How to use Transport Rules in Exchange Server 2007


The upcoming release of Exchange Server, Exchange Server 2007, has an important difference with older versions of the product; it is now possible to create transport rules at organization level that allow us to control the internal and/or external flow of messages in an Exchange Organization in an easy and flexible way.

With the Transport Rules feature, we are now able to easily create rules, such as: disclaimer for the organization, apply security on messages between users, and filter message content based on strings located within it.

Within this article I will discuss how to work with transport rules on Exchange Server 2007 – all rules have been created at organization level on the Hub Transport role.

We can create rules at the Exchange Organization level and they can be configured to work with internal and external traffic.

How do Transport Rules work?

There are three stages in creating a transport rule: conditions, actions and exceptions. These stages are shown during the process of creation within the “New Transport Rule Wizard”. The phases for creation of the rules are shown in Figure 1.

All messages flow through the Hub transport role. It permits a single location to administer the whole exchange organization.

Figure 1: Flow chart to create transport rules on Exchange Server 2007

We are going to visualize in the examples below, the combination of conditions, actions and exceptions that we can use in order to get the best possible message control.

Each created rule receives a Priority, these rules vary from low priority (0) to high priority. If a message belongs to 3 (three) separate rules, all rules will be applied on the message always respecting the priority of the rules.

The rules can be edited, disabled or removed. When they are disabled, they do not lose their priorities but they are not included in the evaluation process.

Working with Transport Rules (Scenario)

Transport Rules are very flexible and we can use a lot of options while we create them. I will now show a small example about transport rules; within the example we will use all phases (Condition, Action and Exception). (Figure 1)

I will create a simulated scenario to deploy a transport rule. In this Exchange Organization we have two users: Anderson Patricio and John Rodas. We must validate that no messages can be sent between them, except messages with a subject including the words: Personal or Life. With this feature, we can get internal traffic protection; avoiding that vital information leaves the organization or is exchanged between users, depending on your own criteria.

Let’s go… Creating an Ethical Wall between users…

This scenario is called Ethical Wall, because we can protect the message flow between users and groups based on transport rules

To create our first rule, we will need to click on Hub Transport expanding the Organization Configuration node in the left pane of the Exchange Management Console, then click on the Transport Rules Tab and finally clicking on New Transport Rule on the Action Pane, as can be seen in Figure 2 below.

Figure 2: Creating a transport rule on the Exchange Management Console

In the New Transport Rule Wizard, we should fill out the Name and Description and make sure that ‘Enable Rule’ is selected. After that click Next. (Figure 3)

Figure 3: Wizard welcome screen to create transport rules

Conditions: We can define from who or to a message is going, based on string or message fields or some address inside the fields (To:, From: or Cc). In this example mark From People and you can see in Step 2 the construction of the rule, like the Rules and Alerts in Outlook.

During step 2 click on the ‘people’ link to select the users for this rule. (Figure 4)

Figure 4: Conditions – Specifying “from people” on the transport rule

In the new window, we can choose the users that will be affected by this rule, click Add, select user(s) and click OK. The result is shown in the figure below, Figure 5.

Figure 5: Selection of users in the “From People” condition

We’ve just selected the user Anderson Patricio in the “from people” condition. After that, we will need to tick “sent to people” and select the “target” user for this rule. In this case, we will choose John Rodas and select him as we did in the previous example. (Figure 6)

When we have more than one item ticked in conditions, we have a logical ‘AND’, so it means that the transport rule will be processed only if all the conditions are valid. If not, the rule will not be executed.

Figure 6: Conditions – Our condition has been established

In the New Transport Rule Wizard page, tick “send bounce message to sender” as shown in Figure 7. With this option selected, when a user (in this example, Anderson Patricio) sends a message to the selected user (in this example John Rodas), the sender (Anderson) will receive a predefined bounce message. (Figure 8)

Figure 7: Actions – Defining an Action to conditions specified before

To customize the message that will be displayed in the return message, we will need to click the link “Delivery not authorized, message refused” in Step 2 and then customize the content for the bounce message. (Figure 8)

Figure 8: Editing the text of action “send bounce message to sender”

Now, we have completed the Conditions and Actions; it can be reviewed in Figure 9.

Figure 9: The conditions and actions phases have been done, click Next

Exceptions: In this case all messages from Anderson Patricio to John Rodas will be blocked, except those e-mail messages including the words Personal and Life in the subject. To do so, tick “except if with specific words in the subject” and then click on the link in Step 2 and add your exception words on the next screen. After that, we can see the result of configured Exception (Figure 10).

Figure 10: Exceptions – Defining the exceptions in the Transport Rule

On this page, we can review the configured options in the wizard, as shown in Figure 11. We must click Create.

Figure 11: Configuration Summary on New Transport Rule Wizard

The below shows the final screenshot for the rule creation wizard using a cmdlet. With a cmdlet we can create the same rule using the Windows PowerShell Console or a wsh administrative script. Click Finish. (Figure 12)

Figure 12: Final screen showing the cmdlet used to create this rule.

After clicking on the Finish button, the rules will show up on the Exchange Management Console.

We can select the rule and all the possible actions are also enabled in Action Panel. There are now some actions to assign to this rule: Disable rule, Edit and Remove. (Figure 13)

Figure 13: Visualizing the created rule

Ok, it’s done! Now we will see the résumé of our transport rule:


Blocking suspicious messages from Anderson Patricio to John Rodas


From Anderson Patricio AND To John Rodas


Send bounce message


except if word personal or  life in subject

Let’s test the configured rule!

The first test is to send an email from Anderson Patricio to John Rodas (Figure 14).

Figure 14: User Anderson Patricio is writing to John Rodas about some important information

Our rule will block this kind of email message, and the sender (Anderson Patricio) will get a pre-defined action “set bounce message to sender” (Figure 15). If the sender receives the message below, our Condition and Action configuration is working.

Figure 15: Sender receives the message with the Action of the rule. Pay attention to the message, it has our modification (by administrator)

The second test is to validate the rule about exceptions. The sender (Anderson Patricio) is going to send another e-mail message but it will have the word Personal in the subject of the message. (Figure 16)

Figure 16: Sending a message to validate Exception

This email has an allowed word in the subject, so the receiver (John Rodas) got the message. We can now validate all the phases of the rule (Conditions, Actions and Exceptions). (Figure 17)

Figure 17: The allowed message is received by user


We reviewed how transport rules work and the way we apply them to mailboxes; it is a very important feature in the upcoming Exchange Server release (Exchange Server 2007). This feature will allow administrators to improve the flow of internal and external messages, improving security on a high level for any messaging environment.

With this functionality, we will be able to solve issues that exist on Exchange Server 2003, such as: add disclaimer, allow some users to send e-mail internally, block messages with determined text in the message or attachment name, and more.

This article was written using an Exchange Server 2007 beta version. The final release (RTM) may have different screens than described in this article.

More Information:

Microsoft Exchange Server 2007

Windows Power Shell and Exchange Server

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top