Tutorials

How to restrict users sending internet email on SBS 2008

First we must create a new distribution group to contain all users that are to be blocked from sending external email.

1. Logon to your SBS server, and in the SBS Console, go to Users and groups, and then click on the groups tab. In the tasks pane, click ‘Add a new group’
   
2. In the add a new group wizard, review the getting started page, and click next.
   
3. Enter a name for your group – Block Internet Email. Enter a description for your group – Users in this group are not allowed to send external email. Make sure the group type is set to Distribution. Click next
   
4. Confirm the groups email address – this is useful if you want to contact all members of the group at once. Leave the check box to allow receiving emails from outside empty. Click next.
   
5. Now you can choose which users to add to the group, or simply leave it blank and choose to add the users later. Click ‘add group’ to create your group, and click finish on the summary page.
   
   
6. You can now see your new distribution group in the list.
   
7. Now open the Exchange Management console.
   
8. Navigate to organization configuration / hub transport. In the actions pane, click new transport rule.
   
9. Enter a name for your rule, and a descriptive comment about the purpose of the rule. Transport Rule to block internet email. This rule will block users of the ‘block internet email’ distribution list from sending email externally. Click next.
   
10. Choose the conditions. Put a tick in the box of ‘from a member of distribution list’. Put a tick in the box of sent to users inside or outside the organization. Notice in step 2 you now have two conditions present, and two hyperlinks. You can click on these hyperlinks to set the conditions.
    
11. Click ‘distribution list’
    
12. In the box that opens, click add
    
13. Choose your distribution group – block internet email, and click ok. Click ok on the select sender distribution list
    
    
14. In the conditions box you will now see that your condition reflects the group you have chosen. Click ‘inside’
    
15. Select outside from the scope menu click ok
    
16. Click next
    
17. In the actions section, choose the second from bottom option, ‘send bounce message to sender with enhanced status code’
    
18. In the conditions area you can see the hyperlinked text – ‘delivery not authorized – message refused’ and also the status code of 5.7.1. Feel free to change the message text to something different, you can enter any message to explain to the user why there message has been blocked. The status code can only be numeric – so i would suggest leaving that as is. When you are happy with your message, click next.
    
19. The next page is where you can add exceptions to the rule. This may be useful if you have a specific external address you would like to allow people to email, and you can modify this section at any time. For now click next.
    
20. The next page is a summary page, confirming the options you have set. Click New – to create the rule.
    
21. The rule is created, and you will also the exchange shell command text that you could have used to create this rule. I find it useful to copy this text and put it in a text file, as it builds a nice reference of the exchange shell commands you are using, if you are not familiar with the exchange shell, it may also help you to see what options are set when certain commands are run in the GUI.
22. Clicking finish closes the rule wizard, and returns you to the Exchange Management Console.
    
23. If you chose not to add any users to the distribution group we created, you will not be able to test the rule without first adding a user. To add a user, open the SBS Console, navigate to Users and Groups, go to the groups tab, find your distribution group, right click and click change group membership.
    
24. Find a user in the list to test the rule with, and click add. Click ok.
    

Now switch to a client pc, either using outlook or OWA. Attempt to send a message to an external recipient, our message will go from the outbox and be returned a moment later with your customized message.