Specifying the users and groups to which the rule applies

Article Id: 181297
Status: Published
Updated On: 06-06-2016 03:02
Legacy Id: HOWTO82427
Products:
Mail Security for Microsoft Exchange
Issue/Introduction:

 

Resolution:

Mail Security lets you specify the users and groups to which the rule applies. You can also specify which users and groups are exceptions to the rule.

Note:

This feature is not available for the Edge Server role.

You can select groups from Active Directory. You can also add users based on SMTP addresses.

Table: Supported SMTP address formats shows the SMTP address formats that Mail Security supports.

Table: Supported SMTP address formats

Address

Example

@<domain name>

@symantecdomain.com

*@<domain name>

*@symantecdomain.com

<name>@<domain name>

[email protected]

<name>@<subdomain.domain name>

[email protected]

Note:

Using regular expressions for SMTP addresses is not supported

When you use the address formats from the table above, sub-domains are automatically supported. For example, when you use the address format <name>@<domain name>, Mail Security will support [email protected], as well as [email protected]

If you do not specify users, the rule applies to all senders and recipients.

If you are using Exchange 2007, and you want to specify a user or group whose domain is not in the Exchange server domain, specify the domain name in the Internal Domains list.

If you are using Exchange 2013/2016, and you want to specify a user or group whose domain is not in the Exchange server domain, specify the domain name in the Internal Domains list.

See Specifying inbound SMTP domains

Note:

You can select any Active Directory group except the Users group. Adding the Users group to Active Directory Groups list results in unintended behavior. On Exchange 2010 mailbox server role, for content filtering rules based on Active Directory group, you must add SMSMSE service account user (RBAC user) to the SMSMSE Admins Active Directory group.

You can select any Active Directory group except the Users group. Adding the Users group to Active Directory Groups list results in unintended behavior. On Exchange 2013/2016 mailbox server role, for content filtering rules based on Active Directory group, you must add SMSMSE service account user (RBAC user) to the SMSMSE Admins Active Directory group.

To specify the users and groups to which the rule applies

  1. In the console on the primary navigation bar, click Policies.

  2. In the sidebar under Content Enforcement, click Content Filtering Rules.

  3. Do one of the following:

    Create a rule

    In the sidebar under Tasks, click New rule.

    Modify an existing rule

    In the content area, double-click the rule that you want to edit.

  4. Click the Users tab.

  5. Under Sender/Recipient Selection, do one of the following:

    To apply the rule based on the sender

    Click Sender, and then select one of the following options from the drop-down list:

    • Apply if the sender of the message is in the list

    • Apply if the sender of the message is NOT in the list

    To apply the rule based on the recipient

    Click Recipient, and then select one of the following options from the drop-down list:

    • Apply if ANY of the recipients of the message are in the list

    • Apply if ANY of the recipients of the message are NOT in the list

    • Apply if ALL of the recipients of the message are in the list

    • Apply if ALL of the recipients of the message are NOT in the list

  6. Under List of Users or Groups, in the SMTP addresses box, do one of the following:

    • Type the addresses of the users that you want to include or exclude.

      Type one address per line.

    • To add a preconfigured match list that contains user addresses, click Add Match List and select a match list.

      You can only insert one match list. You can combine a match list with typed addresses.

      See About match lists

  7. Under the Active Directory groups list, to select groups from Active Directory, click Add.

  8. In the Active Directory domains and groups window, under Available groups, select the group that you want to add and click the >> command icon.

    The group that you select appears in the Selected groups list. To deselect a group in the Selected groups list, click on the group entry, and then click the << command icon.

  9. Do any of the following: