Ex 07 Route outbound email differently based on sender?
Mike O.
internet email goes from the hub transport servers directly out to the
internet (inbound goes through antivirus/antispam filter, etc.).
We're looking at implementing an email encryption system for a subset of our
users (about 100). To do this, we'd like to set the hub servers so that any
outbound email from certain users (preferabley based on A/D group membership)
will go to a smarthost/relay, while everyone not in that group goes out
through the standard method.
It doesn't look like there is a way to set a send connector to only be used
by certain people; the only restriction seems to be based on recipient
domain. Is there some way to set this up so that only certain senders go
through this relay?
Mike O'Donnell
Ed Crowley [MVP]
a different AD site for those mailboxes, configure a new send connector that
directs mail to the encryption system, and configure both send connectors
with the -InScopedConnector:$True parameter to ensure that they're used only
by servers in their site.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"Mike O." <Mi...@discussions.microsoft.com> wrote in message
news:A23F1606-8118-4565...@microsoft.com...
JCirillo [MCA-M]
developer to write.
--
JC
![Oliver Moazzezi [MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXll6BnLmwYHZwTyWKE6Ih0dcSBKFLh6NhxnmEs6067SqMDdg=s40-c)
Oliver Moazzezi [MVP]
> This can be accomplished with a custom Transport Agent, which requires a
> developer to write.
> --
> JC
To dive deeper into this, you must have Exchange 2007 SP1 applied and you
can then take advantage of the EnvelopeRecipient.RoutingOverride property
when writing custom Transport Agents.
Read here for more information and sample code:
http://msdn.microsoft.com/en-us/library/microsoft.exchange.data.transport.enveloperecipient.routingoverride.aspx
Otherwise you will have to have to use a third party gateway (you may or may
not already) that can support this outside of Exchange or do as Ed states
and bound senders by AD Sites and limit the Send Connector scopes.
Oliver
Chrischmi
You can do this with our tool ptecs ExSBR - Sender Based Routing for
Exchange Server 2007 and 2010. You find a short description on
http://www.slipstick.com/exs/misc.asp or just write us an email to exsbr
at ptecs dot de - and you get an eval version from us.
Regards, Chrischmi
--
Chrischmi
http://forums.slipstick.com
Graham Hosking
I hope this helps people for the furture both with Exchange 2007 and 2010.
For this example we wanted to routing mail down diffent smart hosts, based on internal senders email address. But not to route internal mail differently. All you need to do is complie the code below in VS2010.
This routing agent was created to resolve the limitation of being able to route different users down the GovConnect send connector, with Sender Based Routing not being available "out of the box? in both Exchange versions 2007 and 2010.
Let's assume that you have an Exchange server with two send connectors, one being named the "Internet Connector" using DNS for the address space *. This connector will deal with all messages leaving the organisation. The other connector will also be an internet connector but named differently, for the example: "SmartHost Connector? this will have settings for the GovConnect smart host you want to use, however the domain name space is set to only allow this domain: "nexthopdomain.com?
This can be done as follows:
? Create an additional send connector "Smarthost Connector" pointing to the smarthost
? Specify a non-existing domain (e.g. nexthopdomain.com) as address space of the new connector
The agent code of this article shows you how to route messages from the domain of "yourdomainnamehere.gcsx.gov.uk? over the new connector, the routing for all other sender's won't be changed.
Make sure you change this part of the code to suit your domain and any other customisations. ;-) - e.g "youdomainnamehere!!!"
This code is released on a "as is? basis and has no liability to the Originator for use or any security implications that is may have.
1.) Create a C# project (dll/library type)
2.) Copy the following DLLs from the C:\Program Files\Microsoft\Exchange Server\Public directory of an Exchange 2007 server to the debug directory of your new C# project:
a. Microsoft.Exchange.Data.Common.dll
b. Microsoft.Exchange.Data.Transport.dll
3.) Add references to the two DLLs to the C# project using the Visual Studio solution explorer
4.) Add the following code to your project:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.Exchange.Data.Transport;
using Microsoft.Exchange.Data.Transport.Email;
using Microsoft.Exchange.Data.Transport.Smtp;
using Microsoft.Exchange.Data.Transport.Routing;
using Microsoft.Exchange.Data.Common;
//This is a custom transport agent for GovConnect re-routing, created by. 01/08/10 GH
namespace RoutingAgentOverride
{
public class gcRoutingAgentFactory : RoutingAgentFactory
{
public override RoutingAgent CreateAgent(SmtpServer server)
{
RoutingAgent myAgent = new ownRoutingAgent();
return myAgent;
}
}
}
public class ownRoutingAgent : RoutingAgent
{
public ownRoutingAgent()
{
//subscribe to different events
base.OnResolvedMessage += new ResolvedMessageEventHandler(ownRoutingAgent_OnResolvedMessage);
}
void ownRoutingAgent_OnResolvedMessage(ResolvedMessageEventSource source, QueuedMessageEventArgs e)
{
try
{
//
// This next bit checked each mail item for the secure domain for GCSX and subdomain
//
//
if (e.MailItem.FromAddress.DomainPart.Contains("domainnamehere.gcsx.gov.uk"))
{
// Here we set the address space we want to use for the next hop. Note that this doesn't change the recipient address.
// Setting the routing domain to "nexthopdomain.com" only means that the routing engine chooses a suitable connector
// for nexthopdomain.com instead of using the recipient's domain.
RoutingDomain myRoutingOverride = new RoutingDomain("nexthopdomain.com");
foreach (EnvelopeRecipient recp in e.MailItem.Recipients)
{
if (!recp.Address.DomainPart.Contains("YOUR-INTERNAL-DOMAINNAME_HERE"))
{
recp.SetRoutingOverride(myRoutingOverride);
}
}
}
}
catch // (Exception except)
{
}
}
}
5.) Compile the DLL
6.) Copy the DLL to the HubTransport server
7.) Install the transport agent using the Exchange Management Shell:
Install-TransportAgent "GCagent" -TransportAgentFactory "RoutingAgentOverride.gcRoutingAgentFactory" -AssemblyPath "Path to DLL"
8.) Enable the transport agent using the Exchange Management Shell:
Enable-TransportAgent "GCSX Agent"
9.) IMPORTANT: Exit Powershell
10.) IMPORTANT: Restart the MSExchangeTransport service, (restart-service msexchangetransport)
11.) Verify that the agent was successfully enabled / registered by running Get-Transportagent
> On Tuesday, August 25, 2009 2:23 PM Mike O. wrote:
> We have an Exchange 2007 system with about 5,000 users. Currently outbound
> internet email goes from the hub transport servers directly out to the
> internet (inbound goes through antivirus/antispam filter, etc.).
>
> We're looking at implementing an email encryption system for a subset of our
> users (about 100). To do this, we'd like to set the hub servers so that any
> outbound email from certain users (preferabley based on A/D group membership)
> will go to a smarthost/relay, while everyone not in that group goes out
> through the standard method.
>
> It does not look like there is a way to set a send connector to only be used
> by certain people; the only restriction seems to be based on recipient
> domain. Is there isome way to set this up so that only certain senders go
> through this relay?
>
> Mike O'Donnell
>> On Tuesday, August 25, 2009 8:47 PM Ed Crowley [MVP] wrote:
>> The only way I can think of doing that is to create a new Exchange server in
>> a different AD site for those mailboxes, configure a new send connector that
>> directs mail to the encryption system, and configure both send connectors
>> with the -InScopedConnector:$True parameter to ensure that they are used only
>> by servers in their site.
>> --
>> Ed Crowley MVP
>> "There are seldom good technological solutions to behavioral problems."
>> .
>>> On Tuesday, August 25, 2009 11:49 PM JCirillo [MCA-M] wrote:
>>> This can be accomplished with a custom Transport Agent, which requires a
>>> developer to write.
>>> --
>>> JC
>>>
>>>
>>> "Mike O." wrote:
>>>> On Thursday, September 03, 2009 5:20 AM Oliver Moazzezi [MVP] wrote:
>>>> To dive deeper into this, you must have Exchange 2007 SP1 applied and you
>>>> can then take advantage of the EnvelopeRecipient.RoutingOverride property
>>>> when writing custom Transport Agents.
>>>>
>>>> Read here for more information and sample code:
>>>> http://msdn.microsoft.com/en-us/library/microsoft.exchange.data.transport.enveloperecipient.routingoverride.aspx
>>>>
>>>>
>>>> Otherwise you will have to have to use a third party gateway (you may or may
>>>> not already) that can support this outside of Exchange or do as Ed states
>>>> and bound senders by AD Sites and limit the Send Connector scopes.
