Hello,
I would like to "flag external mails" https://www.frankysweb.de/tipp-massnahmen-gegen-emotet/
and have set the corresponding transport rule.
Since there is another domain outside Exchange for which the warning sign should NOT be displayed, I have added this domain to the "Message flow -> accepted domains".
My problem: Despite this, the warning that the mail originates from an external domain still appears.
But I found the following from the Exchange docs regarding Frank's script:
The FromScope parameter specifies a condition that looks for the location of message senders. Valid values are:
-
InOrganization: The sender is a mailbox, mail user, group, or mail-enabled public folder in your organization or The sender's email address is in an accepted domain that's configured as an authoritative domain or an internal relay domain, and the message was sent or received over an authenticated connection
I therefore suspect that my problem lies in the second part of the prerequisite. The connector "Default Frontend" allows anonymous users and is restricted to remote IPs.
Is that not enough for an "authenticated connection"? Am I on the right track? As an alternative to "anonymous users", I have the "Exchange user" checkbox - I just don't understand what constitutes an Exchange user. Is it actually a mailbox or is a domain account usually enough???
In addition to the "Default Frontend" connector: In principle, all security mechanisms are activated except for IPSec.
Thank you and greetings
Bastian
huh? the Connector or even Accepted Domains have nothing to do with it.
If you have created a transport rule, you can also define exceptions for which it should not apply. This can be done directly in the rule properties.
or alternatively via PS... relevant parameters would then be, for example
ExceptIfFromAddressContainsWords
ExceptIfSenderDomainIs
Greetings,
Ralf
@monthy Thanks, that worked.
OMG... I have somehow lost my way ?
