Managing message approval
Applies to: Exchange Server 2013, Exchange Online
Topic Last Modified: 2012-09-25
You can require all messages sent to specific recipients be approved by moderators by Using the moderated transport feature in Microsoft Exchange Server 2013. You can configure any type of recipient as a moderated recipient, and Exchange will ensure that all messages sent to those recipients go through an approval process.
In any type of organization, you may need to restrict access to specific recipients. The most common scenario is the need to control messages sent to large distribution groups. Depending on your organization's requirements, you may also need to control the messages sent to executive mailboxes or partner contacts. You can use moderated recipients to accomplish these tasks.
|Microsoft Exchange Server 2007 doesn't support moderated recipients. If a message sent to a moderated distribution group is expanded on an Exchange 2007 Hub Transport server, the message will bypass moderation and will be delivered to all members of the distribution group. If you have Exchange 2007 Hub Transport servers in your Exchange organization, you need to designate an Exchange 2013 Mailbox server as the expansion server for moderated distribution groups. This ensures that all messages sent to the distribution group are moderated.|
The moderated transport application consists of the following components:
Categorizer The categorizer in the Transport service on a Mailbox server initiates the approval process. When the categorizer detects a moderated recipient while processing a message, it reroutes the message to the arbitration mailbox.
Mailbox Transport service The Mailbox Transport service on a Mailbox server processes the messages that the categorizer marks for moderation. When the Mailbox Transport service encounters such a message, it delivers the original message to the arbitration mailbox and sends approval requests to the moderators. When a moderator responds with a decision, the Mailbox Transport service marks that decision on the message that's stored in the arbitration mailbox. If an approved message is submitted again by the Information Assistant, the Mailbox Transport service removes the approval workflow wrappers so the message that's delivered is identical to the original message submitted by the sender.
Information Assistant The Information Assistant process in the Mailbox Transport service monitors the arbitration mailbox. The Information Assistant resubmits any approved messages to the Transport service on a Mailbox server for delivery to the intended recipients, or it deletes rejected messages. The Information Assistant is also responsible for sending rejection notifications to the sender. In addition, it cleans up the arbitration mailbox by deleting any stale or orphaned messages from the arbitration mailbox. For example, if a moderator simply deletes an approval request instead of making a decision, the corresponding message waiting for approval in the arbitration mailbox needs to be removed by the Information Assistant.
Arbitration mailbox The arbitration mailbox is used to store the original message that's awaiting approval. By default, one arbitration mailbox is created for moderated transport during setup. It's used for all moderated recipients. You can add additional arbitration mailboxes for load balancing purposes. If you're using multiple arbitration mailboxes, you need to specify which mailbox to use for each moderated recipient.
When a user sends a message to a moderated recipient, the message follows a path to its destination, as shown in the following figure and described in the following steps.
Moderated transport message flow
The sender creates a message and sends it to the moderated recipient.
The categorizer in the Transport service intercepts the message, marks it for moderation, and then reroutes it to the Mailbox Transport service on the Mailbox server where the arbitration mailbox resides.
The Mailbox Transport service delivers the message to the arbitration mailbox and sends an approval request to the moderator.
The moderator uses the buttons in the approval request to either accept or reject the message.
The Mailbox Transport service marks the moderator's decision on the original message stored in the arbitration mailbox.
The Information Assistant in the Mailbox Transport service reads the approval status on the message stored in the arbitration mailbox, and then processes the message depending on the moderator's decision:
If the moderator has approved the message, the Information Assistant resubmits the message to the Transport service on a Mailbox server, and the message is delivered to the recipient.
If the moderator has rejected the message, the Information Assistant deletes the message from the arbitration mailbox and notifies the sender that the message was rejected.
Note: If the moderator doesn't respond to the message within five days, the Information Assistant will delete the message from the arbitration mailbox and notify the sender that their message has expired.
It's possible to send a message to a group of recipients that includes both moderated recipients and recipients that aren't moderated. In this case, a separate approval process occurs for each moderated recipient.
Consider a message that's sent to 12 recipients, one of which is a moderated distribution group. The categorizer bifurcates or forks this message into two copies. One message is delivered immediately to the 11 recipients that aren't moderated, and the second message is submitted to the approval process for the moderated distribution group.
If a message is intended for more than one moderated recipient, a separate copy is created for each moderated recipient and is submitted to the approval process.
A moderated distribution group may contain other moderated recipients. In this case, after the message to the distribution group is approved, a separate approval process occurs for each moderated recipient that's a member of the distribution group. However, you can also enable the automatic approval of the distribution group members after the message to the moderated distribution group is approved. To do this, you use the BypassNestedModerationEnabled parameter on the Set-DistributionGroup cmdlet.
Messages from moderators are delivered to the moderated recipient immediately, bypassing the approval process. By definition, a moderator has the authority to determine what messages are appropriate for a moderated recipient.
Moderation is also bypassed for owners of distribution groups and dynamic distribution groups. The owner of a distribution group can be responsible for managing the distribution group membership, but may not be able to moderate messages sent to it. For example, the account provisioning staff may be the owners of a distribution group called All Employees, but only specific people in human resources may have moderator rights for the same distribution group.