Exchance 2016 transport rule doesn't apply if forwarding enabled in a user's mail flow

Overworked Sysadmin 11 Reputation points


I've setup a transport rule to bounce back emails for emails in a specific DL. See below:


However, the rule does not work if there's a mail flow forwarding enabled for that account. See below:


If I disable the forwarding rule, the transport rule works as expected.

I did my research but could only find reports of issues if there's a forward rule in the user's outlook but the behavior isn't the same here (and its set to match address on header or enveloppe already anyways).

Is there something I can do to make this work? We need the forwarding rule for internal users and some automated stuff with hardcoded emails (I know that's bad, but beyond me).


Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,330 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Overworked Sysadmin 11 Reputation points

    Nan, too much trouble and poorly manageable.
    I setup some rule in CodeTwo instead of the transport rule. That works fine.

    1 person found this answer helpful.

  2. Andy David - MVP 140.8K Reputation points MVP

    Can you make the forwarding rule a transport rule instead and have it a lower priority after the "Reject" rule?
    You could also make the criteria in the forwarding rule to only fire if the sender is internal.

    0 comments No comments

  3. Overworked Sysadmin 11 Reputation points

    I could of course, but that would require a distinct transport rule for each mailbox that requires forwarding if the destination isn't the same! And most are different destinations, depending on department or purpose of email.

    I did also look into enforcing authentication of sender so external senders are rejected but that causes trouble for internal addresses with no mailboxes (think camera, printers, etc). We are working on making all emails sent internally to authenticate but I'm sure you are aware this is no trivial task.

    0 comments No comments

  4. Andy David - MVP 140.8K Reputation points MVP

    Gotcha! There is another option if you want to treat all these internal processes as "authenticated".
    Create a new receive connector and for the remote addresses, scope it to the IPs of those devices.
    Then set the auth on this new receive connector to "Externally Secure". that will effectively treat any devices that sends through that connector as authenticated and internal.


  5. Xzsssss 8,861 Reputation points Microsoft Vendor

    Hi @Overworked Sysadmin ,

    The second screenshot, is it a user mailbox? Because as I know there are no such options for mail users and mail contacts. Then the question is whether this user is inside your organization or from another Exchange server?

    And also you could create the forward transport rule(even the sender is from external as below) as Andy said,
    And make it a lower priority.

    I'm a bit confused about the screenshots your provided, if I'm wrong, please fix me:)

    Best regards,

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.