02/05/2016

Understanding How Transport Rules Are Applied: Exchange 2010 Help

Understanding How Transport Rules Are Applied

Exchange 2010

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 20100125
In MicrosoftExchange Server 2010, transport rules allow you to apply messaging policies to messages in the transport pipeline. Actions such as redirecting a
message or adding recipients, rightsprotecting messages, and rejecting or silently deleting a message can be taken on messages that match the conditions and
none of the exceptions defined in the rule.
Given the scope and potential impact of transport rules on messages, it's important to understand how transport rules work. To learn more about transport rules, see
Understanding Transport Rules. For a comprehensive list of transport rule predicates and actions available on the Hub Transport server and Edge Transport server,
see Transport Rule Predicates and Transport Rule Actions.
Looking for management tasks related to managing transport rules? Check out Managing Transport Rules.
Contents
Transport Rule Scope
Transport Rule Replication
Order in Which Transport Rules are Applied
Transport Rules and Group Membership

Transport Rule Scope

Although the procedures used to create and modify transport rules on each server role are the same, the scope of transport rules on each server role is very
different.

Transport rule scope

Transport component

Hub Transport server role

Edge Transport server role

Agent

Transport Rules agent

Edge Rules agent

Transport event

OnRoutedMessage

EndOfData

Rule storage

Active Directory domain

controllers

Active Directory Lightweight Directory Services

ADLDS local

Rule replication

Active Directory replication

No automated replication between Edge Transport

servers

Rule scope

Entire Exchange organization

Local to each Edge Transport server

Message types

All messages except system

messages

All messages

Lookup distribution group membership

Yes

No

Lookup Active Directory attributes

Yes

No

Inspect or modify Information Rights Management IRMprotected

message content

Yes requires transport

decryption

No

Rule Storage and Replication

https://technet.microsoft.com/en-us/library/bb124703(v=exchg.141).aspx

1/4

02/05/2016

Understanding How Transport Rules Are Applied: Exchange 2010 Help

The transport rules you create on a Hub Transport server are stored in Active Directory and are available after Active Directory replication on all Hub Transport
servers in your Exchange 2010 organization. This allows you to apply a consistent set of rules across the entire Exchange organization.
Transport rules created on an Edge Transport server are stored in the local instance of ADLDS. No automated replication of configuration information or
transport rules occurs between two Edge Transport servers. You can use distinct sets of transport rules on different Edge Transport servers. For example, if an
organization uses a different set of Edge Transport servers for inbound and outbound messages to and from the Internet, different rules can be used on these
servers. Rules created on the Edge Transport server apply only to messages that pass through that server. However, if applying the same set of transport rules
on all Edge Transport servers is a requirement, you can also clone the Edge Transport server configuration, or export transport rules from one Edge Transport
server and import it to other Edge Transport servers. For more details, see Understanding Edge Transport Server Cloned Configuration and Export and Import
Transport Rules.

Message Types
On Edge Transport servers, rules apply to all messages. On Hub Transport servers, rules are applied to messages that meet the following criteria:
Messages sent by anonymous sendersTransport rules are applied to all messages received from anonymous senders. Email received from the
Internet falls under this category.
Messages sent between authenticated usersTransport rules are applied to the following types of messages sent between authenticated users:
Interpersonal messagesInterpersonal messages that contain a single rich text format RTF, HTML, or plain text message body or a multipart or
alternative set of message bodies.
Encrypted email messagesMessages that are encrypted using S/MIME. Transport rules can access envelope headers contained in encrypted
messages and process messages based on predicates that inspect them. Rules with predicates that require inspection of message content, or
actions that modify content, can't be processed.
Protected messagesMessages that are protected by applying an Active Directory Rights Management Services ADRMS rights policy
template. With transport decryption enabled, the Transport Rules agent on a Hub Transport server can access the content of protected messages.
Messages must be published using an ADRMS cluster in the same Active Directory forest as the Exchange 2010 server. With transport decryption
disabled, the agent can't access message content and treats the message as an encrypted message.
Clearsigned messagesMessages that have been signed but not encrypted.
Unified messaging email messagesMessages that are created or processed by the Unified Messaging server role, such as voice mail, fax,
missed call notifications, and messages created or forwarded by using Microsoft Outlook Voice Access.
Read reportsReports that are generated in response to read receipt requests by senders. Read reports have a message class of
IPM.Note*.MdnRead or IPM.Note*.MdnNotRead.
Return to top

