A reader asks whether it is possible to block external emails sent to an Exchange Server 2013 mailbox user.
Here are two ways to achieve this. I will use one of my mailbox users Alex Heyne for these examples.
Transport Rule
Using an Exchange 2013 transport rule we can block emails sent from external senders to the mailbox user.
In the Exchange Admin Center navigate to Mail Flow -> Rules.
Start a new Transport Rule.
Although there are some pre-canned rule templates that help get you started I prefer to just choose “Create a new rule…” and build it from scratch in this case.
Set the first condition to “The sender is located…” and choose “Outside the organization”. Then click the “More options…” link.
You can then add the second condition that specifies which recipient the messages are being sent to.
Next, set the action to reject the message. There are three rejection options. I prefer to use one that sends back an explanation if the situation is relatively harmless, but for blocking malicious emails it is probably better to just drop them without notifying the sender.
Since you are rejecting the message you probably also want to stop processing other rules.
Save the rule when you have completed the configuration.
The email messages from external senders to that recipient will now be blocked in the transport pipeline, which will show up in message tracking logs.
Timestamp : 6/05/2014 8:15:33 PM
ClientIp :
ClientHostname : E15MB1
ServerIp :
ServerHostname :
SourceContext : Transport Rule Agent
ConnectorId :
Source : AGENT
EventId : FAIL
InternalMessageId : 49443663511553
MessageId : <CAPOW2OCFFOcjBXjviMqxoscn3HPqH-Zc95Qvgiw101kUGijM+A@mail.gmail.com>
Recipients : {alex.heyne@exchange2013demo.com}
RecipientStatus : {550 5.7.1 TRANSPORT.RULES.RejectMessage; the message was rejected by organization policy}
TotalBytes : 3095
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : Test 2 Inbound
Sender : exchangeserverpro@gmail.com
ReturnPath : exchangeserverpro@gmail.com
Directionality : Incoming
TenantId :
OriginalClientIp :
MessageInfo : 2014-05-06T10:14:46.526Z;SRV=E15MB1.exchange2013demo.com:TOTAL=30|SMS=30;SRV=E15MB1.exchange2
013demo.com:TOTAL=15;CAT|CATRS|CATRS-Transport Rule Agent
MessageLatency :
MessageLatencyType : None
EventData : {[E2ELatency, 47], [DeliveryPriority, Normal], [ExternalOrgIdNotSetReason, ]}
Although this rule will result in external emails being rejected it will also reject emails sent via a relay connector, unless you set exceptions on the rule for email addresses that you know will be sending via that method.
Message Delivery Restrictions
Another method is using message delivery restrictions on the mailbox itself. This may be a better approach if you want your help desk to manage this type of restriction without having to give them the rights to manage transport rules in your organization.
Open the properties of the mailbox and select Mailbox Features, then scroll down to the Message Delivery Restrictions and click View Details.
Enabling the option to “Require that all senders are authenticated” will have the effect of rejecting emails from external senders.
However…
- You don’t get to choose whether to send an NDR or not, it is always sent
- The NDR is slightly unfriendly compared to a custom rejection message you can use with transport rules
- This option will also reject email sent via relay connectors, as with the transport rule option; but
- There is no way to set exceptions for this option
So what you gain in handing off this administrative task to your help desk you lose in flexibility.
Summary
As you can see there are options available for blocking external emails sent to an Exchange Server 2013 mailbox user. However each has pros and cons, and so requires some consideration before you choose which option to implement.
This article Block External Emails for an Exchange Server 2013 Mailbox is © 2014 ExchangeServerPro.com
Get more Exchange Server tips at ExchangeServerPro.com
