Setting Up Transport Rules

The two flavors of transport rules give you, the messaging administrator, the ability to define and automatically enforce messaging policies within your organization. In Exchange 2007, transport rules are enforced on the Hub Transport and Edge Transport roles. You create and manage them in both the Exchange Management Console and the Exchange Management Shell.

Although you use the same processes to create and manage the rules on both roles, the actual actions you can take, and the way the rules are stored, are different. Transport rules are very similar to mailbox rules, but they are applied at the server level to all traffic that goes through that server.

Like mailbox rules, transport rules have three parts:

• Conditions identify the message properties that trigger the application of the rule to a given message. If you define no conditions, then the rule will apply to all messages.

• Exceptions identify message properties that exempt a given message from being processed by the rule even if it matches the defined conditions. Exceptions are optional.

• Actions modify the properties or delivery of messages that match the conditions without matching the exceptions defined by the rule. There must be at least one action, but you can have multiple actions in a given rule.

Transport rules on a Hub Transport server are defined and stored in Active Directory; each Hub Transport server in the organization sees the entire set of defined rules and attempts to match them against all messages. This allows you to define a single, consistent set of message policies throughout your organization. You can define a total of 1,000 transport rules in your organization. That may seem like a lot, but in large enterprises, you often need hundreds of transport rules to fully define the automated policy restrictions required.

Since rules are stored in Active Directory, modifications to your transport rules are subject to your normal AD replication. Depending on your site topology, it may take some time before your current changes propagate fully throughout your organization.

In contrast, transport rules for Edge Transport servers are defined on a per-server basis and stored in the local ADAM database on the Edge Transport server. Thus, while you have no propagation delays to worry about, you do have to manually maintain a consistent set of rules on your Edge Transport servers or have some interesting discrepancies to track down at a later date.

Selecting Conditions and Exceptions

Since conditions and exceptions are both involved in identifying whether a given message should be processed by the rule, it should be no surprise that they give you the same set of options.

Which options you get depends on whether you're creating the rule on a Hub Transport or Edge Transport server. The Exchange 2007 help files contain detailed descriptions of how each of these conditions and exceptions are defined and applied, but this should help you get an idea of what types of selection criteria you have available at your fingertips.

Hub Transport Conditions and Exceptions

You can select the following conditions on Hub Transport servers:

• From people

• From a member of distribution list

• From users inside or outside the organization

• Sent to people

• Sent to a member of distribution list

• Sent to users inside or outside the organization

• Between members of distribution list and distribution list

• When any of the recipients in the To field is people

• When any of the recipients in the To field is a member of distribution list

• When any of the recipients in the Cc field is people

• When any of the recipients in the Cc field is a member of distribution list

• When any of the recipients in the To or Cc fields are people

• When any of the recipients in the To or Cc fields is a member of distribution list

• When the Subject field contains specific words

• When the Subject field or the body of the message contains specific words

• When a message header contains specific words

• When the From address contains specific words

• When the Subject field contains text patterns

• When the Subject field or the body of the message contains text patterns

• When the message header contains text patterns

• When the From address contains text patterns

• When any attachment file name contains text patterns

• With a spam confidence level (SCL) rating that is greater or equal to limit

• When the size of any attachment is greater than or equal to limit

• Marked with classification

• Marked with importance

Edge Transport Conditions and Exceptions

You can select the following conditions on Edge Transport servers:

• When the Subject field contains specific words

• When the Subject field or the body of the message contains specific words

• When a message header contains specific words

• When the From address contains specific words

• When any recipient address contains specific words

• When the Subject field contains text patterns

• When the Subject field or the body of the message contains text patterns

• When the message header contains text patterns

• When the From address contains text patterns

• When text patterns in any of recipient address

• With a spam confidence level (SCL) rating that is greater than or equal to limit

• When the size of any attachment is greater than or equal to limit

• From users inside or outside the organization

Selecting Actions

As with conditions and exceptions, your choice of possible actions depends on whether you're creating the rule on a Hub Transport server or an Edge Transport server. The Exchange 2007 help files contain detailed descriptions of how each of these actions is defined and applied.

