Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2010-08-05
Using the moderated transport feature in Microsoft Exchange Server 2010, you can require all e-mail messages sent to specific recipients be approved by moderators. You can configure any type of recipient as a moderated recipient, and Exchange 2010 Hub Transport servers will ensure that all messages sent to those recipients go through an approval process.
In any type of organization, you may need to restrict access to specific recipients. The most common scenario is the need to control messages sent to large distribution groups. Depending on your organization's requirements, you may also need to control the messages sent to executive mailboxes or partner contacts. You can use moderated recipients to accomplish these tasks.
|Previous versions of Exchange don't support moderated recipients. If a message sent to a moderated distribution group is expanded on a Hub Transport server running Exchange Server 2007, it will be delivered to all members of that distribution group, bypassing the moderation process. If you have Exchange 2007 Hub Transport servers in your Exchange 2010 organization, and you want to use moderated distribution groups, you must designate an Exchange 2010 Hub Transport server as the expansion server for the moderated distribution groups. Doing this ensures that all messages sent to the distribution group are moderated.|
Moderated transport relies on the Exchange 2010 approval framework. For more information about the approval framework, see Understanding Approval Framework.
Looking for management tasks related to transport servers? See Managing Transport Servers.
The moderated transport application consists of the following components:
- Categorizer The transport categorizer
initiates the approval process. When the categorizer detects a
moderated recipient while processing a message, it reroutes the
message to the arbitration mailbox.
- Store driver The store driver processes
the messages that the categorizer marks for moderation. When the
store driver encounters such a message, it stores the original
message in the arbitration mailbox and sends approval requests to
the moderators. When a moderator responds with a decision, the
store driver marks that decision on the message that's stored in
the arbitration mailbox. If an approved message is submitted again
by the Information Assistant, the store driver removes the approval
workflow wrappers so the message that's delivered is identical to
the original message submitted by the sender.
- Information Assistant The Information
Assistant process monitors the arbitration mailbox. The Information
Assistant resubmits any approved messages to the submission queue
for delivery to the intended recipients, or it deletes rejected
messages. The Information Assistant is also responsible for sending
rejection notifications to the sender. In addition, it cleans up
the arbitration mailbox by deleting any stale or orphaned messages
from the arbitration mailbox. For example, if a moderator simply
deletes an approval request instead of making a decision, the
corresponding message waiting for approval in the arbitration
mailbox needs to be removed by the Information Assistant.
- Arbitration mailbox The arbitration
mailbox is used to store the original message that's awaiting
approval. By default, one arbitration mailbox is created for
moderated transport during setup. It's used for all moderated
recipients. You can add additional arbitration mailboxes for load
balancing purposes. If you're using multiple arbitration mailboxes,
you need to specify which mailbox to use for each moderated
Message Flow for Moderated Recipients
When a user sends a message to a recipient for whom message moderation is enabled, the message follows a path to its destination, as shown in the following figure and described in the following steps.
- The sender creates a message and sends it to the moderated
- The categorizer intercepts the message, marks it for
moderation, and then reroutes it to the arbitration mailbox.
- The store driver stores the message in the arbitration mailbox
and sends an approval request to the moderator.
- The moderator uses the buttons in the approval request to
either accept or reject the message.
- The store driver marks the moderator's decision on the original
message stored in the arbitration mailbox.
- The Information Assistant reads the approval status on the
message stored in the arbitration mailbox, and then processes the
message depending on the moderator's decision:
- If the moderator has approved the message, the Information
Assistant resubmits the message to the submission queue, and the
message is delivered to the recipient.
- If the moderator has rejected the message, the Information
Assistant deletes the message from the arbitration mailbox and
notifies the sender that the message was rejected.
Note: If the moderator doesn't respond to the message within five days, the Information Assistant will delete the message from the arbitration mailbox and notify the sender that their message has expired.
- If the moderator has approved the message, the Information Assistant resubmits the message to the submission queue, and the message is delivered to the recipient.
Handling Multiple Moderated Recipients
It's possible to send a message to a group of recipients that includes both moderated recipients and recipients that aren't moderated. In this case, a separate approval process occurs for each moderated recipient.
Consider a message that's sent to 12 recipients, one of which is a moderated distribution group. The categorizer splits this message into two messages. One message is delivered immediately to the 11 recipients that aren't moderated, and the second message is submitted to the approval process for the moderated distribution group.
If a message is intended for more than one moderated recipient, a separate copy is created for each moderated recipient and is submitted to the approval process.
A moderated distribution group may contain other
moderated recipients. In this case, after the message to the
distribution group is approved, a separate approval process occurs
for each moderated recipient that's a member of the distribution
group. However, you can also enable the automatic approval of the
distribution group members after the message to the moderated
distribution group is approved. To do this, you set the
BypassNestedModerationEnabled parameter of the moderated
distribution group to
$true. For more parameter and
syntax information, see Set-DistributionGroup.
Messages from moderators are delivered to the moderated recipient immediately, bypassing the approval process. By definition, a moderator has the authority to determine what messages are appropriate for a moderated recipient.
Moderation is also bypassed for owners of distribution groups and dynamic distribution groups. The owner of a distribution group can be responsible for managing the distribution group membership, but may not be able to moderate messages sent to it. For example, the account provisioning staff may be the owners of a distribution group called All Employees, but only specific people in human resources may have moderator rights for the same distribution group.