Exchange Server 2007 provides an easy and flexible way to set rules for message routing and content restriction by Transport Rules. Transport Rules allow administrators to quickly apply corporate or compliance policies to e-mail messages that flow through an Exchange organization. Transport Rules can be managed with an Exchange Management Console Transport Rules Editor wizard or within the Exchange Management Shell (shell). The Transport Rules Editor wizard is designed to be very similar to the Outlook Rules Wizard, a familiar interface. This blog post introduces the Transport Rules Editor GUI and illustrates how to use it to accomplish an Ethical Firewall scenario.
Transport Rules Editor GUI
The Transport Rules Editor consists of both a New Transport Rule wizard and an Edit Transport Rule wizard used to create a new transport rule or edit an existing transport rule in the console. Similar to the Outlook rule behavior, each transport rule consists of three components:
The overall experience of the Transport Rules Editor is designed to provide a very similar experience to the Outlook Rules Wizard. Note that although they have similar design, the Transport Rules Editor is used by administrators to apply rules to all messages flowing through the organization while Outlook Rules Wizard is used by end-users to manage arriving or sent messages for an individual mailbox. To show how similar the interfaces are, below are side by side screen shots of Outlook Rules Wizard and Exchange Transport Rules Editor.
Create an Ethical Firewall Using Transport Rules Editor
This section illustrates using the Transport Rules Editor to configure an example Ethical Firewall scenario: creating a transport rule to block e-mail messages between members of two distribution groups, except where a text pattern is in the message subject. Below are the details of this transport rule:
Transport rule condition:
Applies to message sent between members of distribution groups "Sales Group" and "Brokerage Group".
Transport rule exception:
With text pattern "Press Release" in the subject. That is, if "Press Release" is included in the subject of an e-mail message, the transport rule action won't apply to this message.
Transport rule action:
Send bounce message to the sender with value "E-mail messages sent between the Sales department and the Brokerage department are prohibited." and also bcc the message to the corporate compliance mailbox email@example.com. This action applies to all e-mail messages matching the condition and not matching the exception.
In the console, the Transport Rules tab of the Hub Transport node under the Organization Configuration work center is the place to manage transport rules on Hub Transport servers. The console GUI managing Transport Rules on Edge Transport servers is similar. Clicking the New Transport Rule context menu will launch the New Transport Rule wizard.
In the Introduction page of the wizard we can specify the name and comment of this transport rule.
In the Conditions wizard page, we can specify the conditions for this transport rule. For the Ethical Firewall scenario, we specify the condition as messages between members of two distribution groups (lists): Sales Group and Brokerage Group. This Ethical Firewall scenario leverages existing Active Directory distribution groups; no need to maintain a separate directory service for compliance!
In the Actions page, we specify the action for the Ethical Firewall scenario as sending bounce message to the sender with value "E-mail messages sent between the Sales department and the Brokerage department are prohibited." and bcc'ing the message to the corporate compliance mailbox firstname.lastname@example.org.
In the Exceptions wizard page, we specify the exception for this rule is text pattern "Press Release" in the subject.
After supplying the information to the Exchange Management Console wizard, there is a summary and completion page when we move forward with the wizard. After we finish the wizard, the new transport rule will be created and listed in the Transport Rules tab in the Exchange Management Console.
After this transport rule is created, if a member of either the Sales Group or Brokerage Group distribution groups sends email to a member of the other group without "Press Release" text in the subject, the message is refused and the specified bounce message is sent to the sender. If the message contains "Press Release" text in the subject, it can pass through this Ethical Firewall.
As we went through the stages to create a new transport rule, you can see that the experience is very similar to creating an e-mail rule in Outlook. We selected the condition, action and exception for the purpose of our example Ethical Firewall scenario. And as you can see from the screen shots, there are many other options that can be used to configure the conditions, actions and exceptions for transport rules to meet your corporate requirements.
You can view a demo video Enabling Compliance with Ethical Walls in Exchange Server 2007 for a similar ethical wall scenario.
- Jared (Ji-Chao) Zhang