Block External Mail on Selected Users 5

[XofCDe3rd]

Hello Is it possible to block external mail on select users within a domain.

In effect they will only be allowed to send and recieve internal mail

if so can anybody point me in the right direction

Ta in advance
Exchange newbie

 

[Zelandakh]

Delete their SMTP address.

 

[BigFunkyChief]

Also, if you go into Active Directory for the user, click on their Properties, click on the Exchange General Tab and click on the "Delivery Restrictions" button, you'll have a whole set of options to filter mail to the mailbox.

Under Message Restrictions : Accept Messages :

You'll de-select "From everyone" by selecting "From Authenticated Users Only" or choose "Only From: " and define a list of users who can send this mailbox email.

Hope this helps.

"Rule #1 - When stumped, check your Event Logs!

 

[XofCDe3rd]

Awesome I have seen this tab But I have not played around with it for fear of messin things up....I just needed to get help from the pros........

 

[DColcl]

woot! I found my answer here too! Thank you!

Dan

 

[zbnet]

Surely a better way to do this would be to add an Internet SMTP connector to one of your servers, and use this as an 'IMS equivantent' to route all outbound external email. I say this because it allows you to impose restrictions on external mailing (via the Delivery restrictions tab) in exactly the same way the old IMS used to - surely a much better centrally-managed solution than endless fiddling with individual AD accounts?

 

[XofCDe3rd]

Okay an Extention to this thread.....

Ta zbnet for the Post

i m kinda on the notion that with the virtual smtp connector you can only restrict delivery of all smtp traffic

On the other hand with the AD properties of a user you can restrict both mail traffic in and out, but this is only for a single user

just a question is there a way to do in one place for a whole group of users???

ta in Advance

 

[zbnet]

Ed Crowley once said: 'There are seldom good technological solutions for behavioural problems.'

Putting aside for a moment the question of why you should want to restrict external mail sending and receiving from a subgroup of your users, why not just tell them that the company rules say no external email, write it into their contracts, and then dismiss the first one that breaks the rules? The others will certainly then think twice about using external email.

If you must enforce this with a technical solution, I urge you to reconsider my suggestion above - using an SMTP connector for all external SMTP mail does provide (as you point out) a solution for only blocking outbound external email for this subgroup of users - but it is at least 'centralised' administration, as you simply add them to the group that you have entered in the connector delivery restrictions tab. Sure, these users will still be able to receive external email, but if they can't reply to it they won't be able to hold email conversations with external people, and perhaps the people sending to them will get tired of not receiving a reply. We've used this solution since the days of 5.5 for many years for a very small group of people on special contracts in our organisation, and it works very well indeed.

To truly stop accounts receiving external email, BigFunkyChief's suggestion is the right way to do this in Exchange 2003 - the tickbox 'Accept message from authenticated users only' on the Delivery Restrictions page is designed to do this, as all external senders are unauthenticated within your domain. However, this is a per AD account setting, there is no easy way to group together a bunch of accounts and make this setting in bulk. You could play with group policy, but you'll have to ask yourself whether this extra restriction is worth the effort.

 

[58sniper]

The other way to stop the inbound email is to change their SMTP address from .com/.org/.net to .local

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[XofCDe3rd]

Ta zbnet for that I think thats a nice way to do it.

This question was out of curiosity because with my first post a freind had asked me to restrict email usage on their exchange server. this came about since users were getting non company related mail. I guess they did not want to spend more money on an email filtering program like maybe surfcontrol's email fiter

Since they only had about 10 users with mailboxes in their small firm. So setting on certain induviduals was not to much. It is the thought of being confronted with a firm that holds in access of 30 users with mailboxes, u would be in a bit of a spot.

58sniper this would mean individualy setting each of the users AD properties? I mean I know this can be done with via scripting to ease the pain...although there would be more to this story.........

 

[58sniper]

You could setup another recipient policy to do that.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[XofCDe3rd]

forgive me for being the dumb one but....could you please point me in the right direction to read about your suggestion.....because I just wanna have some kind of idea to keep me outta trouble...

Ta