Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-07-26

This topic explains how to use the Exchange Management Console or the Exchange Management Shell to configure message delivery restrictions.

Microsoft Exchange Server 2007 allows you to place restrictions on how messages are delivered to individual recipients. Message delivery restrictions can be useful for controlling access to specific recipients in your Exchange 2007 organization. To learn more about message delivery restrictions, see Understanding Recipient Restrictions.

The message delivery restrictions that are covered in this topic apply to all recipient types in Exchange 2007. To learn more about the recipient types in Exchange 2007, see Understanding Recipients.

Before You Begin

To perform the following procedures, the account you use must be delegated the following:

Exchange Recipient Administrator role

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Procedure

Exchange 2007 Service Pack 1 (SP1)

In Exchange 2007 SP1, shared mailboxes are not displayed in the Exchange Management Console. You can only use the Exchange Management Shell to configure message delivery restrictions for these recipients.

To use the Exchange Management Console to configure message delivery restrictions for a recipient

Start the Exchange Management Console.
For all recipients, except mail-enabled public folders, perform the following steps:
1. In the console tree, expand Recipient Configuration.
2. In the result pane, select the recipient for which you want to configure message delivery restrictions.
3. Proceed to Step 4.
For mail-enabled public folders, perform the following steps:
1. In the console tree, click Toolbox.
2. In the result pane, click Public Folder Management Console, and then, in the action pane, click Open Tool. The Public Folder Management Console appears in a separate Microsoft Management Console (MMC).
3. In the console tree, expand Default Public Folders, and then click the public folder that you want to configure. If the public folder you want to configure is a top-level public folder, then click Default Public Folders.
4. In the result pane, click the public folder for which you want to configure message delivery restrictions.
5. Proceed to Step 4.
In the action pane, under the recipient name, click Properties.
In <Recipient> Properties, click the Mail Flow Settings tab.
Select Message Delivery Restrictions from the list of mail flow settings, and then click Properties.

In Message Delivery Restrictions, use the following fields to configure message delivery restrictions for this recipient:

Accept messages from Click All senders to configure this recipient to accept messages from all senders, which includes senders in both the Exchange organization and external senders. This is selected by default.

Note:
This option includes external users only if you clear the Require that all senders are authenticated check box. If that check box is selected, messages from external users will be rejected, even if All senders is selected.

Click Only senders in the following list to configure this recipient to accept messages only from a specified set of senders in the Exchange organization.

After you click this option, you must click Add to select senders from whom to accept messages. This opens the Select Recipient dialog box, which displays a list of all recipients in the Active Directory directory service forest. Select the recipients you want, and then click OK. You can also search for a specific recipient by typing its name in the Search box, and then clicking Find Now. To remove a sender from the list, select the sender, and then click .
Require that all senders are authenticated Select this check box to prevent anonymous users from sending messages to this recipient.

Note:

By default, this check box is selected for only distribution groups and dynamic distribution groups.
Reject messages from Click No senders to configure this recipient to not reject messages from any senders in the Exchange organization. This is selected by default. Click Senders in the following list to configure this recipient to reject messages from a specified set of senders in the Exchange organization.

After you click this option, you must click Add to select senders from whom to reject messages. This opens the Select Recipient dialog box, which displays a list of all recipients in the Active Directory forest. Select the recipients you want, and then click OK. You can also search for a specific recipient by typing its name in the Search box and then clicking Find Now. To remove a sender from the list, select the sender and click .

Click OK to return to the Mail Flow Settings tab.
Click OK.

Note:
By default, this check box is selected for only distribution groups and dynamic distribution groups.

The following procedure shows you how to use the Exchange Management Shell to configure message delivery restrictions for a mailbox. For other recipient types, use the corresponding Set- cmdlet with the same parameters.

To use the Exchange Management Shell to configure message delivery restrictions for a mailbox

To configure the mailbox John Smith to accept messages only from the users Lori Penor, Jeff Phillips, and members of the distribution group Sales Department, run the following command:

	Copy Code
Set-Mailbox -Identity "John Smith" -AcceptMessagesOnlyFrom "Lori Penor","Jeff Phillips" -AcceptMessagesOnlyFromDLMembers "Sales Department"

Note:
If you are configuring a mailbox to accept messages only from individual senders, you must use the AcceptMessagesOnlyFrom parameter. If you are configuring a mailbox to accept messages only from senders that are members of a specific distribution group, you must use the AcceptMessagesOnlyFromDLMembers parameter.

