Overview of Transport Rules
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-01-11
Transport rules in Microsoft Exchange Server 2007 let you apply messaging policies to e-mail messages that flow through an Exchange Server 2007 organization. In Exchange 2007, the following two transport rules agents can act on messages:
Transport Rules agent The Transport Rules agent runs on all computers that have the Hub Transport server role installed. This agent helps you apply compliance- and policy-based rules to all messages that flow through an Exchange 2007 organization.
Edge Rules agent The Edge Rules agent runs on all computers that have the Edge Transport server role installed. This agent helps you manage antivirus problems.
This topic describes each transport rules agent in detail.
Many organizations today are required by law, regulatory requirements, or company policies to apply messaging policies that limit the interaction between recipients and senders, both inside and outside the organization. In addition to limiting interactions among individuals, departmental groups inside the organization, and entities outside the organization, some organizations are also subject to the following messaging policy requirements:
Preventing inappropriate content from entering or leaving the organization
Filtering confidential organization information
Tracking or archiving messages that are sent to or received from specific individuals
Redirecting inbound and outbound messages for inspection before delivery
Applying disclaimers to messages as they pass through the organization
The Transport Rules agent that runs on a Hub Transport server helps you meet each of these requirements. Through the Active Directory directory service, Exchange Server 2007 can apply a consistent messaging policy configuration across the organization. Each Hub Transport server queries Active Directory to retrieve the organization's current transport rule configuration and then applies that transport rule configuration to e-mail messages that the server encounters. This enables e-mail administrators to set policies across the organization and to implement them on the Hub Transport server as soon as replication occurs.
|Transport rules can't prevent people from communicating in other ways, such as networked file shares, newsgroups, or e-mail services that don't deliver messages to an Exchange 2007 organization.|
For more information about how Active Directory replication affects the Transport Rules agent, see the "Active Directory Replication" section in Understanding How Transport Rules Are Applied in an Exchange 2007 Organization.
The Edge Rules agent, which runs on the Edge Transport server, helps you control the number of unwanted messages that enter your organization. If your internal network is compromised, the Edge Transport rule agent can also apply the same or different rules to outgoing messages. In this manner, the Edge Rules agent helps you prevent infected or unwanted messages that are generated by infected computers in your internal network from leaving your organization. The following list provides some examples of when the Edge Rules agent can help you protect your organization:
Virus outbreaks Thousands of new viruses are created each year. Most antivirus software providers are reactive when they update their software. To update their software, antivirus software providers have to identify the virus, create an update for their software, and then send the update to their customers. This causes a gap in protection where an infected message can enter an organization unexpectedly.
Denial of service attacks Malicious individuals who want to do harm to organizations may use denial of service (DoS) attacks to draw attention to themselves or to cause damage. These attacks are typically unannounced and can be difficult or impossible to predict.
The Edge Rules agent is designed to help you reduce the impact of each of these risks. The Edge Rules agent lets you configure conditions and exceptions to identify both unwanted and wanted messages and to act on those messages by using configured actions.
The Edge Rules agent runs transport rules that are configured only on the local Edge Transport server. Depending on your organization, you may want to configure each Edge Transport server identically, or you may want to configure specific configurations, which address the unique e-mail message traffic patterns of each server.
For more information about how you can use the Edge Rules agent to reduce the impact that viruses and other unwanted messages have on your organization, see Configuring Edge Transport Rules to Manage Viruses.
You can use the Exchange Management Console or the Exchange Management Shell to manage both the Transport Rules agent and the Edge Rules agent. How you manage each agent on its respective server role is the same; only the conditions, exceptions, actions, and the scope of your changes differ for the two agents.
When you administer the transport rules that are used with the Transport Rules agent, the transport rules are replicated across the whole organization and are consumed by each Hub Transport server. Because all transport rules that are configured for use with Hub Transport servers are stored in Active Directory, you can use any computer that has Exchange 2007 installed, except Edge Transport servers, to manage those transport rules.
When you modify the transport rules that are used with the Edge Rules agent, the transport rules are changed only on the local Edge Transport server. If you configure the same transport rule on multiple Edge Transport servers, you must modify the transport rule on each Edge Transport server individually. To help you configure Edge Rules agents on multiple computers, Exchange 2007 can export and import transport rule collections. By using the import and export features in Exchange 2007, you can apply a standard set of transport rules across all Edge Transport servers manually or by using a script.
In addition to the scope of changes that you make to each agent, the conditions, exceptions, and actions that are available to each agent are also different. The differences in each agent are discussed in the "Transport Rules" section later in this topic.
For detailed instructions on how to use the Exchange Management Console and the Exchange Management Shell to manage the Transport Rules agent and the Edge Rules agent, see Managing Transport Rules.
For detailed information about the transport rule cmdlets that are available in the Exchange Management Shell, see Transport Rules Agent Cmdlets.
Both the Transport Rules agent and the Edge Rules agent apply transport rules to the e-mail messages that they encounter. However, as explained earlier in this topic, each agent has a different intended use. Because of this difference, the conditions, exceptions, and actions that are available on each agent are different.
Each transport rule consists of the following components:
Conditions Transport rule conditions are used to indicate which e-mail message attributes, headers, recipients, senders, or other parts of the message are used to identify the e-mail messages to which a transport rule action should be applied. If no condition is applied to a transport rule, the transport rule applies the configured action unless the message matches a configured exception.
Exceptions Transport rule exceptions identify the e-mail messages to which a transport rule action shouldn't be applied, even if the message matches a transport rule condition. An exception doesn't have to be configured on a transport rule.
Actions Transport rule actions are applied to e-mail messages that match all the conditions and none of the exceptions that are present on transport rules, and modify some aspect of the message or the message's delivery. Every transport rule must have at least one action configured.
The conditions, exceptions, and actions that are available for use with the Transport Rules agent are geared toward organizational policy and compliance. These rules help you control who can send messages to whom, how messages are handled, and how messages are reported. Because Hub Transport servers can access Active Directory, the Transport Rules agent can use the recipient information and other data that is stored in Active Directory.
The conditions, exceptions, and actions that are available for use with the Edge Rules agent are geared toward protecting your organization from unwanted or harmful messages. These rules help you control who sends messages in and out of your organization, and they help you quickly and efficiently act on those messages in a cost-effective manner.
For more information about the components of transport rules, see Understanding How Transport Rules Are Applied in an Exchange 2007 Organization.
Transport messaging policies are enhanced by or are also available as a service from Microsoft Exchange Hosted Services. Exchange Hosted Services is a set of four distinct hosted services:
Hosted Filtering, which helps organizations protect themselves from e-mail-borne malware
Hosted Archive, which helps them satisfy retention requirements for compliance
Hosted Encryption, which helps them encrypt data to preserve confidentiality
Hosted Continuity, which helps them preserve access to e-mail during and after emergency situations
These services integrate with any on-premise Exchange servers that are managed in-house or Hosted Exchange e-mail services that are offered through service providers. For more information about Exchange Hosted Services, see Microsoft Exchange Hosted Services.