Internal Email Only

[TDKMan]

We want to set up email for selected individuals that can only send and receive email from an internal source only. They must not be able to receive email from external sources or send email externally.

Any information on how to implement this process would be greatly appreciated.

Thanks Joe

 

[SteveTheGeek]

The easiest way to prevent them from receiving external email is probably to remove all the SMTP addresses from their account in Active Directory. I don't see any way to deny sending external email - perhaps you can do it at your firewall, if there's a SMTP proxy in use.
-Steve

 

[Xybertron]

"The easiest way to prevent them from receiving external email is probably to remove all the SMTP addresses from their account in Active Directory."

I don't think it will let you do this with the GUI. Dan
Microsoft Exchange Support @ Microsoft

 

[SteveTheGeek]

Sonufagun, I just tried it, and indeed it won't let you remove the primary SMTP address. Okay then, under the AD user properties, Exchange General tab, Delivery Restrictions, Message Restrictions - change Accept messages: "from everyone" to "only from" and select everyone (shift-click to select every address, if there's a lot of them) - think that'll work?

-Steve

 

[Xybertron]

uh...

The only way I can imagine to do this is... Not tested!

Setup a second Virtual Server. Block the "special" users from it. And have all mail forward from the first SMTP Virtual Server to the second.

Incoming mail is basically blocked since they can't e-mail out. So external users would have to know the smtp address. Dan
Microsoft Exchange Support @ Microsoft

 

[hads]

If it won't let you remove the primary address couldn't you set up some random fake domain like '@fakedomain' as a new domain in the recipient policy and then set this to their primary address and delete their actual smtp address.

Just a thought.


01101000011000010110010001110011

 

[Xybertron]

Yes but you have to make sure that address is on a Recipient Policy.

So make it zazazazazaz.com so it doesn't cause any issues with external places. Dan
Microsoft Exchange Support @ Microsoft

 

[Xybertron]

But... they can still send out anyways unless you enforce something else. Dan
Microsoft Exchange Support @ Microsoft

 

[hads]

Oh yeah, well done me... that does't solve the sending out issue at all.

It covers the recieving part, and you could combine it with the other suggestion to really make sure.

What I meant by '@fakedomain' was actually without a '.com' as to make sure it didn't interfere with anything on the Internet.

Sounds like a bit of work though.

01101000011000010110010001110011

 

[cvoce]

Could you not do something with the "Relaying" options under the Default SMTP Virtual Server Properties? That would by by Computer rather than user though I think. If they are not allowed to Relay, then they can still send internal emails, but not external.

Hope this helps,

Chris

 

[lksixt]

I'm at a school and would like to do the same thing, keep students on internal mail only, but allow faculty and administration to get/send external mail. You can't even imagine the stuff these kids have signed up for, the junk mail is killing me.

Did anyone ever figure this one out?

thanks

Laura

 

[brontosaurus]

so , you want to block the students from receiving and sending internet mail, or just receiving?

 

[mmaxx]

Follow the steps outlined below:
1. Create a group called InternalOnly.
2. Create a recipient policy that gives them a fake SMTP address. i.e.
@fake.domain. Leave the X400 address alone so they can receive
internal mail.
3. Drill down through Routing Groups > Group Name > Connectors >
SMTP internet connector(s), choose its properties. Choose the Delivery
Restrictions tab, and under "reject", add this group. Do this for each
connector.
4. Follow the steps in Q277872, regarding Connector Restrictions.
[Now they can't use the SMTP connector(s) to send external mail]