Configuring message delivery restrictions
Since distribution groups contain multiple members, you may want to place restrictions on who can send messages to these recipients. Exchange allows you to tightly control these settings and provides several options when it comes to placing message delivery restrictions on groups. We can also place restrictions on other recipient types in the organization. This recipe will show you how to configure these options from the Exchange Management Shell.
How to do it...
To restrict who can send messages to a group, use the Set-DistributionGroup cmdlet:
Set-DistributionGroup -Identity Sales ` -AcceptMessagesOnlyFrom 'Bob Smith','John Jones'
After running this command, only the users Bob Smith and John Jones can send messages to the Sales distribution group.
How it works...
The -AcceptMessagesOnlyFrom parameter allows you to specify one or more recipients who are allowed to send messages to a distribution group. These recipients can be regular users with mailboxes or contacts.
You can add individual recipients and distribution groups to the accepted senders list using the following syntax:
Set-DistributionGroup -Identity Sales ` -AcceptMessagesOnlyFromSendersOrMembers Marketing,bob@contoso.com
In this example we're allowing both the Marketing distribution group and Bob, an individual recipient, to the accepted senders list for the Sales distribution group. Doing so will allow Bob and any members of the Marketing distribution group to send messages to the Sales group.
Keep in mind that, when using these parameters, any existing accepted recipients that have been configured will be overwritten. For an example of how to add a new item to a multi-valued property, see the in Chapter 1 titled Working with arrays and hash tables.
Delivery restrictions can be placed on any recipient, whether it's a mailbox, mail contact, mail user, distribution group, or mail-enabled public folder. The Set-* cmdlets for each of these recipient types can be used to configure delivery restrictions. To view the list of cmldets that can be used to do this, run the following command:
get-excommand | ?{$_.parameters.keys -eq 'AcceptMessagesOnlyFrom'}
If you need to add a large list of users to the accepted senders list, you can create a collection and assign it to the -AcceptMessagesOnlyFrom parameter:
$finance = Get-Mailbox -Filter {Office -eq 'Finance'}
Set-DistributionGroup -Identity Sales `
-AcceptMessagesOnlyFrom $finance
You can wipe out these settings and allow messages from all senders by setting the value to $null:
Set-DistributionGroup -Identity Sales ` -AcceptMessagesOnlyFromSendersOrMembers $null
Similar to the previous examples, we can reject messages from a specific user or member of a distribution list using the -RejectMessagesFromSendersOrMembers parameter:
Set-DistributionGroup -Identity Executives ` -RejectMessagesFromSendersOrMembers HourlyEmployees
In this example, Exchange will reject any message sent from a member of the HourlyEmployees distribution group to the Executives group.
There's more...
When you create a distribution group, the default configuration is to reject messages from senders who are not authenticated. This means that users outside of your organization will not be able to send messages to your distribution groups. Generally, this is the desired configuration, but if needed, you can modify this setting on a distribution group to accept messages from external users using the following syntax:
Set-DistributionGroup -Identity HelpDesk ` -RequireSenderAuthenticationEnabled $false
You can see here that we've disabled sender authentication for the HelpDesk distribution group. You can re-enable it at any time by setting the previous parameter value to $true.
See also
- Managing distribution groups