number of mailboxes.  When I select the typical "all senders must be authenticated", this allows all internal email naturally, however no external addresses of any kind.  I should also mention, that I created an Exchange mail contact entry for each of these external senders.  Even then, those external emails never show up.

So far, the only way I have managed to get this to work, is under each of the mailboxes, I set up delivery restrictions by selecting "only senders in the following list", and then in the provided selection box, I select all of the email entries, as well as the external mail contact entries.  This does work, but the list is extensive (several hundred), and is somewhat problematic whenever we add new email addresses, etc.

There has to be an easier way?  Again - I only need a stopgap fix to last until the end of the year.  But I have tried "thinking outside the box" in a variety of scenarios and tried different methods, only to have to come back to this cumbersome, slow method.  More than anything, I am looking for a more "efficient" way of handling this strange setup...

Any ideas/input are greatly appreciated - thank you!
ASKER CERTIFIED SOLUTION
Avatar of timgreen7077
timgreen7077

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I was going to recommend the transport rule way, but in addition to that there is more than likely a way in powershell.
Avatar of Michael Campellone

ASKER

The transport rule is a great idea - I do have about 30-40% users who do receive unrestricted email access, so can I apply this rule to specific boxes only?
You might want to look at getting Barracuda email filtering. You could then use it to whitelist only the domains you want to allow and block everything else. It costs money, but that may be a better way of managing things.
EXPERT CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This is an excellent solution.  Thank you for that input!
Avatar of timgreen7077
timgreen7077

sure thing.
All of you gave excellent options in ways to approach this somewhat unconventional situation - and I appreciate it very much!
Overall, the solutions provided were great, and everyone was so expedient in getting back to me!  I'm impressed! :)