Transport Rule Replication

Transport rules configured on Hub Transport servers are applied to all messages handled by the Hub Transport servers in the Exchange 2010 organization. When a
transport rule is created or an existing transport rule is modified or deleted on one Hub Transport server, the change is replicated to all Active Directory domain
controllers in the organization. All the Hub Transport servers in the organization then read the new configuration from the Active Directory servers and apply the
new or modified transport rules. By replicating transport rules across the organization, Exchange 2010 enables you to apply a consistent set of rules across the
organization.
Important:
Replication of transport rules across an organization depends on Active Directory replication. Replication time between Active Directory domain controllers
varies depending on the number of sites in the organization, slow links, and other factors outside the control of Exchange. When you configure transport rules
in your organization, make sure that you consider replication delays. For more information about Active Directory replication, see Active Directory Replication
Technologies.
Important:
Each Hub Transport server maintains a recipient cache that's used to look up recipient and distribution list information. The recipient cache reduces the
number of requests that each Hub Transport server must make to an Active Directory domain controller. The recipient cache updates every four hours. You
can't modify the recipient cache update interval. Therefore, changes to transport rule recipients, such as the addition or removal of distribution list members,
may not be applied to transport rules until the recipient cache is updated. To force an immediate update of the recipient cache, you must stop and start the
Microsoft Exchange Transport service. You must do this for each Hub Transport server where you want to forcibly update the recipient cache.
Note:

https://technet.microsoft.com/en-us/library/bb124703(v=exchg.141).aspx

2/4

02/05/2016

Understanding How Transport Rules Are Applied: Exchange 2010 Help

Each time the Hub Transport server retrieves a new transport rule configuration, an event is logged in the Security log in Event Viewer.
Transport rules configured on Edge Transport servers are applied only to the local server on which the transport rule was created. New transport rules and
changes to existing transport rules affect only messages that pass through that specific Edge Transport server. If you have more than one Edge Transport server
and you want to apply a consistent set of rules across all Edge Transport servers, you must either manually configure each server or export the transport rules
from one server and import them into all other Edge Transport servers.
Return to top

Order in Which Transport Rules Are Applied

Transport rules are applied in the following order:
1. Message scopeThe first check performed by rules agents is whether a message falls within the scope of the agent. Transport rules aren't applied to all
types of messages.
2. PriorityFor messages that fall within the scope of the rules agent, the agent starts processing rules based on rule priority in ascending order. Rules with
lower priority are applied first. Transport rule priority values range from 0 to n1, where n is the total number of transport rules. Only enabled rules are
applied, regardless of priority. You can change the priority of rules using the Exchange Management Console or the Exchange Management Shell.
3. ConditionsTransport rule conditions are made up of predicates.
4. Rule with no conditionsA rule with no predicates and no exceptions is applied to all messages.
5. Rule with multiple predicatesFor a rule's action to be applied to a message, it must match all of the predicates selected in the rule. For example, if a
rule uses the predicates from a member of distribution list, and when the Subject field contains specific words, the message must match both
predicates. It must be sent by a member of the distribution list specified, and the message subject must contain the word specified.
6. Predicate with multiple valuesIf one predicate allows entering multiple values, the message must match any value specified for that predicate. For
example, if an email message has the subject Stock price information, and the SubjectContains condition on a transport rule is configured to match
the words Contoso and stock, the condition is satisfied because the subject contains at least one of the values of the condition.
7. ExceptionsA rule isn't applied to messages that match any of the exceptions defined in the rule. Note, this is exactly opposite of how the rules agent
treats predicates. For example, if the exceptions except when the message is from people and except when the message contains specific words are
selected, the message fails to match the rule condition if the message is sent from any of the specified senders, or if the message contains any of the
specified words.
8. ActionsMessages that match the rules conditions get all actions specified in the rule applied to them. For example, if the actions prepend the subject
with string and Blind carbon copy Bcc the message to addresses are selected, both actions are applied to the message. The message will get the
specified string prefixed to the message subject, and the recipients specified will be added as Bcc recipients.
Note:
Some actions, such as the Delete the message without notifying anyone action, prevent subsequent rules from being applied to a message.
Return to top

Transport Rules and Group Membership

When you define a transport rule using a predicate that expands membership of a distribution group, the resulting list of recipients is cached by the Hub
Transport server that applies the rule. This is known as the Expanded Groups Cache and is also used by the Journaling agent for evaluating group membership for
journal rules. By default, the Expanded Groups Cache stores group membership for four hours. Recipients returned by the recipient filter of a dynamic distribution
group are also stored. The Expanded Groups Cache makes repeated roundtrips to Active Directory and the resulting network traffic from resolving group
memberships unnecessary.
In Exchange 2010, this interval and other parameters related to the Expanded Groups Cache are configurable. You can lower the cache expiration interval, or
disable caching altogether, to ensure group memberships are refreshed more frequently. You must plan for the corresponding increase in load on your Active
Directory domain controllers for distribution group expansion queries. You can also clear the cache on a Hub Transport server by restarting the Microsoft
Exchange Transport service on that server. You must do this on each Hub Transport server where you want to clear the cache. When creating, testing, and
troubleshooting transport rules that use predicates based on distribution group membership, you must also consider the impact of Expanded Groups Cache.
Note:
The Expanded Groups Cache isn't used by the categorizer to resolve recipients for message delivery.
Return to top

https://technet.microsoft.com/en-us/library/bb124703(v=exchg.141).aspx

3/4

02/05/2016

Understanding How Transport Rules Are Applied: Exchange 2010 Help

2010 Microsoft Corporation. All rights reserved.

Community Additions

2016 Microsoft

Was this page helpful?

https://technet.microsoft.com/en-us/library/bb124703(v=exchg.141).aspx

Yes

No

4/4