Understanding Transport Rules
Applies to: Exchange Server 2010
Topic Last Modified: 2010-01-26
Many organizations today are required by law, regulatory requirements, or company policies to apply messaging policies that limit the interaction between recipients and senders, both inside and outside the organization. In addition to limiting interactions among individuals, departmental groups inside the organization, and entities outside the organization, some organizations are also subject to the following messaging policy requirements:
Preventing inappropriate content from entering or leaving the organization
Filtering confidential organization information
Tracking or archiving messages that are sent to or received from specific individuals
Redirecting inbound and outbound messages for inspection before delivery
Applying disclaimers to messages as they pass through the organization
Transport rules let you apply messaging policies to e-mail messages that flow through the transport pipeline on Hub Transport and Edge Transport servers. These rules allow information technology (IT) administrators to comply with messaging policies, secure messages, protect messaging systems, and prevent information leakage.
In Microsoft Exchange Server 2010, transport rules have been enhanced with additional predicates and actions. Additional functionality has been integrated with transport rules, such as rights protection.
Looking for management tasks related to managing transport rules? See Managing Transport Rules.
Transport rules consist of the following components:
Conditions Transport rule conditions are used to identify messages to which a transport rule action should be applied. Conditions consist of one or more predicates that specify the parts of a message that should be examined. Some predicates examine message fields or headers, such as To, From, or Cc. Other predicates examine message characteristics such as message subject, body, attachments, message size, and message classification. Most predicates require that you specify a comparison operator, such as equals, doesn't equal, or contains, and a value to match.
For a complete list of transport rule predicates available to Hub Transport and Edge Transport servers, see Transport Rule Predicates. The list of predicates is also available in the New Transport Rule wizard in the Exchange Management Console (EMC), and can be retrieved by using the Get-TransportRulePredicate cmdlet in the Exchange Management Shell.
Exceptions Exceptions are based on the same predicates used to build transport rule conditions. However, unlike conditions, exceptions identify messages to which transport rule actions shouldn't be applied. Exceptions override conditions and prevent actions from being applied to an e-mail message, even if the message matches all configured conditions.
Actions Actions are applied to messages that match the conditions and don't match any exception defined in the transport rule. Transport rules have many actions available, such as rejecting, deleting, or redirecting messages, adding additional recipients, adding prefixes in the message subject, or inserting disclaimers and personalized signatures in the message body.
To view a complete list of transport rule actions available on Hub Transport and Edge Transport servers, see Transport Rule Actions. The list of transport rule actions can also be viewed in the New Transport Rule wizard in the EMC, and can be retrieved by using the Get-TransportRuleAction cmdlet in the Shell.
Transport rules are applied on Hub Transport and Edge Transport servers by transport agents. On the Hub Transport server, rules are applied by the Transport Rules agent. On the Edge Transport server, this is the job of the Edge Rules agent. Although similar in functionality, both agents have some differences in the predicates and actions available, the transport event on which each agent fires, and the priority of each agent relative to other transport agents enabled on that transport server.
The Transport Rules agent processes transport rules on Hub Transport servers. It fires on the OnRoutedMessage transport event. All messages in an Exchange 2010 organization are touched by at least one Hub Transport server. This includes:
Messages to and from users in the same Active Directory site, including users with mailboxes on the same Mailbox server.
Messages to and from users in different Active Directory sites.
Messages to and from users in the Exchange organization and external users.
Transport rules configured on Hub Transport servers are stored in Active Directory, making them accessible to all Hub Transport servers in the organization as the configuration is replicated to all domain controllers across the Active Directory forest. This allows Exchange to consistently apply a single set of rules across the entire organization. Each Hub Transport server queries Active Directory to retrieve the organization's current transport rule configuration and then applies the rules to messages it handles.
|Transport rules are an Exchange feature. They can't prevent users from communicating in other ways, such as networked file shares, newsgroups, and forums, or e-mail services that don't deliver messages to an Exchange organization.|
|Replication of transport rules across an organization is dependent on Active Directory replication. Replication time between Active Directory domain controllers varies depending on the number of Active Directory sites in the organization, slow links, and other factors outside the control of Exchange. When deploying transport rules, consider replication delays.|
For more information about Active Directory replication, see Active Directory Replication Technologies.
The Edge Rules agent processes transport rules on Edge Transport servers. It fires on the EndOfData transport event. The Edge Transport server, which serves as an e-mail gateway to and from external messaging systems, is the ideal place to apply messaging hygiene and policy to inbound Internet e-mail. Rules applied by the Edge Rules agent can reduce the total number of messages delivered to and processed by Hub Transport servers, and ultimately delivered to recipients. The agent can also help remove any harmful or objectionable message content. The following list provides some examples of how the Edge Rules agent can help you protect your organization.
Virus outbreaks Thousands of new viruses, worms, and other types of malicious code are created each year. There's generally a lag between when such malware is noticed or reported, identified by antivirus software providers, an update created for the antivirus software, and then sent to customers. This causes a gap in protection during which an infected message can enter an organization undetected.
Denial of service attacks Individuals who want to harm organizations may use denial of service (DoS) attacks, which can potentially result in deterioration, unavailability, or an outage of network services such as e-mail.
The Edge Rules agent is designed to help mitigate the impact of each of these risks.
Outbound Internet e-mail can also be subjected to similar policy-based scrutiny, and harmful or objectionable content can be prevented from leaving the organization. Additionally, message content can be checked to prevent sensitive information from being leaked outside the organization.
Transport rules configured on Edge Transport servers are stored in Active Directory Lightweight Directory Services (AD LDS), formerly known as Active Directory Application Mode (ADAM), on each Edge Transport server. Rules configured on one Edge Transport server aren't automatically replicated to other Edge Transport servers in your organization, with or without the use of EdgeSync. Depending on your requirements, you may want to configure each Edge Transport server with identical transport rules, or you may want to configure different transport rules on different Edge Transport servers that address the unique e-mail message traffic patterns of each server. To duplicate rule configuration, you can use the Export-TransportRuleCollection and Import-TransportRuleCollection cmdlets.
Transport messaging policies are enhanced by or are also available as a service from Microsoft Exchange Hosted Services.
Exchange Hosted Services is a set of four distinct hosted services:
Hosted Filtering, which helps organizations protect themselves from e-mail-borne malware
Hosted Archive, which helps them satisfy retention requirements for compliance
Hosted Encryption, which helps them encrypt data to preserve confidentiality
Hosted Continuity, which helps them preserve access to e-mail during and after emergency situations
These services integrate with any on-premises Exchange servers that are managed in-house or Hosted Exchange e-mail services that are offered through service providers. For more information about Exchange Hosted Services, see Microsoft Exchange Hosted Services.