Have you ever had a user on your network send out an email with a large attachment (or several large attachments) to a large number of recipients and brought your Exchange Server and Internet Connection to its knees as Exchange tries to send out all the messages with attachments as quickly as possible, flooding your outbound connection?
Well if that sounds familiar, then here is one way around the problem by use of Transport Rules.
With Exchange 2003 – you can make use of the option to delay large emails until after hours, but this doesn’t exist in Exchange 2010, so you have to come up with an alternative plan to prevent this from happening.
The plan here is to setup a Transport Rule to send a message to the Administrator asking them to Approve or Reject the message containing the large attachment before Exchange starts to try and send the message(s) out, crippling your connection.
Open up Exchange System Manager and navigate to Organization Transport> Hub Transport> Transport Rules:
Once there, click on the New Transport Rule Wizard, give the new Rule a name and a Description to help you understand what the Rule does then click Next:
Select “From Users that are Inside or Outside The Organization”:
Then select “Sent to users that are inside or outside the organization, or partners”:
You then need to change the selection in Step 2 from Sent to users that are ‘Inside the organization’ to Outside the Organization:
Click OK. The scroll down to the bottom of the list in Step 1 and select “When the size of any attachment is greater than or equal to limit”:
Once selected, click on the ‘0 B (0 bytes)’ in Step 2 and set the message size that you want to trigger the rule:
In the example above, I have set the size to 4Mb (4,096 Kb). Click OK after setting the size and then click on Next.
We now get to choose the Action to operate when the Criteria chosen is met and the action here is to forward the message to addresses for moderation:
Click on addresses in Step 2 and select your internal Recipient who is to receive the message to Accept / Reject:
Then click on the Add button to select the Internal Recipient:
Once you have selected the relevant recipient, click OK:
Then click on Next and add any Exceptions (if you wish) and click on Next:
We now see the completed rule:
Click on New to create the Rule. Once completed, click on Finish to complete the Wizard:
You should now see the new Rule in the Transport Rules:
When the Rule is Triggered by an internal user sending a message with an attachment greater than 4Mb, the message will be forwarded to the chosen account for approval. If approved, then the message will be sent out. If rejected, the sender will receive a message advising that the message was not able to be sent and the Moderator can add a note as to why if they wish.
If you prefer doing things via the command line (Exchange Management Console), then you can use the following command to achieve the same result:
New-TransportRule -Name ‘Transport Rule Name‘ -Comments ‘Transport Rule Comment To Describe What It Does.‘ -Priority ‘0’ -Enabled $true -FromScope ‘InOrganization’ -SentToScope ‘NotInOrganization’ -AttachmentSizeOver ‘4 MB (4,194,304 bytes)’ -ModerateMessageByUser ’emailaddress@domain.co.uk’ -ModerateMessageByManager $false
Filed under: Exchange 2010, Exchange Server | Tagged: exchange 2010, Moderate Large Attachments, Transport Rules |
Alan Hardisty's Blog - All Things IT Related 
[…] can create an Exchange Transport Rule to force large emails to be approved (before they are sent out), by a Manager or a Moderator which at least enables the Manager / […]
This only applies to Exchange 2010. There is not email moderation in Exchange 2007
Very true – I was being optimistic! Blog entry amended accordingly.
Thanks for pointing this out.
Alan
This is very useful, but doesn’t quite solve the problem. If you would like a moderator to approve the content, that person may not be suitable to moderate the size of email or number of recipients. It would be great to be able to moderate an email at any time of the day and then have that email delivered after working hours if it contained say more than 500 recipients.
One possible solution would be to have multiple moderators, e.g. a business and a IT admin?
Is there a way to trigger a rule only if it is larger than X *and* has more than Y recipients?
Sorry – not possible with the current options in Transport Rules unless there is a 3rd party add-on.
Alan
Alan
Do u know of a suitable third party add on?
Sorry I don’t know of a suitable add-on.
Alan
Is it possible to have all outgoing email subject to moderation? Well maybe not all but most cos most of the guys we hv in the office do not have a good command of English and we need to vet thru their email to customers until they pass our training.
You can have all outbound emails moderated if you wish, but the moderation only allows or declines them, it doesn’t give you the ability to spell-check them or edit the messages.
Alan
For me, I’m not concerned about when internal users send email to one external user with an attachment of 4MB…what I am concerned about is when that attachment is being sent to x users where x = 20+ people.
Is there a way to set this up? I’m going to follow your process denoted above, and if I find it, there’s no need to answer me, however, it may be useful to add this to your directions above 😉
Hi dlancelot,
You can restrict the number of recipients per email message and then implement the moderation of large emails which should catch those under the 20+ recipients. Those over the 20+ recipients would be rejected because of the large recipient count.
To set the limit, run the following command:
Set-TransportConfig -MaxRecipientEnvelopeLimit 20
Alan
[…] (Source) […]
Reblogged this on TeamXchange and commented:
Exceptional!!!