Specifying the users and groups to which the rule applies

ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Specifying the users and groups to which the rule applies

book

Article ID: 181297

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

Resolution

Mail Security lets you specify the users and groups to which the rule applies. You can also specify which users and groups are exceptions to the rule.

Note:

This feature is not available for the Edge Server role.

You can select groups from Active Directory. You can also add users based on SMTP addresses.

Table: Supported SMTP address formats shows the SMTP address formats that Mail Security supports.

Table: Supported SMTP address formats

Address	Example
@<domain name>	@symantecdomain.com
*@<domain name>	*@symantecdomain.com
<name>@<domain name>	[email protected]
<name>@<subdomain.domain name>	[email protected]

Note:

Using regular expressions for SMTP addresses is not supported

When you use the address formats from the table above, sub-domains are automatically supported. For example, when you use the address format <name>@<domain name>, Mail Security will support [email protected], as well as [email protected]

If you do not specify users, the rule applies to all senders and recipients.

If you are using Exchange 2007, and you want to specify a user or group whose domain is not in the Exchange server domain, specify the domain name in the Internal Domains list.

If you are using Exchange 2013/2016, and you want to specify a user or group whose domain is not in the Exchange server domain, specify the domain name in the Internal Domains list.

See Specifying inbound SMTP domains

Note:

You can select any Active Directory group except the Users group. Adding the Users group to Active Directory Groups list results in unintended behavior. On Exchange 2010 mailbox server role, for content filtering rules based on Active Directory group, you must add SMSMSE service account user (RBAC user) to the SMSMSE Admins Active Directory group.

You can select any Active Directory group except the Users group. Adding the Users group to Active Directory Groups list results in unintended behavior. On Exchange 2013/2016 mailbox server role, for content filtering rules based on Active Directory group, you must add SMSMSE service account user (RBAC user) to the SMSMSE Admins Active Directory group.

To specify the users and groups to which the rule applies

In the console on the primary navigation bar, click Policies.
In the sidebar under Content Enforcement, click Content Filtering Rules.
Do one of the following:
Create a rule
In the sidebar under Tasks, click New rule.
Modify an existing rule
In the content area, double-click the rule that you want to edit.
Click the Users tab.

Under Sender/Recipient Selection, do one of the following:

To apply the rule based on the sender	Click Sender, and then select one of the following options from the drop-down list: Apply if the sender of the message is in the list Apply if the sender of the message is NOT in the list
To apply the rule based on the recipient	Click Recipient, and then select one of the following options from the drop-down list: Apply if ANY of the recipients of the message are in the list Apply if ANY of the recipients of the message are NOT in the list Apply if ALL of the recipients of the message are in the list Apply if ALL of the recipients of the message are NOT in the list

Under List of Users or Groups, in the SMTP addresses box, do one of the following:
- Type the addresses of the users that you want to include or exclude.
  Type one address per line.
- To add a preconfigured match list that contains user addresses, click Add Match List and select a match list.
  You can only insert one match list. You can combine a match list with typed addresses.
  See About match lists
Under the Active Directory groups list, to select groups from Active Directory, click Add.
In the Active Directory domains and groups window, under Available groups, select the group that you want to add and click the >> command icon.
The group that you select appears in the Selected groups list. To deselect a group in the Selected groups list, click on the group entry, and then click the << command icon.
Do any of the following:
- Configure the remaining components of the content filtering rule.
  See Configuring the conditions of a content filtering rule
  See Specifying who to notify if a content filtering rule is violated
  See Configuring rule actions
- Click OK and then click Deploy Changes.
  See Deploying settings and changes to a server or group

Feedback

thumb_up Yes

thumb_down No

Create a rule	In the sidebar under Tasks, click New rule.
Modify an existing rule	In the content area, double-click the rule that you want to edit.