Transport Rules in Exchange 2010
Many organizations today are under some form or regulatory requirements mandating the length of time that electronic mail can be stored, the location of that storage, the acceptable recipients for certain types of information, etc. In Exchange 2007, transport rules were introduced as an ability to restrict or modify message flow in an effort to control message traffic with regulatory compliance in mind. These rules are implemented by both Hub Transport and Edge Transport servers through the use of a transport rule agent which assists the message categorizer in determining how to act on messages in transport between both internal and external recipients. These rules are stored in the Active Directory configuration partition (for Hub Transport servers) and are therefore utilized by all servers within the Exchange organization. Edge transport rules are primarily for dealing with outgoing and incoming traffic, not internal traffic, and are not stored in Active Directory but in the AD LDS data store locally on the Edge transport server.
Transport rules provide three basic components or conditions, actions, and exceptions. Conditions in a transport rule are the characteristics of a message which are compared to determine whether or not the rule is applicable. For instance, a message arriving at the Hub Transport server by way of a receive connector (incoming mail) or from the store driver (internal mail) the categorizer checks the message while it is in the submission queue and compares its properties with those of the transport rules. If there is a rule that looks for specific senders or recipients then the message is compared against the sender and recipients in the transport rule. If the rule is looking for internal vs. external senders/recipients than this is matched against the rule, and so on and so forth. Therefore the conditions of a transport rule determine whether or not the rule actually applies to an individual message that resides in the submission queue. If a message matches the conditions, all the conditions, of a specific rule than the actions that are prescribed are taken. These actions include the ability to add disclaimers, add message classifications, blind carbon and carbon copy other recipients, redirect messages or return to sender in addition to many more. The only reason an action would not be taken is if the message met any of the exceptions for the rule. Essentially the exceptions are the same as the conditions for the purpose of exempting certain senders and recipients or messages with other characteristics from having the rule action taken on them.
There are many similarities between transport rules in the previous version of Exchange and those in Exchange server 2010 but there are some important differences and enhancements as well. The rules are still stored in the same locations and accessible to all servers. They are still applicable to all messages both internal and external to the organization and implemented by transport rule agents on each individual server. They can still be created using the EMC or EMS but they now contain several different or enhanced conditions and actions. First let's look at some of the enhanced conditions. The condition of Users inside or outside the organization has been extended so that if company partnerships are formed you can include those users from the other company into our rules. For instance, I might be looking for certain material in the subject or body of the message in addition to who the message was destined for and I might then create two separate rules. The first rule would apply if the content was present and the message was destined to an external user and the server would be configured to take the action or rejecting or redirecting the message to an alternate recipient or moderator. The second rule could say that if the recipient of the message was internal or a part of a partner organization and the content was present that the message would be allowed to be delivered. Remember you must meet ALL the conditions of a rule for the rule to apply to that message.
Another enhancement in the conditions is the ability to scan the actual content of support attachment types. In Exchange 2007 administrators could only configure rules to look at the names of attachments for certain words or phrases are certain characteristics, using regular expressions. This was helpful but could allow a user to just create a Word document and paste the restricted information into the file and send it to an external recipient. The Exchange servers had no ability to scan the contents of the file but this has changed in Exchange 2010 which should allow administrators to breathe a little bit easier. There is a significantly enhanced capability of looking at Active Directory attributes for the recipient as well allows administrators to create rules that are based on almost any user attribute including membership in groups, managers, city, department, etc. This really extends the levels of control which can be implemented in transport rules.
Actions have also been enhanced in this version of Exchange to provide more feature rich capabilities. In some cases, the wording of the actions has just been modified to make it a little clearer but often there is increased functionality. My personal favorite is the ability to add a disclaimer in Exchange 2007 has been enhanced to now support the use of HTML tags and Cascading Style Sheets so that feature rich disclaimers, such as those offered by third-party software, can now be added to outgoing Exchange messages without any cost. It is also possible to add to those disclaimers certain properties about the user and/or the organization that are obtained from Active Directory user object. Secondly, instead of just being able to apply message classifications to messages Exchange 2010 is fully capable of integrating into an AD RMS document protection solution. These are known as Outlook Protection rules where the Exchange transport server can automatically apply an RMS template to a message based on the characteristics of the message. This provides a true level of protection that wasn't provided by just "labeling" the message through a classification. Thirdly the used of moderators or forwarding a message to someone else for moderation is very helpful in instances where it is uncertain what actions should be taken. In the past, a message could be redirected if it was questionable but the redirected recipient would then have to manually forward the message on or resend it. This was cumbersome in comparison to the use of moderators who through a single click in Outlook or Outlook Web Access can allow a message to continue on its way to the original intended recipient.
In summary transport rules remain and excellent mechanism provided in the latest versions of Exchange server to restrict and modify message flow. We have seen some exciting additions and enhancements to the list of conditions and actions that were provided in Exchange 2007. These will allow administrators to be more specific and gain tighter control of messaging compliance within their organizations.
About K Alliance:
K Alliance is the premier solutions provider of e-learning courseware. Microsoft Exchange Server training reveals and demonstrates the many benefits your staff, development team and enterprise will discover through the use of a unified communications strategy, designed to streamline and extend the way you conduct business. Mailbox resiliency, help desk message tracking, distribution group manage of information, a higher availability and recovery of data, and automatic failure recovery are some of the many topics discussed in our Microsoft Exchange 2010 training videos. With the high demand of credible, knowledgeable individuals, many professionals increase their career opportunities and their technical capabilities with an MCITP Enterprise Messaging Administrator 2010 certification. Our training structure provides the necessary tutelage in the responsibilities of creating, deploying, optimizing and continuous management of an entire Exchange Server 2010 environment. MCTS Exchange Server 2010 Configuration CBT training allows the busy, hustling professional the freedom of self-study as their schedule permits.
If you would like to receive permission to use our articles on your webiste, you may contact us at permission@kalliance.com.
