Sunday, 28 November 2010

Transport Rules on Exchange 2007 and Exchange 2010

Transport rules, like journaling rules in the previous post, occur at the organisation level on transport servers. All messages must pass through a transport server and so we can apply rules to determine how a message is processed.

Imagine you suspect employees selling company secrets regarding a new product currently under development to a rival drug company. Lets say the new product is known to internal employees only and no outside parties are aware of the products development. How can you route out the dodgy emailers? With transport rules! The following screen shots should help show how its done:

Open the EMC and browse to the Organization Configuration Hub Transport node in the Console     tree.In the Work area, select the Transport Rules tab.

In the Actions pane, click the New Transport Rule action. This launches the New Transport Rule wizard.

Write a suitable name and optional comment. Select Enable Rule and click next.

Under the Conditions, select 'sent to users inside or outside the organisation' and select 'the subject field or the body of the message contains specific words'. Make sure to select the link 'inside' and change the scope to 'outside'. Also click the link 'Specific Words' and add a suitable key word. Click next.

Select 'Blind Carbon Copy' and add the journal mailbox to define a recipient of messages.

Transport Rules Conflicting with Journal Rules

Perhaps you might have a transport rule which prevents certain messages from being sent from certain recipients to others. If emails are being dropped, then how can they be journaled?  You will need to change the order of agent priority. The Transport Agent will by default process the message before the Journaling Agent. To determine the current state of priority, type the following cmdlet:

[PS] Get-TransportAgent

As you can see above, the Transport Agent is set to run before the Journaling Agent. Emails will be dropped before they can be journaled. To change the priority, type the following:

[PS] Set-TransportAgent -Identity "Journaling Agent" -Priority 1

Finally as show in the Powershell, you must restart the Transport Service


  1. Its good way to enhance data secrecy in the organization but what about drafting a mail in the office and not sending it from their and sent from a network connection outside.Will that capture that i don't think so?when it takes action while sending mails?

  2. If you send the msg on an outside connection wouldnt it still go via the transport server (either by owa or outlook etc.)and hence get flagged?