Exchange Server 2007 message classifications in and of themselves do not provide any enforced security. They only help users classify the confidentiality of their email messages. However, it is possible to use Exchange 2007 transports rules to perform various actions to secure and control the handling and distribution of email based on its message classification. In this part of the tutorial, I will show you how transport rules can be used to perform actions based on message classifications, automatically assign a message classification to an email based on its content, or both.
What are Exchange 2007 transport rules?
Transport rules are new to Exchange Server 2007. They are similar to Microsoft Outlook rules, but with a couple of important differences. First, transport rules are established by the administrator, not by end users. Another important difference is that transport rules are applied to messages in transit. By comparison, Microsoft Outlook rules are generally applied to messages as they arrive in user mailboxes.
The advantage to Exchange 2007 transport rules is that they can alter an email, or a message's routing, prior to its delivery. That is why transport rules are perfect for assigning classification to email, or performing an action based on a message's classification.
Transport rule basics
Like Microsoft Outlook rules, Exchange Server 2007 transport rules are based on conditions, actions and exceptions
For example, the condition might be that a message has been assigned a particular classification. When a message meets the condition described by the transport rule, the rule performs the prescribed action. The action might involve forwarding a copy of the message to someone, adding text to the message, or any number of other things.
Not all Exchange 2007 transport rules will use exceptions, but they are available if you need them. An exception gives you the chance to specify conditions in which an action should not be performed -- even if the email meets all of the conditions you have defined in the transport rule.
For example, suppose that you're creating a rule stating that email with a particular message classification should be forwarded to a specific individual within your company. However, if the message was being sent to that person anyway, then there is no reason for the rule to send a copy to them. To avoid duplication, you can define an exception stating that all messages with a particular message classification should only be sent to this particular person if the receipient's name isn't listed in the message's "To" or "CC" fields.
Responding to a message classification
In real life, you can create an Exchange 2007 transport rule based on any message classification you want. The rule could perform virtually any action when a message with the specified classification is sent. But for the purposes of this part of the tutorial, let's create a rule centered around the "attorney-client privileged" message classification.
We'll create the transport rule so that any time an email uses the attorney-client privileged message classification, the words "Attorney-Client Privileged" are added to the message's subject line. We'll also design the rule so that copies of the message are automatically forwarded to the corporate attorney. Just to make things interesting, we'll also set up an exception in which the transport rule will not apply if the email is already being sent to the attorney.
- Begin the process by opening the Exchange Management Console and navigating through the console tree to Organization Configuration -> Hub Transport.
- Select the Transport Rules tab, which will display any existing Exchange 2007 transport rules.
- To create our transport rule, click the New Transport Rule link found in the Actions pane to launch the New Transport Rule wizard.
- Enter a name for the rule. You can also use the Comment field to enter a more detailed description of what the rule does. Click the Next button after you've entered this information.
- The wizard will now take you to the Conditions screen. As you will recall from earlier, our condition is that the message is classified as attorney-client privileged. That being the case, you must select the Marked with Classification checkbox.
- The lower half of the screen will now display the words Marked with Classification with the word "Classification" hyperlinked. Click on this hyperlink and choose the ExACPrivileged classification.
- Click OK and the text at the bottom of the screen will be updated to reflect the message classification you've chosen, as shown in Figure 9.
Figure 9: Classifying a message with ExACPrivileged.
- Click Next and you will be prompted to select an action to perform when a message meets the defined condition.
- As I mentioned earlier, we are designing this Exchange 2007 transport rule so that, when a message is flagged with the attorney/client privileged classification, a copy will be sent to the attorney and the text "Attorney/Client Privileged" will be added to the subject line. To accomplish this, select the Add a Recipient in the To Field Address checkbox and the Prepend the Subject With String checkbox.
- This time the words String and Addresses will be hyperlinked at the bottom of the screen. Click on the String hyperlink and you will be prompted to enter the text you want to add to the subject line.
- Enter [Attorney/Client Privileged] and click OK.
- Now click on the Addresses hyperlink and select the email address to which you want to send a copy of the message.
- Click OK, and the screen should be updated to look something like what you see in Figure 10. Notice that I have chosen to use a distribution list rather than a single email address. I did this to demonstrate the flexibility of Exchange 2007 transport rules.
Figure 10: Transport Rules can perform multiple actions on a message.
- Click Next and you will be prompted to create an exception to the rule.
Again, exceptions are optional, but we are going to create an exception in which a message won't be forwarded to the lawyers if it is already being sent to the lawyers anyway. As was the case with the actions, you can specify multiple exceptions.
- To create an exception, select the Except When Any of the Recipients in the To Field is People checkbox and the Except When Any of the Recipients in the CC Field is People checkbox.
- As I'm sure you expect by now, the two exceptions are added to the bottom of the screen and in both cases, the word People is hyperlinked. Click on this hyperlink and enter your attorney's email address in the space provided.
- Click OK and the screen should look something like what you see in Figure 11.
Figure 11: Exceptions can be created to avoid duplication.
- Click Next and you will see a summary of the options that you have entered. Assuming that everything looks good, click New to create the Exchange 2007 transport rule.
Automatically classifying email using Exchange 2007 transport rules
Now that I have shown you how Exchange Server 2007 transport rules can respond to an email message's classification, I want to show you how they can also be used to assign a classification to an unclassified message based on content. To see how this works, let's pretend that any message mentioning the "Contoso Project" should be classified as "Company Confidential."
- To create such a rule, go back to the Organization Configuration -> Hub Transport container and click the New Transport Rule link.
- Enter a name and description for the new rule as you did earlier and click Next.
- You will now be taken to the wizard's Conditions screen. This time, we are basing the condition on the message's content. Therefore, you should select the When the Subject Field or the Body of the Message Contains Specific Words checkbox.
- The bottom of the screen will be updated to reflect this condition, and the words Specific Words will be hyperlinked. Click on the hyperlink and enter "Contoso Project" in the space provided to see a screen like the one shown in Figure 12.
Figure 12: You can create a transport rule based on a message's content.
- Click Next and you will be prompted to assign an action. This time, you should select the Assign Message Classification checkbox.
- Click the Message Classification hyperlink and chose the ExCompanyConfidential classification.
- Click OK and the New Transport Rule wizard should be updated to look like the one shown in Figure 13.
Figure 13: You can apply a message classification as an action.
- Click Next and you will be prompted to enter an exception. We won't worry about creating an exception for this particular Exchange 2007 transport rule, so just click Next one more time.
- You should now see a summary of the rule that you are creating. If everything looks OK, click New and the transport rule will be created.
TUTORIAL: HOW TO SET UP EXCHANGE 2007 MESSAGE CLASSIFICATIONS
Part 1: An overview of Exchange 2007 message classifications
Part 2: Displaying message classifications in Outlook 2007
Part 3: Creating custom message classifications in Exchange 2007
Part 4: Applying message classifications with Exchange 2007 transport rules
|ABOUT THE AUTHOR:|
Brien M. Posey, MCSE|
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
This was first published in September 2007