In some scenarios an organization will want to prevent email users from sending messages to certain external domain names. This can be achieved with Exchange Server 2007 using a Transport Rule.
Open the Exchange Management Console and navigate to Organization Config/Hub Transport.
Start a New Transport Rule.
Give the rule an appropriate name and description.
Choose conditions of “From users inside the organization” and “When a message header contains specific words“. Click on “message header” and change it to “To” (without the quotes), and then click on “specific words” and add the domain name, for example “@fabrikam” (again without quotes).
Click Next and choose actions of “Send bounce message to sender…” and “Silently drop the message“.
You can modify the bounce message that is sent to the sender so that they or the IT admins can easily tell why the email was rejected.
Complete the Transport Rule wizard and test the new rule by trying to send an email to that domain name.
You should now receive a bounce message from the Exchange server with the text that you configured.
is it possible to create a transport rule that will prevent email being sent to me from me that has not originated from my server. i seem to be receiving email from myself which is spoof
I am using sbs 2008 with exchange 2007
many thanks
hi mr paul,
nice tutorial i have some scenario lke this
1. some user can send to eksternal (golbal) all domain
2. some user can sent to spesifik domain or account mail
3. some user can sent to our branch office
how can i create rule in hub transport
because when i have set like your tutorial but its not work
can you help me
i used exchange 2007
Stop trying to block everything. The list is too long. Second, do this on the Edge instead of the Hub if you have an Edge server.
Use a transport rule to specify
Conditions – When the From address contains text patterns and add .*$ (all email from something with .)
Actions – pick your action
Exceptions – except when From address contains text patterns – enter TLD’s you wish to accept in the format of .TLD$ i.e. .com$ (where .com is at the end of the From address)
Done.
Great post Paul ,
I got a strange request from the customer.
we have accepted domains – abc.com, 123.com, xyz.com
whereas pqr.com domain is external domain
As per the request ,50 users with email address @abc.com should not be able to send attachments to other than abc.com, 123.com, xyz.com and pqr.com
they can send attachments only to domains abc.com, 123.com, xyz.com , pqr.com
I tried using transport rule but could not achieved the result
Any help is highly appreciated
Thanks,
Sandip
I’m trying to do the opposite I would like to inform external users that my old domain is not active anymore and they have to send email to new domain.
How can I do this? is it possible?
Some people set up things so that anytime someone emails the old domain it sends back a notice for them to start using the new domain.
I find that to be a horrible solution that puts the onus on the sender to make changes just for your own convenience. It also tends to create problems with automated mail systems and other scenarios where your system *always* sends that notice back regardless of whether that sender has already been notified or not. I’ve been on the bad end of that situation and its really annoying.
The correct solution in my view is to just keep accepting email to the old addresses, but have your primary emails be the new addresses. Over time nature will take its course and fewer emails will go to the old addresses.
If you absolutely do not want to receive email to the old domain (though I struggle to think of a valid reason for this) then the right thing to do is to hard bounce the email, eg just remove the MX records for it and the senders will receive an NDR and adjust accordingly. But again, that puts the onus on the senders to have to do something just because your company has switched domains.
we manage more then one domains and I have seen many changes, I have never adopted this solution for the same your reasons.
in this case I have added, for more than a year, to the messages outgoing, a disclaimer to inform about the new domain.
I have set on internal users the primary SMTP address with new domain.
The internal users complain with me they are receiving just spam (to old address) general manager asked he don’t want to receive mail for old domain, especially spam report, he just want to continue inform the sender maybe one of hundreds or thousands spam it’s an order.
Remove the MX could be a solution but the I need to inform the sender about new address.
if you have sugest…
If individuals no longer want their old address there’s no reason I can think of to not just remove it for that individual user.
The spam problem should be solvable with a decent antispam product.
Still the user can send email to this selected email address..
The only thing he needs to do is put any allowed address in TO and put restricted email address in CC.. Bingo..
I have been looking for real solution that can block all emails to speceific domain either in TO or CC.. with Exchange 2010 this is easy to do..
Have you found blocking BCC option?,
I have same issue that i can’t block bcc option, i would like also to know if i can import a big list of domains that i want to block through powershell somehow
How did you block CC and did you find a way to block bcc.
As always, Microsoft programmers have been lazy and Mr Cunningham is unimaginative.
“Outside the Organization” is only checking the “To” filed.
Thanks for the feedback Vince. Given the information in the blog post above, and a little research on TechNet about transport rules, the solution is quite easily found. That is, if you apply a little imagination of your own.
All the best.
Thank you for these notes, very useful and very clear.
We have found that this will only block the To field and not Cc or Bcc. We have setup a new rule that blocks Cc but we are having trouble with Bcc.