Some organizations have strict security policies when it comes to email. Most of you have seen a request from HR or Legal asking you to block a particular user (maybe a temp) from sending and receiving emails from outside the organization.
This can be accomplished with transport rules or a combination of transport rule and shell command.
We can configure a transport rule to block the user from sending emails externally. There are two options, either we can delete the emails which the user tries to send without notifying anyone or we can send an NDR back to the user with a customized message.
Launch EMC, navigate to Organization Configuration –> Hub Transport –> Transport Rules. Create a new rule and give a meaningful name. Select “from people” in conditions page and select the mailbox account. We can also create a group and add the group if more number of users have to be blocked and unblocked on a regular basis.
From the actions page, select one of the options depending on your choice.
Configure any exceptions if needed, click on “New” and “Finish” to create the rule.
Now, let’s block the user from receiving emails from the internet. Everyone knows that the distribution groups in Exchange 2010 doesn’t accept emails from outside the organization by default. This is because of the check box “Require that all senders are authenticated” in the group’s property.
The same can be applied to a mailbox as well. This option is not exposed in the EMC and hence the shell has to be used. By default, anyone can send an email to a mailbox, as the “RequireSenderAuthenticationEnabled” is set to false.
Run the following command to block external emails for a user, say ChakkaRajith in my case.
Set-Mailbox –identity “ChakkaRajith” –RequireSenderAuthenticationEnabled $true
We can also block emails from internet to a user using transport rule. It is advisable to create a group, say “NoExternalEmails” and add members to it, if the user list changes frequently. Create a transport rule as explained above with the below conditions.
The steps are same for Exchange 2007 and is explained in my article posted in 2009.