Using Transport Rules to moderate messages using Exchange Server 2010
My first article here at MSExchange.org was about Transport Rules and at that time the Transport Rule was one of the most requested features by Exchange Server 2003 administrators. Administrators couldn’t do a lot of stuff because of the Exchange Server 2003 architecture which was based on SMTP Event Sinks or third-party tools.
Now we have been using Transport Rules for years and with every release of Exchange, the product team adds more capabilities and it is not different with Transport Rules. In this article we are going to check how we can take advantage of Transport rules to moderate messages.
The Transport Rule creation process is the same as the one explained in my first article, as a matter of fact I’m going to use the same figure that I’ve used before (Figure 01) to show how the Transport Rule wizard works and the steps required to build a transport rule.
Exchange Server 2010 also allows other methods to moderate messages, such as Distribution Group moderation. We have touched this subject in the second article of the Managing Distribution Groups article series and you can check this out here.
Before going to Transport Rules, let’s create a scenario where we have a small company with some requirements to moderate messages using Transport Rules. In this company for the sake of simplicity we have a Finance department that has 3 mailboxes: User01, User02 and Manager01; and also a Directors Group that consists of all directors of the company. The following table shows how the users and groups are distributed in our environment.
All company’s directors belong to this group
User01 and User 02 have Manager01 as their Manager configured in Active Directory
All users have their manager configured properly in their Active Directory attributes, as shown in Figure 02.
If your company uses the Manager attribute properly it will be easier to control some Transport Rules because they can be based on that attribute, however, if your company is too big or you don’t have the habit to configure it we can use a fixed address for moderation purposes and in that case you always have to remember to change the Transport Rule when a new moderator is required.
Using Manager Attribute to moderate messages…
One of the advantages of using Transport Rules instead of Distribution Groups is that you can moderate any messages based on your Transport Rule conditions. For example, you can manage messages sent to a member of a specific Distribution Group. If you are using just Distribution Group moderation then it becomes tougher to control because it will take action only when the message is addressed to the group not to a specific individual.
Let’s make sure that all messages from Finance department to the directors group are not sent immediately but instead the messages will be moderated by the current Manager of Finance area. In this scenario we can use the following steps to create a Transport Rule to meet our requirements:
- Open Exchange Management Console
- Expand Organization Configuration
- Click on Hub Transport
- Click on Transport Rules tab
- Click on New Transport Rule
- The first page of the wizard, let’s name our new transport rule as Moderate – Finance Department and let’s click Next.
- In the Conditions page. We have a couple of options here but based on our scenario we want to make sure that any employee that belongs to the Finance Department when they try to send messages to any member of the Directors then the moderation will occur. The key point here is to make sure that all Finance guys belong to the Finance group and the same for Directors members into the Directors group. A simple way to do that is check the options from a member of distribution list and sent to a member of distribution list, as shown in Figure 03.
- In the Actions page. We have two options which are (Figure 04): forward the message to address for moderation where we can define a specific address and this option can be okay if you don’t change too often the Manager of the department, at least make sure that the Transport rule is updated in case of any change in the department’s manager. Another option is forward the message to the sender’s manager for moderation and this one is that we are going to use.
Exchange Server 2010 also improved the way to manage Transport Rules using Exchange Management Shell, now we can use a single line to create a Transport Rule, for example to create the Transport Rule that we have just created above, we could have used the following cmdlet instead:
Now that we have the Transport Rule created, we can use User01 to send a message to one of the Directors of the company which in our scenario is the mailbox Director01, as shown in Figure 05.
Based on the set rule, the message won’t be delivered to the recipient but the message must be approved first by its manager which is Manager01 mailbox. In Manager01 mailbox either using Outlook Web App or Outlook client a message starting with the subject Approval requested: <Original Subject of the message> will be found in the Inbox. The manager has two main options: Approve which will allow the message to be delivered to the recipient’s mailbox or Reject which can be in silent mode through the option Send the response now or we can give a reason why the message was rejected using the Edit the response before sending option.
when moderating using Outlook Web App the message must be opened in order to show both options (Approve and Reject), those options do not show up in the message preview.
If the moderator decides to reject the message, the sender who started the mail will receive a message from Microsoft Exchange Approval Assistant saying that it was rejected but the moderator information won’t be displayed, as shown in Figure 07.
Now that we have seen how to moderate messages we can just adapt the conditions to best fit your organization requirements, for example:
- If your company requires all messages sent internally to a specific user (for example your CEO) to be moderated by his assistant. Then, just change the Condition to From users that are inside or outside the organization and select inside; and make sure that the assistant mailbox is configured in the moderation;
- If your company requires that messages between 2 groups must be moderated, then we can take advantage of the condition between members of distribution list and distribution list and after that select both groups and address for moderation.
In this article we went through the process of creating a Transport Rule to moderate messages between groups using Exchange Server 2010.