Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

Microsoft Exchange Server 2010 allows you to use a transport rule to reject messages based on conditions specified in the rule. The RejectMessage transport rule action is used to reject messages. When a message is rejected, a non-delivery report (NDR) is returned to the sender and the original message is deleted. When you create a transport rule on an Exchange 2010 Hub Transport server to reject messages, Exchange 2010 allows you to specify a delivery status notification (DSN) code, also known as an enhanced status code, and a rejection message.

For more information about transport rules, see Understanding Transport Rules.

Exchange 2010 also lets you customize the contents of the NDR that is returned to the sender by creating a custom DSN message. The custom content can contain information that you want to send to the recipient of the NDR, such as policy information and specific troubleshooting or contact information. For more information about how to customize DSN messages, see Managing Delivery Status Notifications.

The RejectMessage Transport Rule Action

To reject messages and specify a DSN message by using a transport rule, you must create the rule on a Hub Transport server. In the Shell, the transport rule action is known by the RejectMessage identifier. The same action is displayed using the descriptive string send rejection message to sender with enhanced status code in the EMC. The RejectMessage action lets you specify the following properties:

  • Enhanced Status Code   The enhanced status code you specify is displayed in the Diagnostic information for administrators section of the NDR. The value that's specified with this property can be 5.7.1, or any value from 5.7.10 through 5.7.999, inclusively. Enhanced status codes are also associated with a descriptive message that's displayed in the user information section of the NDR. If you use the Shell to create a transport rule, you must use the RejectMessageEnhancedStatusCode parameter to specify the enhanced status code.

  • Reject Reason   The text that's specified in this property is displayed in the Diagnostic information for administrators section of the NDR. If you use the Shell to create the rule, you can use the RejectMessageReasonText parameter to specify the reject reason.

Note:
If you use the Shell to create a transport rule that uses the RejectMessage action, you can create the rule without specifying the rejection message. If you don't specify the rejection message, the following default rejection message is used: Delivery not authorized, message refused. If you use the New Transport Rule wizard in EMC to create the rule, you must specify both the rejection message and the enhanced status code.

When you create a new transport rule with the RejectMessage transport rule action, Exchange 2010 searches the DSN message list for a DSN code that matches the value that is specified in the RejectMessageEnhancedStatusCode property of the transport rule. If a matching DSN code is found, Exchange 2010 automatically associates that DSN message with the transport rule action. If no matching DSN code is found, Exchange 2010 displays the following warning when you create the transport rule: No custom DSN text is configured for the enhanced status code '5.7.xxx'. You can use the New-SystemMessage cmdlet to customize DSNs.

Note:
If you specify a DSN code other than 5.7.1, you must create a custom DSN message to associate with that DSN code. If a matching DSN code doesn't exist, Exchange 2010 uses the 5.7.0 DSN code.

Use the EMC to create a transport rule to reject messages and provide a custom DSN code

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Transport rules" entry in the Messaging Policy and Compliance Permissions topic.

  1. On the Conditions page, select the between members of distribution list and distribution list condition, and then select the distribution groups that you want the transport rule to be applied to. For example, the following figure shows that the Sales Group distribution group and Brokerage Group distribution group have been selected for use with the condition.

    Note:
    The between members of distribution list and distribution list predicate used in step 1 is an example. You can use any condition to suit your requirements.
  2. On the Actions page, select the send rejection message to sender with enhanced status code action, and then type the text for the rejection message. To provide a helpful DSN message that explains why the message was rejected, specify a custom DSN code. For example, the following figure specifies that the rejection message Text to display in the "Diagnostic information for administrators" section will be included in the rejection message and will also include the custom DSN code 5.7.228. This code is associated with a new custom DSN message that's created by the command shown in DSN Message Association later in this topic.

Note:
You can check whether a custom DSN message already exists for a particular DSN code. Use the Get-SystemMessage cmdlet to list all custom DSN messages. You can also list standard DSN codes and the associated DSN messages by using the Get-SystemMessage cmdlet with the Original switch
Ethical wall created by using transport rule

For more information about how to create transport rules and how to configure an ethical wall, see the following topics:

Use the Shell to create a transport rule to reject messages and provide a custom DSN code

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Transport rules" entry in the Messaging Policy and Compliance Permissions topic.

This example creates the transport rule SalesBrokerageEthicalWall to reject messages between the Sales and Brokerage distribution groups and use the custom DSN code 5.7.228 in the rejection response.

Note:
The BetweenMemberOf predicate used in this procedure is an example. You can use any condition to suit your requirements.
Copy Code
New-TransportRule SalesBrokerageEthicalWall -BetweenMemberOf1 "Sales" -BetweenMemberOf2 "Brokerage" -RejectMessageEnhancedStatusCode "5.7.228" -RejectMessageReasonText "Text to display in the 'Diagnostic information for administrators' section"

For detailed syntax and parameter information, see New-TransportRule.

Custom DSN Message Association

You use the New-SystemMessage cmdlet to create a custom DSN message for a DSN code. After the custom DSN message is created, Exchange 2010 automatically uses it when rejecting a message with the specified DSN code. If you specify the same custom DSN code in multiple transport rules, the DSN message is inserted in the NDRs that are generated by those transport rules.

Note:
If you want to change the default text associated with the 5.7.1 DSN code, you must create a new custom DSN message by using the New-SystemMessage cmdlet. However, if you do this, the new text will be displayed any time that the 5.7.1 DSN code is used, including for messages that are rejected by other components of Exchange transport. Therefore, we recommend that you create a new DSN code for specific transport rule actions.

This example creates a custom DSN message with the DSN code 5.7.228. The DSN message is created in English. The message also includes a link to an internal Web site, which can provide more details about the organization's messaging policies.

Copy Code
New-SystemMessage -DsnCode 5.7.228 -Language En -Internal $True -Text 'Sending messages between the Sales and Brokerage groups is prohibited by policy #123. For more information, see <a href="http://intranet.contoso.com/policy.html#123">Compliance Policy 123</a>.'

The following figure shows the result of entering the preceding command in the Shell.

Custom DSN Message Creation for use by rule
Note:
You can create custom DSN messages in additional languages and also remove the English versions of DSN messages completely. For a list of supported languages that you can use with DSN messages, see Supported Locales for Use with System Messages.

Example of an NDR with a Custom DSN Message

After you've created a custom DSN message for the DSN code you specified in the RejectMessage transport rule action, Exchange 2010 can use the custom DSN code and message in NDRs to senders whose messages are blocked by that transport rule.

For example, the following figure shows an NDR that was sent to Mark Steele who is a member of the Brokerage Group distribution group. He received the NDR because he tried to send a message to Jason McCue, who is a member of the Sales Group distribution group. A transport rule was created to enforce an ethical wall between the Brokerage Group and Sales Group. This transport rule prevents members of these groups from sending messages to each other.

The DSN message in the following figure also shows the link to the relevant corporate compliance policy. By clicking this link, Mark can read the policy that prohibits communication between the two groups.

NDR generated by ethical wall transport rule