Exchange Transport Rules (ETRs), also known as Mail Flow rules, are used to select and apply various actions to messages based on specific criteria as they flow through your Exchange organization. Transport rules can be used to process mail flow in both on-premises Exchange Server 2019/2016/2013 and Exchange Online (EOL).
The Exchange mail flow rule consists of four elements:
- Conditions — allows you to define criteria for the selection of emails to which rules are to be applied. For example, sender/recipient email address or domain, message direction, email subject, etc.
- Actions — action to be taken on messages when a configuration condition is met.
- Exceptions — allows you to specify attributes of an email message for which you want to skip the actions.
- Mode — whether to apply the rule immediately (Enforce) or run it in test mode first (Test with/without Policy Tips).
You can use the Exchange Admin Center (EAC) web interface to create and edit an Exchange transport rule. In this example, we will create a transport rule in EOL.
Let’s create a simple mail flow rule that prevents the organization from sending mail to external mailboxes in the @gmail.com domain.
- Sign-in to Exchange Admin Center https://admin.exchange.microsoft.com/
- Navigate to Mail flow > Rules;
- Click Add a rule;
- Create a new rule or select one of the preconfigured ETR templates, including add an email disclaimer, filter message by size, send copy message for review to moderator, modify messages, etc.
- We will create a new clean rule from scratch. Select Create a new rule;
- Specify rule name: Block outgoing email to Gmail;
- Apply this rule if: The recipient > domain is > gmail.com;
Do the following: Block the message > reject the message and include an explanation > ‘Not authorized recipient’
- Then select the rule settings. If you want to apply the transport rule immediately, select Rule Mode > Enforce. You can also enable the Stop processing more rules option.
- Then enable the new transport rule in EAC.
Note. After 2023, DLP-related conditions and actions in mail flow rules can only be created and managed through DLP policies in Microsoft Purview Compliance Center.
You can use PowerShell to manage Exchange transport rules. The following cmdlets are used:
- Get-TransportRule
- New-TransportRule
- Remove-TransportRule
- Enable-TransportRule
- Disable-TransportRule
Let’s use PowerShell to create a similar rule that will block outgoing e-mail to a specific domain:
New-TransportRule -Name "Block to test.com" -RecipientDomainIs "test.com" -RejectMessageEnhancedStatusCode "5.7.1" -RejectMessageReasonText "not allowed recipient" -Priority 0 -Enabled $true
You can use the Priority parameter to specify the order in which transport rules are processed. The rule with the Priority 0 parameter has the highest priority.
To disable the mail flow rule:
Get-TransportRule "Block to test.com"| Disable-TransportRule
Try to send an email to a domain that is blocked. The sender should receive an NDR with code 550 5.7.1_ETR and the email will not be delivered to the recipient.
If you trace an email in the Exchange transport logs, you can see which transport rule was applied to the email:
Reason: [{LED=550 5.7.1 TRANSPORT.RULES.RejectMessage; the message was rejected by organization policy};
Transport rule: ‘Block outgoing email to Gmail’
