We help IT Professionals succeed at work.

I need a better way to control email delivery restrictions for limited employee accounts

79 Views
Last Modified: 2018-09-25
At our bank, we have two domains; one is hosted through Office 365 and we utilize Exchange Online as part of the package.  However, on our other domain, we have an on-premises Exchange Server 2010 running on Server 2008 Standard.  This server will be retired by the new year, and the domain/Exchange accounts will then also be migrated to 365.  In the meantime, however, I have a confusing/cumbersome configuration question, and my query is only concerning the old on-premises Exchange 2010 server.

As part of our job requirements and under stringent compliance rules (being a bank that handles large cash transactions), we have a good amount of the workforce that has email, but is *ONLY ALLOWED* to receive email from all internal users on our domain, and a specific list of external domains (for health insurance emails, payroll and benefits companies, outside card processors etc.)  - and aside from all internal users, and this specific list of external email addresses, they are not allowed to receive any other email.  This is not by my design, but is relegated by requirements set forth by the board of directors at this bank.  I am not happy lol...

This affects a large number of mailboxes.  When I select the typical "all senders must be authenticated", this allows all internal email naturally, however no external addresses of any kind.  I should also mention, that I created an Exchange mail contact entry for each of these external senders.  Even then, those external emails never show up.

So far, the only way I have managed to get this to work, is under each of the mailboxes, I set up delivery restrictions by selecting "only senders in the following list", and then in the provided selection box, I select all of the email entries, as well as the external mail contact entries.  This does work, but the list is extensive (several hundred), and is somewhat problematic whenever we add new email addresses, etc.

There has to be an easier way?  Again - I only need a stopgap fix to last until the end of the year.  But I have tried "thinking outside the box" in a variety of scenarios and tried different methods, only to have to come back to this cumbersome, slow method.  More than anything, I am looking for a more "efficient" way of handling this strange setup...

Any ideas/input are greatly appreciated - thank you!
Comment
Watch Question

Exchange Engineer
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
AlexA lack of information provides a lack of a decent solution.
CERTIFIED EXPERT

Commented:
I was going to recommend the transport rule way, but in addition to that there is more than likely a way in powershell.
Michael CampelloneSr. Vice President, Info Technology

Author

Commented:
The transport rule is a great idea - I do have about 30-40% users who do receive unrestricted email access, so can I apply this rule to specific boxes only?
William FulksIT Services Analyst
CERTIFIED EXPERT

Commented:
You might want to look at getting Barracuda email filtering. You could then use it to whitelist only the domains you want to allow and block everything else. It costs money, but that may be a better way of managing things.
timgreen7077Exchange Engineer
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Michael CampelloneSr. Vice President, Info Technology

Author

Commented:
This is an excellent solution.  Thank you for that input!
timgreen7077Exchange Engineer
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
sure thing.
Michael CampelloneSr. Vice President, Info Technology

Author

Commented:
All of you gave excellent options in ways to approach this somewhat unconventional situation - and I appreciate it very much!
Michael CampelloneSr. Vice President, Info Technology

Author

Commented:
Overall, the solutions provided were great, and everyone was so expedient in getting back to me!  I'm impressed! :)

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions