Export (0) Print
Expand All

Transport Rule Actions

 

Applies to: Exchange Server 2013

Topic Last Modified: 2014-03-12

Transport rule actions let you apply messaging policies to email messages flowing through your organization that match conditions and exceptions defined in Transport Rule Conditions (Predicates). For example, you could define a transport rule action to forward an email message to an approving manager, or add a disclaimer or personalized signature.

Looking for:

Contents

Transport rule actions and properties

Property values

Each transport rule action contains the action, and any information needed for the action. For example, when you use the Redirect the Message to action, you must specify the email address of the person you’re redirecting the message to. Sometimes two pieces of information are needed. For example, when you add a disclaimer, you need the disclaimer text plus information about what to do if the disclaimer can’t be sent.

Here’s a list of the information required for each action in Exchange 2013. When you add these actions using the Exchange admin center, you’re prompted for the required information. When you add them using the Shell, you must specify them on the command line. Valid values for each property are described in Property values.

 

Action name in Exchange admin center Action name in Shell Properties Description

Forward the message for approval to

ModerateMessageByUser

Addresses

Forwards the message to the specified moderators as an attachment wrapped in an approval request. See Configure a Moderated Recipient for more information.

Forward to the sender's manager for approval

ModerateMessageByManager

Not applicable

Forwards the message to the sender's manager for approval, if the manager attribute is populated in Active Directory.

ImportantImportant:
If the sender's manager attribute isn't populated in Active Directory, the message is delivered to recipients without moderation.

Redirect the message to

RedirectMessageTo

Addresses

Redirects the email message to one or more specified recipients. The message isn't delivered to the original recipients, and no notification is sent to the sender or the original recipients.

Reject the message with the explanation

RejectReason

RejectReason

Deletes the email message and sends a non-delivery report to the sender with the specified text as the rejection reason. The recipient doesn't receive the message or notification.

Reject the message with the enhanced status code

RejectMessageEnhancedStatusCode

EnhancedStatusCode

Deletes the email message and sends a non-delivery receipt to the sender with the specified status code. The recipient doesn't receive the message or notification.

Delete the message without notifying anyone

DeleteMessage

Not applicable

Deletes the email message without sending a notification to either the recipient or the sender.

Bcc the message to

BlindCopyTo

Addresses

Adds one or more recipients as blind carbon copy (Bcc) recipients. The original recipients aren't notified and can't see the Bcc addresses.

Add these recipients to the To box

AddToRecipient

Addresses

Adds one or more recipients to the To field of the message. The original recipients can see the additional address.

Cc the message to

CopyTo

Addresses

Adds one or more recipients to the carbon copy (Cc) field of the message. The original recipients can see the Cc address.

Add the sender's manager as a recipient type

AddManagerAsRecipientType

AddedRecipientType

Adds the sender's manager, if defined in the manager attribute in Active Directory, as the specified recipient type.

Append the disclaimer

ApplyHtmlDisclaimerText

ApplyHtmlDisclaimerTextLocation

ApplyHtmlDisclaimerFallbackAction

First property: DisclaimerText

Second property: FallbackAction

Applies an HTML disclaimer to the message. There are three parameters in the Shell that correspond to this action. When you append the disclaimer, the property ApplyHtmlDisclaimerTextLocation is set to Append.

Prepend the disclaimer

ApplyHtmlDisclaimerText

ApplyHtmlDisclaimerTextLocation

ApplyHtmlDisclaimerFallbackAction

First property: DisclaimerText

Second property: FallbackAction

Applies an HTML disclaimer to the message. There are three parameters in the Shell that correspond to this action. When you prepend the disclaimer, the property ApplyHtmlDisclaimerTextLocation is set to Prepend.

Remove this header

RemoveHeader

MessageHeader

Removes the specified message header from a message.

Set the message header to this value

SetHeaderName

SetHeaderValue

First property: MessageHeader

Second property: HeaderValue

Creates a new message header or modifies an existing message header and sets the value of that message header to the specified value. There are two parameters in the Shell that correspond to this action.

