Applies to: Exchange Server 2013
Topic Last Modified: 2013-02-20
Transport rule actions instruct the Transport rules agent to
take the specified action on messages that match all specified
conditions and don't match any of the exceptions in a Transport
rule.
Looking for management tasks related to Transport rules? See
Manage Transport
Rules.
Looking for the Exchange Online version of this topic? See
Transport Rule Actions.
Looking for the Exchange Online Protection version of this
topic? See Transport Rule Actions
Contents
Actions and action
properties
List of available actions
Action property types
Actions and action
properties
Each action affects email messages in a unique way. For
example, an action can cause an email message to be redirected to
another address or to be deleted. Each action consists of the
action itself, its action property, and the value of the
property.
To assign a value to an action, you must determine the
available action property for a specific action. For example, you
must use the Address action property together with the
RedirectMessage action.
Some actions require that you set two or more action
properties, because some actions modify specific fields within
sections of an email message, such as the message header fields.
When you specify an action to modify a message header, one action
property specifies the specific header field to modify, and a
second action property specifies the new value of that message
header. For example, you can configure an action to modify the
X-Test-Message-Source header field to a specific string,
such as contoso.com.
List of available
actions
The following table lists the actions that can be used
with Transport rules in Exchange 2013.
Actions available
| Action name in EAC |
Action name in Shell |
First action property |
Additional action properties |
Description |
|
Forward the message for approval to
|
ModerateMessageByUser
|
Addresses
|
Not applicable
|
This action forwards the message to the specified moderators as
an attachment wrapped in an approval request.
|
|
Forward to the sender's manager for approval
|
ModerateMessageByManager
|
Not applicable
|
Not applicable
|
This action forwards the message to the sender's manager for
approval, if the manager attribute is populated in Active
Directory.
 Important: |
| If the sender's manager attribute isn't populated in Active
Directory, the message is delivered to recipients without
moderation. |
|
|
Redirect the message to
|
RedirectMessageTo
|
Addresses
|
Not applicable
|
This action redirects the email message to one or more
recipients specified. The message isn't delivered to the original
recipients, and no notification is sent to the sender or the
original recipients.
|
|
Reject the message with the explanation
|
RejectMessageReasonText
|
RejectReason
|
Not applicable
|
This action deletes the email message and sends a non-delivery
report to the sender with the specified text as the rejection
reason. The recipient doesn't receive the message or
notification.
|
|
Reject the message with the enhanced status code
|
RejectMessageEnhancedStatusCode
|
EnhancedStatusCode
|
Not applicable
|
This action deletes the email message and sends a non-delivery
receipt to the sender with the specified status code. The recipient
doesn't receive the message or notification.
|
|
Delete the message without notifying anyone
|
DeleteMessage
|
Not applicable
|
Not applicable
|
This action deletes the email message without sending a
notification to either the recipient or the sender.
|
|
Bcc the message to
|
BlindCopyTo
|
Addresses
|
Not applicable
|
This action adds one or more recipients as blind carbon copy
(Bcc) recipients. The original recipients aren't notified and can't
see the Bcc addresses.
|
|
Add these recipients to the To box
|
AddToRecipient
|
Addresses
|
Not applicable
|
This action adds one or more recipients to the To field of the
message. The original recipients can see the additional
address.
|
|
Cc the message to
|
CopyTo
|
Addresses
|
Not applicable
|
This action adds one or more recipients to the carbon copy (Cc)
field of the message. The original recipients can see the Cc
address.
|
|
Add the sender's manager as a recipient type
|
AddManagerAsRecipientType
|
AddedRecipientType
|
Not applicable
|
This action adds the sender's manager, if defined in the manager
attribute in Active Directory, as the specified recipient type.
|
|
Append the disclaimer
|
ApplyHtmlDisclaimerText
ApplyHtmlDisclaimerTextLocation
ApplyHtmlDisclaimerFallbackAction
|
DisclaimerText
|
FallbackAction
|
This action applies an HTML disclaimer to the message. There are
three parameters in the Shell that correspond to this action. When
you append the disclaimer, the property
ApplyHtmlDisclaimerTextLocation is set to
Append.
