Although you are not required to use an Exchange 2010 Hub Transport server, you must route e-mail messages through an Exchange 2010 Hub Transport server to apply transport rules to the messages.

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Transport rules" entry in the Messaging Policy and Compliance Permissions topic.

1. In the console tree, navigate to Organization Configuration > Hub Transport.
   
   
2. In the action pane, click New Transport Rule.
   
   
3. On the Introduction page, complete the following fields:
   
   
   • Name   Enter a name for the transport rule.
     
     
   • Comment   [optional] Type any notes for the rule.
     
     
   • Enable Rule   If you want the rule to be created in a disabled state, clear this check box.
     
     
4. On the Conditions page, complete the following steps:
   
   
   1. In the Step 1. Select condition(s) box, select all the conditions that you want to apply to this rule.
      
      

      Note:
      The between members of distribution list and distribution list condition is well suited for transport rules that enforce ethical walls.

   2. If you selected conditions in the previous step, click each blue underlined word in the Step 2. Edit the rule description by clicking an underlined value box.
      
      

      Note:
      When you click a blue underlined word, you are prompted for the values to apply to the condition. Select the values that you want to apply, or type the values manually. If the prompt window requires that you manually add values to a list, enter a value, and then click Add. Repeat this process until you have entered all the values, and then click OK to close the window.

   3. Repeat the previous step for each condition that you selected. After you configure all the conditions, click Next.
      
      
5. On the Actions page, complete the following steps:
   
   
   1. In the Step 1. Select actions box, click send rejection message to sender with enhanced status code. This transport rule action deletes the message and returns a non-delivery report (NDR) to the sender of the message.
      
      
   2. In the Step 2. Edit the rule description by clicking an underlined value box, follow these steps:
      
      
      1. Click rejection message.
         
         
      2. In the Specify rejection message dialog box, enter the text to display in the Diagnostic information for administrators section of the NDR that's sent to the sender of the rejected message. When you're finished, click OK.
         
         
      3. Click enhanced status code.
         
         
      4. In the Specify Enhanced Status Code dialog box, enter the delivery status notification (DSN) code you want to display in the Diagnostic information for administrators section of the NDR that's sent to the sender of the rejected message. Valid enhanced status code values are 5.7.1 and any value from 5.7.10 through 5.7.999. When you're finished, click OK.
         
         

         Note:
         For more information about how Exchange 2010 associates a DSN code with a transport rule, see Associate a DSN Message with a Transport Rule.

      
      
      
   3. If you want to add more actions, repeat the previous step, and select the transport rule actions that you want to apply. After you configure all the actions, click Next.
      
      
6. On the Exceptions page, complete the following optional steps:
   
   
   1. In the Step 1. Select exceptions if necessary box, select all the exceptions that you want to apply to this rule. You aren't required to select any exceptions.
      
      
   2. If you selected exceptions, in the Step 2. Edit the rule description by clicking an underlined value box, click each blue underlined word.
      
      

      Note:
      When you click a blue underlined word, you are prompted to select the items that you want to add or to type the values manually. When you're finished, click OK to close the window.Repeat the previous step for each exception that you selected.

   3. After you configure all the exceptions, click Next.
      
      
7. On the Create Rule page, review the Configuration Summary. If you're satisfied with the configuration of the new rule, click New, and then click Finish.
   
   

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Transport rules" entry in the Messaging Policy and Compliance Permissions topic.

In this example, Woodgrove Bank wants to prevent members of its Brokerage group and the Sales group from communicating. The bank decides to implement an ethical wall between the two groups by using a transport rule.

Predicate   The BetweenMemberOf transport rule predicate is used to prohibit the members of the Brokerage Group distribution group and the Sales Group distribution group from communicating with each other. The BetweenMemberOf transport rule predicate is well suited for transport rules that enforce ethical walls. For more information about transport rule predicates, see Transport Rule Predicates.

Exception   Woodgrove Bank wants to create an exception to this policy that allows members of the Executive Group distribution group to communicate with one other. Members may belong to either of the two groups,. The ExceptIfFromMemberOf predicate is used to implement this exception.

Action   The RejectMessage transport rule action is used to block messages that are sent to a prohibited recipient. When the RejectMessage transport rule action is applied to a message, an NDR is returned to the sender of the message, and the message itself is deleted. You can configure the user information text and the DSN code and message that are displayed in the administrator section of the NDR.

You can modify the text that's displayed to the sender in the Diagnostic information for administrators section of the NDR. This text can provide helpful information to enable the administrator to understand why the message was rejected.

DSN Codes   By default, the RejectMessage transport rule action uses the enhanced status code 5.7.1. You can modify the DSN code returned by specifying a custom DSN code. A custom DSN code must be associated with a custom DSN message. The DSN message appears in the user information section of the NDR. You can specify a custom DSN code to be able to provide the sender more detailed information. You can also refer the sender to an internal or public Web page that contains more information about the specific policy or regulation.

The following example specifies a new, unused, custom DSN code in the RejectMessageEnhancedStatusCode property.

	Copy Code
New-TransportRule "Sample Ethical Wall" -Enabled $true -BetweenMemberOf1 BrokerageGroup@woodgrovebank.com -BetweenMemberOf2 SalesGroup@woodgrovebank.com -ExceptIfFromMemberOf ExecutivesGroup@woodgrovebank.com -RejectMessageReasonText "Sample Rejection Message" -RejectMessageEnhancedStatusCode '5.7.228'

This example then creates the custom DSN code and specifies the text that should be displayed when a message is returned with that DSN code.

	Copy Code
New-SystemMessage -DsnCode 5.7.228 -Internal $true -Language En -Text "A message was sent that violates company policy #123. For more information, please contact the Compliance department."

For more information about which values are accepted and about how Exchange 2010 associates a DSN code with a transport rule, see Associate a DSN Message with a Transport Rule.

For detailed syntax and parameter information, see New-TransportRule and New-SystemMessage.