Imagine you suspect employees selling company secrets regarding a new product currently under development to a rival drug company. Lets say the new product is known to internal employees only and no outside parties are aware of the products development. How can you route out the dodgy emailers? With transport rules! The following screen shots should help show how its done:
Open the EMC and browse to the Organization Configuration Hub Transport node in the Console tree.In the Work area, select the Transport Rules tab.
In the Actions pane, click the New Transport Rule action. This launches the New Transport Rule wizard.
Write a suitable name and optional comment. Select Enable Rule and click next.
Under the Conditions, select 'sent to users inside or outside the organisation' and select 'the subject field or the body of the message contains specific words'. Make sure to select the link 'inside' and change the scope to 'outside'. Also click the link 'Specific Words' and add a suitable key word. Click next.
Select 'Blind Carbon Copy' and add the journal mailbox to define a recipient of messages.
Transport Rules Conflicting with Journal Rules
Perhaps you might have a transport rule which prevents certain messages from being sent from certain recipients to others. If emails are being dropped, then how can they be journaled? You will need to change the order of agent priority. The Transport Agent will by default process the message before the Journaling Agent. To determine the current state of priority, type the following cmdlet:
As you can see above, the Transport Agent is set to run before the Journaling Agent. Emails will be dropped before they can be journaled. To change the priority, type the following:
[PS] Set-TransportAgent -Identity "Journaling Agent" -Priority 1
Finally as show in the Powershell, you must restart the Transport Service