Understanding Moderated Transport
Applies to: Exchange Server 2010
Topic Last Modified: 2010-01-19
Using the moderated transport feature in Microsoft Exchange Server 2010, you can require all e-mail messages sent to specific recipients be approved by moderators. You can configure any type of recipient as a moderated recipient, and Exchange 2010 Hub Transport servers will ensure that all messages sent to those recipients go through an approval process.
In any type of organization, you may need to restrict access to specific recipients. The most common scenario is the need to control messages sent to large distribution groups. Depending on your organization's requirements, you may also need to control the messages sent to executive mailboxes or partner contacts. You can use moderated recipients to accomplish these tasks.
|Previous versions of Exchange don't support moderated recipients. If a message sent to a moderated distribution group is expanded on a Hub Transport server running Exchange Server 2007, it will be delivered to all members of that distribution group, bypassing the moderation process. If you have Exchange 2007 Hub Transport servers in your Exchange 2010 organization, and you want to use moderated distribution groups, you must designate an Exchange 2010 Hub Transport server as the expansion server for the moderated distribution groups. Doing this ensures that all messages sent to the distribution group are moderated.|
Moderated transport relies on the Exchange 2010 approval framework. For more information about the approval framework, see Understanding Approval Framework.
Looking for management tasks related to transport servers? See Managing Transport Servers.
The moderated transport application consists of the following components:
Categorizer The transport categorizer initiates the approval process. When the categorizer detects a moderated recipient while processing a message, it reroutes the message to the arbitration mailbox.
Store driver The store driver processes the messages that the categorizer marks for moderation. When the store driver encounters such a message, it stores the original message in the arbitration mailbox and sends approval requests to the moderators. When a moderator responds with a decision, the store driver marks that decision on the message that's stored in the arbitration mailbox. If an approved message is submitted again by the Information Assistant, the store driver removes the approval workflow wrappers so the message that's delivered is identical to the original message submitted by the sender.
Information Assistant The Information Assistant process monitors the arbitration mailbox. The Information Assistant resubmits any approved messages to the submission queue for delivery to the intended recipients, or it deletes rejected messages. The Information Assistant is also responsible for sending rejection notifications to the sender. In addition, it cleans up the arbitration mailbox by deleting any stale or orphaned messages from the arbitration mailbox. For example, if a moderator simply deletes an approval request instead of making a decision, the corresponding message waiting for approval in the arbitration mailbox needs to be removed by the Information Assistant.
Arbitration mailbox The arbitration mailbox is used to store the original message that's awaiting approval. By default, one arbitration mailbox is created for moderated transport during setup. It's used for all moderated recipients. You can add additional arbitration mailboxes for load balancing purposes. If you're using multiple arbitration mailboxes, you need to specify which mailbox to use for each moderated recipient.
When a user sends a message to a recipient for whom message moderation is enabled, the message follows a path to its destination, as shown in the following figure and described in the following steps.
The sender creates a message and sends it to the moderated recipient.
The categorizer intercepts the message, marks it for moderation, and then reroutes it to the arbitration mailbox.
The store driver stores the message in the arbitration mailbox and sends an approval request to the moderator.
The moderator uses the buttons in the approval request to either accept or reject the message.
The store driver marks the moderator's decision on the original message stored in the arbitration mailbox.
The Information Assistant reads the approval status on the message stored in the arbitration mailbox, and then processes the message depending on the moderator's decision:
If the moderator has approved the message, the Information Assistant resubmits the message to the submission queue, and the message is delivered to the recipient.
If the moderator has rejected the message, the Information Assistant deletes the message from the arbitration mailbox and notifies the sender that the message was rejected.
- If the moderator has approved the message, the Information Assistant resubmits the message to the submission queue, and the message is delivered to the recipient.
It's possible to send a message to a group of recipients that includes both moderated recipients and recipients that aren't moderated. In this case, a separate approval process occurs for each moderated recipient.
Consider a message that's sent to 12 recipients, one of which is a moderated distribution group. The categorizer splits this message into two messages. One message is delivered immediately to the 11 recipients that aren't moderated, and the second message is submitted to the approval process for the moderated distribution group.
If a message is intended for more than one moderated recipient, a separate copy is created for each moderated recipient and is submitted to the approval process.
A moderated distribution group may contain other moderated recipients. In this case, after the message to the distribution group is approved, a separate approval process occurs for each moderated recipient that's a member of the distribution group. However, you can also enable the automatic approval of the distribution group members after the message to the moderated distribution group is approved. To do this, you set the BypassNestedModerationEnabled parameter of the moderated distribution group to
$true. For more parameter and syntax information, see Set-DistributionGroup.
Messages from moderators are delivered to the moderated recipient immediately, bypassing the approval process. By definition, a moderator has the authority to determine what messages are appropriate for a moderated recipient.
Owners of distribution groups and dynamic distribution groups aren't treated automatically as trusted senders, and messages from these senders are subject to the approval process. The owner of a distribution group can be responsible for managing the distribution group membership, but may not be able to moderate messages sent to it. For example, the account provisioning staff may be the owners of a distribution group called All Employees, but only specific people in human resources may have moderator rights for the same distribution group. To bypass moderation for owners, you must either designate them as moderators or add them to the list of senders explicitly allowed to send messages to the moderated recipient.