Applies to: Exchange Server 2013
Topic Last Modified: 2012-09-25
You can require all messages sent to specific recipients be approved by moderators by Using the moderated transport feature in Microsoft Exchange Server 2013. You can configure any type of recipient as a moderated recipient, and Exchange will ensure that all messages sent to those recipients go through an approval process.
In any type of organization, you may need to restrict access to specific recipients. The most common scenario is the need to control messages sent to large distribution groups. Depending on your organization's requirements, you may also need to control the messages sent to executive mailboxes or partner contacts. You can use moderated recipients to accomplish these tasks.
|Microsoft Exchange Server 2007 doesn't support moderated recipients. If a message sent to a moderated distribution group is expanded on an Exchange 2007 Hub Transport server, the message will bypass moderation and will be delivered to all members of the distribution group. If you have Exchange 2007 Hub Transport servers in your Exchange organization, you need to designate an Exchange 2013 Mailbox server as the expansion server for moderated distribution groups. This ensures that all messages sent to the distribution group are moderated.|
Moderated transport components
The moderated transport application consists of the following components:
- Categorizer The categorizer in the
Transport service on a Mailbox server initiates the approval
process. When the categorizer detects a moderated recipient while
processing a message, it reroutes the message to the arbitration
- Mailbox Transport service The Mailbox
Transport service on a Mailbox server processes the messages that
the categorizer marks for moderation. When the Mailbox Transport
service encounters such a message, it delivers the original message
to the arbitration mailbox and sends approval requests to the
moderators. When a moderator responds with a decision, the Mailbox
Transport service marks that decision on the message that's stored
in the arbitration mailbox. If an approved message is submitted
again by the Information Assistant, the Mailbox Transport service
removes the approval workflow wrappers so the message that's
delivered is identical to the original message submitted by the
- Information Assistant The Information
Assistant process in the Mailbox Transport service monitors the
arbitration mailbox. The Information Assistant resubmits any
approved messages to the Transport service on a Mailbox server for
delivery to the intended recipients, or it deletes rejected
messages. The Information Assistant is also responsible for sending
rejection notifications to the sender. In addition, it cleans up
the arbitration mailbox by deleting any stale or orphaned messages
from the arbitration mailbox. For example, if a moderator simply
deletes an approval request instead of making a decision, the
corresponding message waiting for approval in the arbitration
mailbox needs to be removed by the Information Assistant.
- Arbitration mailbox The arbitration
mailbox is used to store the original message that's awaiting
approval. By default, one arbitration mailbox is created for
moderated transport during setup. It's used for all moderated
recipients. You can add additional arbitration mailboxes for load
balancing purposes. If you're using multiple arbitration mailboxes,
you need to specify which mailbox to use for each moderated
Message flow for moderated recipients
When a user sends a message to a moderated recipient, the message follows a path to its destination, as shown in the following figure and described in the following steps.
- The sender creates a message and sends it to the moderated
- The categorizer in the Transport service intercepts the
message, marks it for moderation, and then reroutes it to the
Mailbox Transport service on the Mailbox server where the
arbitration mailbox resides.
- The Mailbox Transport service delivers the message to the
arbitration mailbox and sends an approval request to the
- The moderator uses the buttons in the approval request to
either accept or reject the message.
- The Mailbox Transport service marks the moderator's decision on
the original message stored in the arbitration mailbox.
- The Information Assistant in the Mailbox Transport service
reads the approval status on the message stored in the arbitration
mailbox, and then processes the message depending on the
- If the moderator has approved the message, the Information
Assistant resubmits the message to the Transport service on a
Mailbox server, and the message is delivered to the recipient.
- If the moderator has rejected the message, the Information
Assistant deletes the message from the arbitration mailbox and
notifies the sender that the message was rejected.
Note: If the moderator doesn't respond to the message within five days, the Information Assistant will delete the message from the arbitration mailbox and notify the sender that their message has expired.
- If the moderator has approved the message, the Information Assistant resubmits the message to the Transport service on a Mailbox server, and the message is delivered to the recipient.
Handling multiple moderated recipients
It's possible to send a message to a group of recipients that includes both moderated recipients and recipients that aren't moderated. In this case, a separate approval process occurs for each moderated recipient.
Consider a message that's sent to 12 recipients, one of which is a moderated distribution group. The categorizer bifurcates or forks this message into two copies. One message is delivered immediately to the 11 recipients that aren't moderated, and the second message is submitted to the approval process for the moderated distribution group.
If a message is intended for more than one moderated recipient, a separate copy is created for each moderated recipient and is submitted to the approval process.
A moderated distribution group may contain other moderated recipients. In this case, after the message to the distribution group is approved, a separate approval process occurs for each moderated recipient that's a member of the distribution group. However, you can also enable the automatic approval of the distribution group members after the message to the moderated distribution group is approved. To do this, you use the BypassNestedModerationEnabled parameter on the Set-DistributionGroup cmdlet.
Messages from moderators are delivered to the moderated recipient immediately, bypassing the approval process. By definition, a moderator has the authority to determine what messages are appropriate for a moderated recipient.
Moderation is also bypassed for owners of distribution groups and dynamic distribution groups. The owner of a distribution group can be responsible for managing the distribution group membership, but may not be able to moderate messages sent to it. For example, the account provisioning staff may be the owners of a distribution group called All Employees, but only specific people in human resources may have moderator rights for the same distribution group.