Apply a message classification

ApplyClassification

Classification

Applies a message classification to the message.

Set the spam confidence level (SCL) to

SetScl

SclValue

This action sets the spam confidence level (SCL) on an email message.

Prepend the subject of the message with

PrependSubject

Prefix

Prepends the Subject of the message with the specified text.

Apply rights protection to the message with

ApplyRightsProtectionTemplate

RMSTemplateIdentity

Applies the specified Rights Management Services (RMS) template to the message.

Require TLS encryption

RouteMessageOutboundRequireTls

Either of the following:

Not applicable

Applicable

Forces the outbound messages to be routed over TLS encrypted connections.

Notify the sender with a Policy Tip

NotifySender

NotifySenderType

Notifies the sender when the message goes against a DLP policy configured in the organization.

  • When you use this action, you must use the MessageContainsDataClassification (The message contains sensitive information) condition.

  • You can also use the following conditions:

    • SentTo (The recipient is)

    • SentToScope (The recipient is located)

    • From (The sender is)

    • FromMemberOf (The sender is a member of)

    • FromScope (The sender is located)

  • Some actions can’t be combined with NotifySender:

    1. RejectMessageReasonText (Reject the message and include an explanation)

    2. RejectMessageEnhancedStatusCode (Reject the message with the enhanced status code of)

    3. DeletedMessage (Delete the message without notifying anyone)

Generate incident report and send it to

GenerateIncidentReport

First property: Addresses

Second property: IncidentReportContent

Generates an incident report and sends it to the specified recipients.

Stop processing more rules

StopRuleProcessing

Not applicable

Specifies whether the processing of subsequent rules should be stopped for this message.

Each property that you use to define a transport rule action requires a value. Here’s a list of values for each action property in Exchange 2013.

 

Property Valid values Description

AddedRecipientType

One of the following values:

  • To

  • Cc

  • Bcc

  • Redirect

AddedRecipientType accepts a single value:

  • To, Cc, and Bcc values are self-explanatory and correspond to the addressing fields of email messages.

  • Redirect delivers the message only to the specified recipient. The message isn't delivered to any of the original recipients.

Addresses

Either a single or an array of valid recipients.

Addresses accepts an array of mailbox, mail-enabled contact, mail-enabled user, or distribution group objects.

Classification

Single message classification object

Classification accepts a single message classification object. To see what message classification objects are available, you can use the Get-MessageClassification cmdlet.

DisclaimerText

HTML string

DisclaimerText can be any text you want to insert to the message as a disclaimer. HTML tags and cascade style sheet (CSS) tags.

EnhancedStatusCode

Single DSN code of 5.7.1, or any value from 5.7.10 through 5.7.999

EnhancedStatusCode specifies the DSN code and related DSN message to display to the senders of messages rejected by a Transport rule action. The DSN message associated with the specified DSN status code is displayed in the user information portion of the NDR displayed to the sender. The specified DSN code must be an existing default DSN code or a customized DSN status code that you can create by using the New-SystemMessage cmdlet.

FallbackAction

One of the following values:

  • Wrap

  • Ignore

  • Reject

FallbackAction specifies what the Transport rule should do if a disclaimer can't be applied to a message. There can be cases where the contents of a message can't be altered, for example if a message is encrypted. The default fallback action is Wrap. The following list describes each fallback action:

  • Wrap   If the disclaimer can't be inserted into the original message, Exchange encloses, or wraps, the original message in a new message envelope. Then the disclaimer is inserted into the new message.

    ImportantImportant:
    If an original message is wrapped in a new message envelope, subsequent Transport rules are applied to the new message envelope, and not to the original message. Therefore, you must configure Transport rules with disclaimer actions that wrap original messages in a new message body with a lower priority than other Transport rules.
    NoteNote:
    If the original message can't be wrapped in a new message envelope, the original message isn't delivered. The sender of the message receives an NDR that explains why the message wasn't delivered.
  • Ignore   If the disclaimer can't be inserted into the original message, Exchange lets the original message continue unmodified. No disclaimer is added.