To configure the mailbox John Smith to require all senders to be authenticated, run the following command:
Copy Code
Set-Mailbox -Identity "John Smith" -RequireSenderAuthenticationEnabled $true

	Copy Code
Set-Mailbox -Identity "John Smith" -RequireSenderAuthenticationEnabled $true

To configure the mailbox John Smith to reject messages from the users Joe Healy, Ellen Adams, and members of the distribution group Sales Department Contractors, run the following command:

	Copy Code
Set-Mailbox -Identity "John Smith" -RejectMessagesFrom "Joe Healy","Ellen Adams" -RejectMessagesFromDLMembers "Sales Department Contractors"

Note:
If you are configuring a mailbox to reject messages from individual senders, you must use the RejectMessagesFrom parameter. If you are configuring a mailbox to reject messages from senders that are members of a specific distribution group, you must use the RejectMessagesFromDLMembers parameter.

For detailed syntax and parameter information, see the following reference topics:

Release to Manufacturing (RTM) Version of Exchange 2007

In Exchange 2007 RTM, shared mailboxes and mail-enabled public folders are not displayed in the Exchange Management Console. You can only use the Exchange Management Shell to configure message delivery restrictions for these recipients.

To use the Exchange Management Console to configure message delivery restrictions for a recipient

Start the Exchange Management Console.
In the console tree, expand Recipient Configuration.
In the result pane, select the recipient for which you want to configure message delivery restrictions.
In the action pane, under the recipient name, click Properties.
In <Recipient> Properties, click the Mail Flow Settings tab.
Select Message Delivery Restrictions from the list of mail flow settings, and then click Properties.

In Message Delivery Restrictions, use the following fields to configure message delivery restrictions for this recipient:

Note:
This option includes external users only if you clear the Require that all senders are authenticated check box. If that check box is selected, messages from external users will be rejected, even if All senders is selected.

Click Only senders in the following list to configure this recipient to accept messages only from a specified set of senders in the Exchange organization.

After you click this option, you must click Add to select senders from whom to accept messages. This opens the Select Recipient dialog box, which displays a list of all recipients in the Active Directory directory service forest. Select the recipients you want, and then click OK. You can also search for a specific recipient by typing its name in the Search box, and then clicking Find Now. To remove a sender from the list, select the sender, and then click .
Require that all senders are authenticated Select this check box to prevent anonymous users from sending messages to this recipient.

Note:

By default, this check box is selected for only distribution groups and dynamic distribution groups.
Reject messages from Click No senders to configure this recipient to not reject messages from any senders in the Exchange organization. This is selected by default. Click Senders in the following list to configure this recipient to reject messages from a specified set of senders in the Exchange organization.

After you click this option, you must click Add to select senders from whom to reject messages. This opens the Select Recipient dialog box, which displays a list of all recipients in the Active Directory forest. Select the recipients you want, and then click OK. You can also search for a specific recipient by typing its name in the Search box and then clicking Find Now. To remove a sender from the list, select the sender and click .

Click OK to return to the Mail Flow Settings tab.
Click OK.

Note:
By default, this check box is selected for only distribution groups and dynamic distribution groups.

To use the Exchange Management Shell to configure message delivery restrictions for a mailbox

To configure the mailbox John Smith to accept messages only from the users Lori Penor, Jeff Phillips, and members of the distribution group Sales Department, run the following command:

	Copy Code
Set-Mailbox -Identity "John Smith" -AcceptMessagesOnlyFrom "Lori Penor","Jeff Phillips" -AcceptMessagesOnlyFromDLMembers "Sales Department"

Note:
If you are configuring a mailbox to accept messages only from individual senders, you must use the AcceptMessagesOnlyFrom parameter. If you are configuring a mailbox to accept messages only from senders that are members of a specific distribution group, you must use the AcceptMessagesOnlyFromDLMembers parameter.

To configure the mailbox John Smith to require all senders to be authenticated, run the following command:
Copy Code
Set-Mailbox -Identity "John Smith" -RequireSenderAuthenticationEnabled $true

	Copy Code
Set-Mailbox -Identity "John Smith" -RequireSenderAuthenticationEnabled $true

To configure the mailbox John Smith to reject messages from the users Joe Healy, Ellen Adams, and members of the distribution group Sales Department Contractors, run the following command:

	Copy Code
Set-Mailbox -Identity "John Smith" -RejectMessagesFrom "Joe Healy","Ellen Adams" -RejectMessagesFromDLMembers "Sales Department Contractors"

Note:
If you are configuring a mailbox to reject messages from individual senders, you must use the RejectMessagesFrom parameter. If you are configuring a mailbox to reject messages from senders that are members of a specific distribution group, you must use the RejectMessagesFromDLMembers parameter.

For detailed syntax and parameter information, see the following reference topics:

For More Information

To learn more about message delivery restrictions, see Understanding Recipient Restrictions.

For more information about managing recipients, see Managing Recipients.

To learn more about recipients in Exchange 2007, see Understanding Recipients.