|
|
Prepend the disclaimer
|
ApplyHtmlDisclaimerText
ApplyHtmlDisclaimerTextLocation
ApplyHtmlDisclaimerFallbackAction
|
DisclaimerText
|
FallbackAction
|
This action applies an HTML disclaimer to the message. There are
three parameters in the Shell that correspond to this action. When
you prepend the disclaimer, the property
ApplyHtmlDisclaimerTextLocation is set to
Prepend.
|
|
Remove this header
|
RemoveHeader
|
MessageHeader
|
Not applicable
|
This action removes the specified message header from a
message.
|
|
Set the message header to this value
|
SetHeaderName
SetHeaderValue
|
MessageHeader
|
HeaderValue
|
This action creates a new message header or modifies an existing
message header and sets the value of that message header to the
specified value. There are two parameters in the Shell that
correspond to this action.
|
|
Apply a message classification
|
ApplyClassification
|
Classification
|
Not applicable
|
This action applies a message classification to the message.
|
|
Set the spam confidence level (SCL) to
|
SetScl
|
SclValue
|
Not applicable
|
This action sets the spam confidence level (SCL) on an email
message.
|
|
Prepend the subject of the message with
|
PrependSubject
|
Prefix
|
Not applicable
|
This action prepends the Subject of the message with the
specified text.
|
|
Apply rights protection to the message with
|
ApplyRightsProtectionTemplate
|
RMSTemplateIdentity
|
Not applicable
|
This action applies the specified Rights Management Services
(RMS) template to the message.
|
|
Require TLS encryption
|
RouteMessageOutboundRequireTls
|
Not applicable
|
Not applicable
|
This action forces the outbound messages to be routed over TLS
encrypted connections.
|
|
Notify the sender with a Policy Tip
|
NotifySender
|
NotifySenderType
|
Not applicable
|
This action notifies the sender when the message goes against a
DLP policy configured in the organization.
|
|
Generate incident report and send it to
|
GenerateIncidentReport
|
Addresses
|
IncidentReportContent
|
This action generates an incident report and sends it to the
specified recipients.
|
Action property
types
The following table lists the action property types
used by Transport rule actions in Exchange 2013.
Property types used in Transport
rule actions
| Property type |
Valid values |
Description |
|
AddedRecipientType
|
One of the following values:
|
AddedRecipientType accepts a single value:
To, Cc, and Bcc values
are self-explanatory and correspond to the addressing fields of
email messages.
Redirect delivers the message only to the
specified recipient. The message isn't delivered to any of the
original recipients.
|
|
Addresses
|
Either a single or an array of valid recipients.
|
Addresses accepts an array of mailbox, mail-enabled
contact, mail-enabled user, or distribution group objects.
|
|
Classification
|
Single message classification object
|
Classification accepts a single message
classification object. To see what message classification objects
are available, you can use the Get-MessageClassification
cmdlet.
|
|
DisclaimerText
|
HTML string
|
DisclaimerText can be any text you want to insert
to the message as a disclaimer. HTML tags and cascade style sheet
(CSS) tags.
|
|
EnhancedStatusCode
|
Single DSN code of 5.7.1, or any value from
5.7.10 through 5.7.999
|
EnhancedStatusCode specifies the DSN code and
related DSN message to display to the senders of messages rejected
by a Transport rule action. The DSN message associated with the
specified DSN status code is displayed in the user information
portion of the NDR displayed to the sender. The specified DSN code
must be an existing default DSN code or a customized DSN status
code that you can create by using the New-SystemMessage
cmdlet.
|
|
FallbackAction
|
One of the following values:
|
FallbackAction specifies what the Transport rule
should do if a disclaimer can't be applied to a message. There can
be cases where the contents of a message can't be altered, for
example if a message is encrypted. The default fallback action is
Wrap. The following list describes each fallback
action:
- Wrap If the disclaimer can't be
inserted into the original message, Exchange encloses, or
wraps, the original message in a new message envelope. Then
the disclaimer is inserted into the new message.
| Important: |
| If an original message is wrapped in a new message envelope,
subsequent Transport rules are applied to the new message envelope,
and not to the original message. Therefore, you must configure
Transport rules with disclaimer actions that wrap original messages
in a new message body with a lower priority than other Transport
rules. |
 Note: |
| If the original message can't be wrapped in a new message
envelope, the original message isn't delivered. The sender of the
message receives an NDR that explains why the message wasn't
delivered. |
- Ignore If the disclaimer can't be
inserted into the original message, Exchange lets the original
message continue unmodified. No disclaimer is added.