  • Reject   If the disclaimer can't be inserted into the original message, Exchange doesn't deliver the message. The sender of the message receives an NDR that explains why the message wasn't delivered.

HeaderValue

Single string

HeaderValue accepts a single string that's applied to the header specified header.

IncidentReportContent

One of the following values:

  • Sender

  • Recipients

  • Subject

  • CC

  • BCC

  • Severity

  • Override

  • RuleDetections

  • FalsePositive

  • DataClassifications

  • IdMatch

  • AttachOriginalMail

IncidentReportContent specifies the list of properties of the original message to be included in the incident report. You can choose to include any combination of these properties. In addition to the properties you specify, the message ID is always included in the incident report. The following list describes these properties:

  • Sender, Subject, and AttachOriginalMail   Self-explanatory values. The first two correspond to the message properties with the same name. The third property specifies that the entire message that triggered the rule is attached to the incident report.

  • Recipients, CC, and BCC   Designate the recipients the message was sent to, and correspond to the To, Cc, and Bcc boxes respectively. For each of these properties, only the first 10 recipients are included in the incident report. If the message was addressed to more than 10 recipients, the report will also include the count of additional recipients. For example, if the message included 22 people in the To: box, the incident report will list the first 10 of these recipients and specify that there were 12 additional recipients.

  • Severity   Specifies the audit severity of the rule that was triggered. If the message was processed by more than one rule, the highest severity is included in the incident report.

  • Override   Specifies the override if the sender has chosen to override a Policy Tip. If the sender has provided a justification, the first 100 characters of the justification are also included.

  • RuleDetections   Specifies the list of rules that the message triggered.

  • FalsePositive   Specifies the false positive if the sender marked the message as a false positive for a Policy Tip.

  • DataClassifications   Specifies the list of sensitive information types detected in the message.

  • IdMatch   Specifies the sensitive information type detected, the exact matched content from the message, and the 150 characters before and after the matched sensitive information.

MessageHeader

Single string

MessageHeader accepts a string that can be used to specify the SMTP message header to modify.

NotifySenderType

One of the following values:

  • NotifyOnly

  • RejectMessage

  • RejectUnlessFalsePositiveOverride

  • RejectUnlessSilentOverride

  • RejectUnlessExplicitOverride

NotifySenderType specifies the type of Policy Tip the sender will receive if a message they sent goes against a DLP policy configured in the organization. The following list describes each notification type:

  • NotifyOnly Notifies sender, but delivers the message normally.

  • RejectMessage Notifies sender, and rejects the message.

  • RejectUnlessFalsePositiveOverride RejectsThe message unless the sender has marked it with a false positive.

  • RejectUnlessSilentOverride Rejects the message unless the sender has chosen to override the policy restriction.

  • RejectUnlessExplicitOverride This is similar to RejectUnlessSilentOverride type, but the sender also provides a justification for overriding the policy restriction.

Prefix

Single string

Prefix accepts a string that's prepended to the subject of the email message.

TipTip:
To prevent the string that's specified with the Prefix Transport rule action from being added to the subject every time that a reply to the message encounters the Transport rule, add the SubjectContains exception to the Transport rule.
The SubjectContains exception should contain the string that you specified with the Prefix Transport rule action. If you add the SubjectContains exception to the Transport rule, the Transport rule doesn't add another instance of the Prefix string to the subject if the Prefix string already appears in the subject.

RejectReason

Single string

RejectReason accepts a string that's used to populate the administrator information portion of the NDR returned to the email sender if an email message is rejected.

RMSTemplateIdentity

RMS Template identity

RMSTemplateIdentity accepts an RMS Template identity. You can get a list of RMS templates available on an Active Directory RMS server in the Active Directory forest using the Get-RMSTemplate cmdlet.

SclValue

Single integer

SclValue accepts a single integer from -1 through 9, which is used to configure the SCL of the email message.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft