2. Apply Common Monitoring and Restriction Scenarios
This section of the article walks you through a few fictitious scenarios where monitoring or
restricting email would be a good idea. You'll learn how to do the
following:
Prevent two parties from sending email to each other. Require approval by a third party when messages are sent about a specific topic. Monitor email between two people without their knowledge.
2.1. Restrict Communications with an Ethical Wall
In Exchange Server 2010, you can restrict communications between parties using an ethical wall.
An ethical wall is a transport rule that drops messages from one party
to another. Some organizations may implement ethical walls to prevent
any potential conflicts of interest. For example, some large contracting
organizations may have multiple programs that compete for the same
contract. You could use an ethical wall to prevent these programs from
exchanging messages.
To establish an ethical
wall, you can use a transport rule that drops messages. The high-level
steps for configuring an ethical wall are as follows:
Create two distribution groups and place both parties in different groups. Create
a transport rule to drop messages and return a Non-Delivery Report
(NDR) when a message is sent from the members of one group to another.
To create an ethical wall between two parties using the EMC:
Open the EMC and browse to the Organization Configuration => Hub Transport node in the Console tree. In the Actions pane, click the New Transport Rule action. This launches the New Transport Rule wizard. On the Introduction screen, type a name for the transport rule, such as Ethical Wall between Program A and Program B, in the Name field. Ensure that the Enable Rule box is checked and click Next. On
the Conditions screen, select the condition Between Members Of
Distribution List And Distribution List. In the rule description text
box, click on the words Distribution List and select the two
distribution groups that should not communicate with each other. This
completed configuration is shown in Figure 4.
Click the Next button to continue. In
the Actions dialog box, select the action Send Rejection Message To
Sender With Enhanced Status Code. In the rule description text box,
modify the Rejection Message text to the message that you want the
sender to receive when mail is sent to the other party. Also,
change the Enhanced Status Code to 5.7.1, which is a standard message
rejection code. The configuration of the actions is shown in Figure 5. Click Next to continue. On the Exceptions screen, leave everything unchecked and click Next.
On the Create Rule screen, click New to create the ethical wall. At the Completion screen, click Finish to complete the process and close the wizard.
2.2. Enforce Email Approval Based on Keyword
A scenario that you
may encounter is the potential leakage of important information about a
topic. In this scenario, there have been leaks to the public about
Contoso's new product called "Arius." Contoso doesn't want to restrict
all communication about Arius, but it does want to ensure that any
explicitly malicious communication is caught. In this scenario I will
show you how to create a rule that forwards messages that are sent
outside the company about Arius to the marketing team for approval. To
configure this email inspection rule in the EMC, use the following
steps:
Open the EMC and browse to the Organization Configuration => Hub Transport node in the Console tree. In the Actions pane, click the New Transport Rule task. This launches the New Transport Rule wizard. On the Introduction screen, type a name for the transport rule, such as Arius Approval, in the Name field. Ensure that the Enable Rule box is checked and click Next. On
the Conditions screen, select the condition When The Subject Field Or
The Body Of The Message Contains Text Patterns. In the rule description
text box, click on the words Text Patterns and type the keywords that
you want to trigger this rule. In this scenario, I will only use the
keyword arius. Also select
the condition Sent To Users That Are Inside Or Outside The Organization,
Or Partners. In the rule description, set this rule to trigger when
messages are sent outside the organization. This completed configuration
is shown in Figure 6.
Click Next to continue. On
the Actions screen, select the action Forward The Message To Addresses
For Moderation. In the rule description text box, click the Addresses
text and select the mailbox that you want to use for approving these
messages. In this scenario, the marketing@contoso.com mailbox will approve all external communications about Arius. The configuration of the actions is shown in Figure 7.
Click Next to continue. On the Exception screen, leave everything unchecked and click Next. On the Create Rule screen, click New to create the ethical wall. At the Completion screen, click Finish to complete the process and close the wizard.
2.3. Quietly Monitor Communications Between Certain Parties
In this final
scenario, Contoso suspects that one of their employees, John Morris, is
collaborating with Bob Jones in accounting, in order to launder money
for an underground crime ring. One acceptable way of monitoring
communications between John and Bob is through journaling. However,
journaling will obtain everything sent and received by those two people
instead of just the messages that they sent to each other. Therefore, we
will use a transport rule to monitor the email conversations between
Bob and John without them knowing.
Open the EMC and browse to the Organization Configuration => Hub Transport node in the Console tree. In the Actions pane, click the New Transport Rule task. This launches the New Transport Rule wizard. On the Introduction screen, type a name for the transport rule, such as Monitor Bob and John, in the Name field. Ensure that the Enable Rule box is checked and click Next. At
the Conditions screen, select the conditions From People and Sent To
People. In the rule description text box, click the word People and
select John and Bob's addresses. Click Next to continue. On
the Actions screen, select the action Blind Carbon Copy (Bcc) The
Message To Addresses. In the rule description text box, click the
Addresses text and select the mailbox that you want to use for
monitoring these messages. This configuration is shown in Figure 8.
Click Next to continue. On the Exception screen, leave everything unchecked and click Next. On the Create Rule screen, click New to create the ethical wall. At the Completion screen, click Finish to complete the process and close the wizard.
|