>>>>
>>>> Oliver
>>>>> Submitted via EggHeadCafe - Software Developer Portal of Choice
>>>>> Using ASP.NET Session with Silverlight and WCF Services
>>>>> http://www.eggheadcafe.com/tutorials/aspnet/c72cc77a-bf84-4180-a35b-46b8726ab782/using-aspnet-session-with-silverlight-and-wcf-services.aspx
Graham Hosking
}
}
}
catch // (Exception except)
{
}
}
}
Victor Ivanidze
http://ivasoft.com/routebysender.shtml
>>>>>>> Submitted via EggHeadCafe
>>>>>>> WCF Generic DataContract object Serializer
>>>>>>> http://www.eggheadcafe.com/tutorials/aspnet/59ae2b9e-a3be-4cd5-a0ef-939a7abbdc3a/wcf-generic-datacontract-object-serializer.aspx
Sky Port
Thanks, this is greate but can you explain the part related to the nexthopdomain ! is this the send connector name or the smarthost i'm routing the emails to.
#example:
I have 2 domain names on my exch server (domain1.com) and (domain2.com), i need all users addresses sending from: @domain1.com to use the connector which route to a smarthost, and all users addresses sending from: @domain2.com to use the default send connector.
i have 2 connectors:
connector1: type=smtp, add space= * , cost=1
connector2: type=smtp, add space= *.special.com , cost=1
please can you define the inputs in my example in the above agent code ? and send back to me.
Thank you in advance.
Regards,
SkyPorts
-------------------------
skyp...@gmail.com
>>>>>> This routing agent was created to resolve the limitation of being able to route different users down the GovConnect send connector, with Sender Based Routing not being available "out of the box” in both Exchange versions 2007 and 2010.
>>>>>>
>>>>>> Let's assume that you have an Exchange server with two send connectors, one being named the "Internet Connector" using DNS for the address space *. This connector will deal with all messages leaving the organisation. The other connector will also be an internet connector but named differently, for the example: "SmartHost Connector” this will have settings for the GovConnect smart host you want to use, however the domain name space is set to only allow this domain: "nexthopdomain.com”
>>>>>>
>>>>>> This can be done as follows:
>>>>>>
>>>>>> • Create an additional send connector "Smarthost Connector" pointing to the smarthost
>>>>>>
>>>>>> • Specify a non-existing domain (e.g. nexthopdomain.com) as address space of the new connector
>>>>>>
>>>>>> The agent code of this article shows you how to route messages from the domain of "yourdomainnamehere.gcsx.gov.uk” over the new connector, the routing for all other sender's won't be changed.
>>>>>>
>>>>>> Make sure you change this part of the code to suit your domain and any other customisations. ;-) - e.g "youdomainnamehere!!!"
>>>>>>
>>>>>> This code is released on a "as is” basis and has no liability to the Originator for use or any security implications that is may have.
>>>>>>> On Sunday, October 17, 2010 7:05 AM Graham Hosking wrote:
>>>>>>> Sender Based Routing is possible either via a Custom Transport Agent or 3rd party tools/appliance. Local authorities needed to comply with strict mail routing rules for COCO and Government Connect policies.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I hope this helps people for the furture both with Exchange 2007 and 2010.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> For this example we wanted to routing mail down diffent smart hosts, based on internal senders email address. But not to route internal mail differently. All you need to do is complie the code below in VS2010.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> This routing agent was created to resolve the limitation of being able to route different users down the GovConnect send connector, with Sender Based Routing not being available "out of the box” in both Exchange versions 2007 and 2010.
>>>>>>>
>>>>>>> Let's assume that you have an Exchange server with two send connectors, one being named the "Internet Connector" using DNS for the address space *. This connector will deal with all messages leaving the organisation. The other connector will also be an internet connector but named differently, for the example: "SmartHost Connector” this will have settings for the GovConnect smart host you want to use, however the domain name space is set to only allow this domain: "nexthopdomain.com”
>>>>>>>
>>>>>>> This can be done as follows:
>>>>>>>
>>>>>>> • Create an additional send connector "Smarthost Connector" pointing to the smarthost
>>>>>>>
>>>>>>> • Specify a non-existing domain (e.g. nexthopdomain.com) as address space of the new connector
>>>>>>>
>>>>>>> The agent code of this article shows you how to route messages from the domain of "yourdomainnamehere.gcsx.gov.uk” over the new connector, the routing for all other sender's won't be changed.
>>>>>>>
>>>>>>> Make sure you change this part of the code to suit your domain and any other customisations. ;-) - e.g "youdomainnamehere!!!"
>>>>>>>
>>>>>>> This code is released on a "as is” basis and has no liability to the Originator for use or any security implications that is may have.