This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 17%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOM%3C/text%3E%3C/svg%3E)
I have around 300 domains need to be whitelisted in M365 so our employees are able to send emails to recipients from these domains only.
I have created in rule in mail flow but can't save the rule because it is too long, and I get the error message as attached.
below is the rule description:
Apply this rule if
Is sent to 'Outside the organization'
Do the following
Set audit severity level to 'High' and reject the message and include the explanation 'Access Denied!' with the status code: '5.7.1'
Except if
recipients's address domain portion belongs to any of these domains: ....................(almost 300 domains)...........
or Is received from a member of group 'defined Group'
I tried to implement what a Microsoft article suggests to create several smaller rules work together to perform the function of one large rule, but that did not solve the problem (in case I have two rules, and the first one allowed the flow and the second one did not, the result will be block sending the email!)
I wonder if anyone has a work-around to solve this issue or any alternative solution.
Best Regards
Osman
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Hi @Osman Mohamed ,
Just checking in to see how things are going on with this thread.
If the reply was helpful, you can click the "Accept Answer" button under this post so that other's with similar question can benefit from this thread as well.
If you still have further questions or concerns, feel free to post back.
Solution: Reduce the number of conditions or actions in the rule so that the rule's size is no more than 8 KB. Or, create multiple rules so that several smaller rules work together to perform the function of one large rule.
Since it's EXO, nothing much we could do, unfortunately.
May be create two separate rules, divide the domains in half. (workaround)
I tried that, in this case when the higher priority rule allows the flow (because it includes the domain of the recipient), the second rule with lower priority will block the flow (because it does not include the domain of the recipient and “stop processing more rule” is un-checked in the previous rule).
Hi @Osman Mohamed ,
You can refer to the following rule to set the spam confidence level for emails sent to specified domains.
If you can't add all domains in the same rule, you can create multiple rules for different domains.
Then create a rule that blocks outgoing emails, and the exception condition is set to the spam confidence level in the previous rules.
(Kindly note:After modify a mail flow rule, please wait for some time to take effect.)
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread
Thanks dear Aholic,
Does SCL applicable on the outbound messages? my target is to deny the employees to send emails to un-known domains.
thanks
Osman
Hi @ Kishan Patel,
Yes.This second rule is to block all outbound mail except eligible domains.
If the answer is helpful, please click "Accept Answer" and kindly upvote it, this will make answer searching in the forum easier and be beneficial to other community members as well.