- Reject If the disclaimer can't be
inserted into the original message, Exchange doesn't deliver the
message. The sender of the message receives an NDR that explains
why the message wasn't delivered.
|
|
HeaderValue
|
Single string
|
HeaderValue accepts a single string that's applied
to the header specified header.
|
|
IncidentReportContent
|
One of the following values:
- Sender
- Recipients
- Subject
- CC
- BCC
- Severity
- Override
- RuleDetections
- FalsePositive
- DataClassifications
- IdMatch
- AttachOriginalMail
|
IncidentReportContent specifies the list of
properties of the original message to be included in the incident
report. You can choose to include any combination of these
properties. In addition to the properties you specify, the message
ID is always included in the incident report. The following list
describes these properties:
- Sender, Subject, and
AttachOriginalMail Self-explanatory values.
The first two correspond to the message properties with the same
name. The third property specifies that the entire message that
triggered the rule is attached to the incident report.
- Recipients, CC, and
BCC Designate the recipients the message
was sent to, and correspond to the To, Cc, and Bcc boxes
respectively. For each of these properties, only the first 10
recipients are included in the incident report. If the message was
addressed to more than 10 recipients, the report will also include
the count of additional recipients. For example, if the message
included 22 people in the To: box, the incident report will list
the first 10 of these recipients and specify that there were 12
additional recipients.
- Severity Specifies the audit severity
of the rule that was triggered. If the message was processed by
more than one rule, the highest severity is included in the
incident report.
- Override Specifies the override if the
sender has chosen to override a Policy Tip. If the sender has
provided a justification, the first 100 characters of the
justification are also included.
- RuleDetections Specifies the list of
rules that the message triggered.
- FalsePositive Specifies the false
positive if the sender marked the message as a false positive for a
Policy Tip.
- DataClassifications Specifies the list
of sensitive information types detected in the message.
- IdMatch Specifies the sensitive
information type detected, the exact matched content from the
message, and the 150 characters before and after the matched
sensitive information.
|
|
MessageHeader
|
Single string
|
MessageHeader accepts a string that can be used to
specify the SMTP message header to modify.
|
|
NotifySenderType
|
One of the following values:
- NotifyOnly
- RejectMessage
- RejectUnlessFalsePositiveOverride
- RejectUnlessSilentOverride
- RejectUnlessExplicitOverride
|
NotifySenderType specifies the type of Policy Tip
the sender will receive if a message they sent goes against a DLP
policy configured in the organization. The following list describes
each notification type:
- NotifyOnly Sender is notified, but the message is
delivered normally.
- RejectMessage Sender is notified, and the message is
rejected.
- RejectUnlessFalsePositiveOverride The message is
rejected unless it is marked as a false positive by the sender.
- RejectUnlessSilentOverride The message is rejected
unless the sender has chosen to override the policy
restriction.
- RejectUnlessExplicitOverride This is similar to
RejectUnlessSilentOverride type, but the sender also
provides a justification for overriding the policy restriction.
|
|
Prefix
|
Single string
|
Prefix accepts a string that's prepended to the
subject of the email message.
 Tip: |
To prevent the string that's specified with the
Prefix Transport rule action from being added to the
subject every time that a reply to the message encounters the
Transport rule, add the SubjectContains exception to
the Transport rule.
The SubjectContains exception should contain the
string that you specified with the Prefix Transport
rule action. If you add the SubjectContains exception
to the Transport rule, the Transport rule doesn't add another
instance of the Prefix string to the subject if the
Prefix string already appears in the subject. |
|
|
RejectReason
|
Single string
|
RejectReason accepts a string that's used to
populate the administrator information portion of the NDR returned
to the email sender if an email message is rejected.
|
|
RMSTemplateIdentity
|
RMS Template identity
|
RMSTemplateIdentity accepts an RMS Template
identity. You can get a list of RMS templates available on an
Active Directory RMS server in the Active Directory forest using
the Get-RMSTemplate cmdlet.
|
|
SclValue
|
Single integer
|
SclValue accepts a single integer from
-1 through 9, which is used to configure
the SCL of the email message.
|
For more
information
