+ Post New Thread
Results 1 to 14 of 14
Cloud Services Thread, Office 365: prevent pupils sending to groups in Technical; Is there a way to stop members of certain groups sending to distribution groups? Pupils are bulk emailing whole year ...
  1. #1
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,022
    Thank Post
    200
    Thanked 42 Times in 34 Posts
    Rep Power
    30

    Office 365: prevent pupils sending to groups

    Is there a way to stop members of certain groups sending to distribution groups?

    Pupils are bulk emailing whole year groups with junk. Pupils are members of distribution groups Year7, year8 etc...

    I'm experimenting with mail flow rules. I've created a rule that says "If the sender is a member of... and the recipient is this person ... then reject the message". This only blocks the message if the recipient is an individual person. It does not trigger if I specify the group name. It also doesn't trigger if I specify the recipient containing certain text or matching text patterns (the group email address) with wildcards.

    Does anyone have a solution to this? I can't be the only person.

    Thanks.
    Last edited by OverWorked; 4th June 2014 at 04:50 PM.

  2. #2
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,022
    Thank Post
    200
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    Replying to my own threads again...

    I've got the solution. In the group properties, delivery management, add the groups allowed to send to that group. Tis works for group and individuals.

    I still don't understand why mail flow rules didn't work, but anyway the solution is delivery management, not mail flow rules.

  3. #3


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,677
    Thank Post
    279
    Thanked 782 Times in 609 Posts
    Rep Power
    224
    Why not approach it from the other way (If sender <> staff member, reject message) - in Exchange we'd use:

    Distribution Group Name > Properties > Mail Flow Settings > Message Delivery Restrictions > Properties > Accept messages from > Only Senders in the following List > Staff*

  4. #4
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,022
    Thank Post
    200
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    pete, Thanks. I've had a look but I don't think that applies to Office 365.

    I'm not familiar with Exchange, but I guess it's a lot more flexible and powerful in that way.

  5. #5
    Marshall_IT's Avatar
    Join Date
    Jul 2011
    Location
    Leeds
    Posts
    574
    Thank Post
    79
    Thanked 84 Times in 68 Posts
    Blog Entries
    1
    Rep Power
    22
    Are these groups sync'd from ad? If so do you change the properties in the local ad or in the cloud?

  6. #6
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    548
    Thank Post
    179
    Thanked 130 Times in 109 Posts
    Blog Entries
    1
    Rep Power
    49
    If the group is ad synced then you can't change that property on office 365 you are supposed to do it locally in ad, however I have not been able to find the ad field that needs setting. Anyone know?

  7. #7
    Marshall_IT's Avatar
    Join Date
    Jul 2011
    Location
    Leeds
    Posts
    574
    Thank Post
    79
    Thanked 84 Times in 68 Posts
    Blog Entries
    1
    Rep Power
    22
    Have you extended your schema to include the exchange attributes? I'll check when I get in... I found the option on office 365 but didn't try to set it.

  8. #8
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    548
    Thank Post
    179
    Thanked 130 Times in 109 Posts
    Blog Entries
    1
    Rep Power
    49
    No, as we have never had exchange installed, not found any microsoft documentation on what to update as yet.

  9. #9
    Marshall_IT's Avatar
    Join Date
    Jul 2011
    Location
    Leeds
    Posts
    574
    Thank Post
    79
    Thanked 84 Times in 68 Posts
    Blog Entries
    1
    Rep Power
    22
    I've just checked my environment.

    I can confirm as you thought you cannot edit in the cloud if it's AD sync'd.

    I have found a way to edit the local properties but it's not an easy thing and i'm not sure if you need to have extended you schema first.

    If you do need to extend you schema you can do that by starting the installation process from exchange, the schema extension happens very early on and then you can just cancel it. I was nervous about doing it but it was quite easy and i didn't have any issues. I would of course advise having full backups etc and take care.

    The attributes you need to edit are of a type DN-Binary which cannot be edited in either ADCU or using ADSI edit. so for this you have to use LDP.exe

    The attributes that are relevant are:
    authOrig: List of senders (users, not groups) that are allowed to send to the DL
    unAuthOrig: List of senders (users, not groups) to BLOCK from sending to the DL
    dlMemRejectPerms: Used in place of unAuthOrig when using security groups
    dlMemSubmitPerms: Used in place of authOrig when using using security groups to approve senders
    msExchRequireAuthToSendTo: Used to limit senders to only Authenticated users (internal) to be able to send to this D (TRUE/FALSE)

    There are some instructions here.

    I have not followed this procedure myself but there does seem to be links to it from quite a few different places, so hopefully it's what you're looking for.

  10. #10

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,568
    Thank Post
    721
    Thanked 1,682 Times in 1,497 Posts
    Rep Power
    432
    @robk Coretech Blog » Blog Archive » Adding Exchange attributes to AD in an Office 365 with SSO environment bit of info there for you but basically yes you run the install which extends the schema.

    Ben

  11. #11
    Marshall_IT's Avatar
    Join Date
    Jul 2011
    Location
    Leeds
    Posts
    574
    Thank Post
    79
    Thanked 84 Times in 68 Posts
    Blog Entries
    1
    Rep Power
    22
    Thanks Ben, I should've dug that out too.

  12. #12
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    634
    Thank Post
    4
    Thanked 139 Times in 130 Posts
    Rep Power
    51
    Just tried this on one of our DirSync'd mail groups and it seems to work quite nicely.
    For testing purposes, I used the CN value for the synced mail group. Once it had uploaded and I logged in as a user that does not have permission, as soon as I had entered the e-mail address into the TO field, it popup up with the mail tip notification that I did not have permission to send to that address and if I wanted the recipient removed.

    Now to roll it out to the rest of the group when we update them in the Summer.

  13. #13

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    851
    Thank Post
    188
    Thanked 70 Times in 65 Posts
    Rep Power
    50
    I'm considering using Dynamic Distribution groups. within Office 365 Environment as I know you can prevent the sending to the groups via rules.



    One reason if I'm not mistaken is that any group changes if an AD Security Group (i.e. Members added) are not updated until a DirSync.

    Although Setting up mail enabled security groups within AD does have it's advantages i.e. you can much more easily manage permissions on the Group if you have a Hybrid Setup in place.
    Last edited by Davit2005; 5th June 2014 at 11:32 AM.

  14. #14
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    634
    Thank Post
    4
    Thanked 139 Times in 130 Posts
    Rep Power
    51
    It depends how often you have DirSync running.
    We have it set to the default 3 hours, but if we make any major changes, we run the manual sync command which takes a minutes.

    I tried a DDG, but it got a little bit complex for us and they were not appearing in the address books. Managing list membership via AD is a bit easier and we can also delegate the responsibility for keeping them up to date to another member of admin staff.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 6
    Last Post: 21st March 2014, 08:38 AM
  2. Replies: 18
    Last Post: 25th May 2013, 07:51 PM
  3. Exchange 2007 - Deny sending to Dist Groups.
    By steele_uk in forum Windows
    Replies: 2
    Last Post: 23rd September 2008, 05:23 PM
  4. [MS Office - 2003] Office 2003 crashes when ever i send to print
    By Millsy79 in forum Office Software
    Replies: 3
    Last Post: 29th August 2008, 08:29 PM
  5. Replies: 1
    Last Post: 9th March 2007, 09:10 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •