Forum Discussion
Block outbound RMS Encrypted Emails with Exchange Transport Rule?
- Dec 01, 2017
Circling back on this - we worked with MSFT Support and they confirmed it no longer works using rpmsg.message.
They work-around they provided, which we confirmed works, is checking for a message type that is "Permission Controlled"
Well I'm out of ideas. I'll try to reproduce this when I get some free time and let you know the result, please do the same if you manage to resolve it or open a case :)
- Joe StockerNov 06, 2017Bronze Contributor
I was able to reproduce this inability to block outbound RMS messages in a separate tenant. Seems like content-class: rpmsg.message is being ignored in the message header evaluation. I'm waiting to hear back from MSFT Support.
- Joe StockerNov 07, 2017Bronze ContributorThe first level of Microsoft Support has looked at it and they didn't offer any suggestions or help as to why this is not working. I asked that they escalate it and waiting to hear back. In the mean time I have created as many variations as possible to try to block outbound RMS... Can you spot any problems with these rules?
Identity : Block outbound RMS header contains ''rpmsg.message''
Description : If the message:
Is sent to 'Outside the organization'
and Is received from 'joe@contoso.com'
and 'Content-Class' header contains ''rpmsg.message''
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header contains ''rpmsg.message'''
with the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS header matches "rpmsg.message"
Description : If the message:
Is sent to 'Outside the organization'
and Is received from 'joe@contoso.com'
and 'Content-Class' header matches the following patterns: 'rpmsg\.message'
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header matches "rpmsg.message"' with
the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS header includes Content Description
Description : If the message:
Is sent to 'Outside the organization'
and Is received from 'joe@contoso.com'
and 'Content-Description' header contains ''message.rpmsg''
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header includes Content Description'
with the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS header includes Content-Type
Description : If the message:
Is sent to 'Outside the organization'
and Is received from 'joe@contoso.com'
and 'Content-Type' header contains ''application/x-microsoft-rpmsg-message''
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header includes Content-Type' with
the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS header includes Content Description Rule 2
Description : If the message:
'Content-Description' header contains ''rpmsg' or 'message.rpmsg''
and sender's address domain portion belongs to any of these domains: 'contoso.com'
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header includes Content Description
Rule 2' with the status code: '5.7.1'
Identity : Block outbound RMS header includes Content-Type Rule 2
Description : If the message:
Is sent to 'Outside the organization'
and 'Content-Type' header contains ''rpmsg''
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header includes Content-Type Rule 2'
with the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS header includes Content-Disposition
Description : If the message:
Is sent to 'Outside the organization'
and Is received from 'joe@contoso.com'
and 'Content-Disposition' header contains ''attachment; filename="message.rpmsg"''
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header includes Content-Disposition'
with the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS messages based on attachment name
Description : If the message:
Is sent to 'Outside the organization'
and has an attachment file name that matches these text patterns: 'message.rpmsg'
Take the following actions:
reject the message and include the explanation 'Block outbound RMS messages based on attachment name'
with the status code: '5.7.1'
and Stop processing more rules- VasilMichevNov 07, 2017MVP
Well according to the documentation (https://technet.microsoft.com/en-us/library/jj919238(v=exchg.150).aspx), Transport rules should be able to inspect all headers of RMS-encrypted messages. However, I'm having the same result as you - no matter what variation of the 'Content-Class' header I try, I get no hits on the rule.