Forum Discussion
Block outbound RMS Encrypted Emails with Exchange Transport Rule?
Circling back on this - we worked with MSFT Support and they confirmed it no longer works using rpmsg.message.
They work-around they provided, which we confirmed works, is checking for a message type that is "Permission Controlled"
Identity : Block outbound RMS header contains ''rpmsg.message''
Description : If the message:
Is sent to 'Outside the organization'
and Is received from 'joe@contoso.com'
and 'Content-Class' header contains ''rpmsg.message''
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header contains ''rpmsg.message'''
with the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS header matches "rpmsg.message"
Description : If the message:
Is sent to 'Outside the organization'
and Is received from 'joe@contoso.com'
and 'Content-Class' header matches the following patterns: 'rpmsg\.message'
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header matches "rpmsg.message"' with
the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS header includes Content Description
Description : If the message:
Is sent to 'Outside the organization'
and Is received from 'joe@contoso.com'
and 'Content-Description' header contains ''message.rpmsg''
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header includes Content Description'
with the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS header includes Content-Type
Description : If the message:
Is sent to 'Outside the organization'
and Is received from 'joe@contoso.com'
and 'Content-Type' header contains ''application/x-microsoft-rpmsg-message''
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header includes Content-Type' with
the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS header includes Content Description Rule 2
Description : If the message:
'Content-Description' header contains ''rpmsg' or 'message.rpmsg''
and sender's address domain portion belongs to any of these domains: 'contoso.com'
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header includes Content Description
Rule 2' with the status code: '5.7.1'
Identity : Block outbound RMS header includes Content-Type Rule 2
Description : If the message:
Is sent to 'Outside the organization'
and 'Content-Type' header contains ''rpmsg''
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header includes Content-Type Rule 2'
with the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS header includes Content-Disposition
Description : If the message:
Is sent to 'Outside the organization'
and Is received from 'joe@contoso.com'
and 'Content-Disposition' header contains ''attachment; filename="message.rpmsg"''
Take the following actions:
reject the message and include the explanation 'Block outbound RMS header includes Content-Disposition'
with the status code: '5.7.1'
and Stop processing more rules
Identity : Block outbound RMS messages based on attachment name
Description : If the message:
Is sent to 'Outside the organization'
and has an attachment file name that matches these text patterns: 'message.rpmsg'
Take the following actions:
reject the message and include the explanation 'Block outbound RMS messages based on attachment name'
with the status code: '5.7.1'
and Stop processing more rules
Just curious, did you manage to get this solved?
Thanks Joe. I did log it as an issue with Microsoft Support 2-3 months ago; they were going to pass it to the relevent Dev team, I haven't heard anything since. Hence interest in how others are dealing with it.
- unfortunately it is what it is - you could send an email to your users informing them that RMS emails sent outbound are not permitted via policy, and include a screen shot informing your users that they may get a message like this if they attempt it. For those users who stumble on it later, theoretically they will only get this type of message once and then when they learn it is not allowed, they shouldn't keep getting this... sorry there doesn't seem to be a better answer.
Hey - the response you get back; "no no no no". Is it all correct? When I try and do an RMS-labeled message to <me>@gmail.com, the response has what I've entered ("no no no no"), though it also says "Security or policy settings at gmail.com have rejected your message". Obviously, any domain I send to responds that policies at that domain have rejected the message. Thing is, this is completely incorrect - it's policies at MY domain gateway that have rejected the message. This is causing considerable confusion for users.
What's your experience? if you've fixed it, how?
D
Circling back on this - we worked with MSFT Support and they confirmed it no longer works using rpmsg.message.
They work-around they provided, which we confirmed works, is checking for a message type that is "Permission Controlled"
- not yet - we have requested for the support case to be escalated (5+ days with no resolution).
