Exchange - How to Block Users from Sending External Email
Exchange Server - Email for Business
More and more businesses are adopting Exchange Server 2010 for their company email and in this modern world it is very uncommon for everyone not to have an email address. Although this is great and allows users to be contactable, often companies only require their users to send emails to each other, perhaps for the purposes of staff memos or just to let everyone know when the next staff party is.
Staff will have to come up with new ways to email.
Why Block Users from Sending External Email
Some businesses would like to block their users from emailing their friends and family all day as this affects productivity, however they still want them to send and receive the emails that tell them that the owner of the blue Toyota Corolla has left their lights on.
Now.. The How To on Exchange Blocking
So how do we block only some users from sending external emails while allowing them to still send internal emails. This is best achieved by utilising Transport Rules which are a part of Exchange Server 2007 and 2010.
Distribution List for Blocked Email Users
Distribution Lists - Not just for Group Delivery
First lets create a distribution group to add the users to that we want to block from sending the external emails. In the Exchange Management Console under Recipient Configuration click on Distribution Group. Then from the Actions pane on the right choose New Distribution Group. Follow through the wizard and give the group a name like Blocked Users or something similar. Then double click on the new Distribution Group and on the Members Tab, add all the users for which you are blocking external email.
Transport Rule to Block External Email for Users
Transport Rules - The key to Blocking External Email
Transport rules are powerful and with them you can achieve many different outcomes, they are very similar in functionality to the Rules in Microsoft Outlook, where we set Conditions, Actions and Exceptions. Firstly expand Organization Configuration and click on Hub Transport, then from the Actions Panel on the right hand side choose New Transport Rule. Now start by giving the rule a name, something like Block Users from Sending External Emails, then click next.
Create Conditions of Which Users to Block Emails from
Next we Setup the Conditions of Which Users to Block
To setup the conditions we, put a tick in the option "from a member of a distribution list" and the option "sent to users that are inside or outside the organization, or partners" then in the Step 2 box below click on Distribution List and add the distribution list we created earlier, which should contain all users that will be blocked from sending externally, then go next.
What do we want to do with the Blocked Emails
Next we Decided what to do with the Blocked Emails
On the Actions menu it's really up to you what you want to do with the emails that are trying to be sent externally. You could for instance have them forwarded to a manager for them to deal with, or have them redirected to another mailbox for monitoring. In this scenario though we are going to set them to "Send Rejection message to sender with enhanced status code". Now you click on "Rejection Message" and enter the error that you want the user to receive if they try to send an external email. In this example I have used "External Email is Disabled for your user account" but its up to you what to put. Then click "Enhanced Status Code" and just use the default "5.7.1". Then click next.
You are free to create any exceptions to this rule, perhaps you want to allow them to only send to a select number of suppliers or contractors. For this you would simply choose "Except when the message is sent to people" and then add in the users email addresses that are allowed. For this how to though we won't be creating any exceptions.
Confirm the Email Blocking details are correct
Last but not Least
Final step is to confirm that we have entered all the details correctly and then we can click New to create the Transport Rule which will block certain users from emailing externally.
Test shows that the External Email was Blocked by Exchange
Now to test the External Email Blocking
To test the new Transport Rule we just created I simply logged into OWA with an email address that was part of the Distribution Group we created and tried to send an email to my external Gmail Email. Naturally Exchange picked up that I was a member of the Blocked Users distribution list and that I was trying to send an external email and it generated a non-delivery error report instantly. See the image attached that shows where the error message appears for the users.