Hub Transport Actions

You can select the following actions on Hub Transport servers:

• Log an event with message

• Prepend the subject with string

• Apply message classification

• Append disclaimer text using font, size, color, with separator, and fallback to action if unable to apply

• Set the spam confidence level to value

• Set header with value

• Remove header

• Add a recipient in the To field addresses

• Copy message to addresses

• Blind copy (Bcc) the message to addresses

• Redirect message to addresses

• Send bounce message to sender with enhanced status code

• Silently drop the message

Edge Transport Actions

You can select the following actions on Edge Transport servers:

• Log an event with message

• Prepend the subject with string

• Set the spam confidence level to value

• Set header with value

• Remove header

• Add a recipient in the To field addresses

• Copy the message to addresses

• Blind carbon copy (Bcc) the message to addresses

• Drop connection

• Redirect the message to addresses

• Put message in quarantine

• Reject the message with status code and response

• Silently drop the message

Creating New Rules with the Exchange Management Console

To create a new transport rule on your HT servers using the EMC, launch the EMC. Navigate to Exchange Organization\Organization Configuration\Hub Transport in the left-hand pane, then select the Transport Rules tab in the middle pane. Click the New Transport Rule task in the pane on the right to start the New Transport Rule Wizard.

Figure 13.3 shows the Introduction screen of the wizard. Here you provide the name and optional description of the new rule, as well as select whether the rule will be enabled once it is created. The name field is required. Click Next to continue.

Figure 13.3: New Transport Rule Wizard Introduction screen

Figure 13.4 shows the Conditions screen. The default condition is Apply to Messages, which will match all messages. If you want to narrow down which messages will be affected, select the check boxes of one or more conditions; they will be added to the lower text field.

Figure 13.4: New Transport Rule Wizard Conditions screen

To fill in the values of the conditions, click on the underlined blue text fields and select the results from the selection dialogs that are opened. Once you are satisfied with the selections, click OK to close the selection dialogs. Click Next to continue.

Figure 13.5 shows the Actions screen. There are no default actions. Select the check boxes of one or more actions; they will be added to the lower text field.

Figure 13.5: New Transport Rule Wizard Actions screen

To fill in the values of the actions, click on the underlined blue text fields and select the results from the selection dialogs that are opened. Once you are satisfied with the selections, click OK to close the selection dialogs. Click Next to continue.

Figure 13.6 shows the Exceptions screen. There are no default exceptions. If you wish to create an exception, select the check boxes of one or more exceptions; they will be added to the lower text field.

Figure 13.6: New Transport Rule Wizard Exceptions screen

To fill in the values of the exceptions, click on the underlined blue text fields and select the results from the selection dialogs that are opened. Once you are satisfied with the selections, click OK to close the selection dialogs. Click Next to continue.

Figure 13.7 shows the Create Rule screen. This screen gives you a summary of the rule that will be created. If you are happy with it, click New to create the rule.

Figure 13.7: New Transport Rule Wizard Create Rule screen

The transport rule is now created in Active Directory and will be replicated to all HT servers in your organization. The results of the operation, including the EMS command line used to create the rule, will be shown on the Completion screen, as shown in Figure 13.8.

Figure 13.8: New Transport Rule Wizard Completion screen

To create a new transport rule on your ET server using the EMC, launch the EMC on your ET server. Follow the same steps as for creating a new HT transport rule.

Creating New Rules with the Exchange Management Shell

The following Exchange Management Shell commands let you add, change, remove, enable, or disable transport rules that are used by the Transport Rules agent on a Hub Transport server or an Edge Transport server:

• Get-TransportRule This cmdlet shows you the existing transport rules in your organization (if run on an HT server) or Edge server (if run on an ET server):

   Get-TransportRule 

• Enable-TransportRule This cmdlet sets an existing transport rule as enabled, which means it will be applied to messages:

   Enable-TransportRule -Identity MyTransportRule 

• Disable-TransportRule This cmdlet sets an existing transport rule as disabled, which means that it will still be present in the configuration but will not be applied to messages:

   Disable-TransportRule -Identity MyTransportRule 

  Tip

  The Disable-TransportRule cmdlet is useful for troubleshooting problems with transport rules.

• Remove-TransportRule This cmdlet allows you to delete an existing transport rule:

   Remove-TransportRule -Identity TransportRuleToDelete 

• Set-TransportRule This cmdlet allows you to modify the parameters of an existing transport rule:

   $Condition = Get-TransportRulePredicate FromMemberOf $Condition.Addresses = @((Get-DistributionGroup "Sales Group")) Set-TransportRule -Identity FromSales -Condition @($condition) 

  To make this cmdlet manageable, we made use of variables to create the condition from a member of distribution list and fill its Addresses property with the Sales Group distribution list. We then pass the variable into the Set-TransportRule cmdlet, modifying the condition of the FromSales rule.

• New-TransportRule This cmdlet allows you to create a new transport rule. Creating a new rule from the EMS is beyond the scope of this book, but it follows the same principles as the Set-TransportRule example. From the EMS, issue the following command for a full description of the cmdlet, including examples:

   Help New-TransportRule -full