Hi all,
My environment : Exchange 2013 CU23
My request : Allow usermailbox1@mydomain.com receive messages from internal and specific external customer domain.
I have to create a transport rule that block all external messages to usermailbox1@mydomain.com except if they come from *@mycustomer.com
I'm confused between "A message header matches" and "The sender's specified properties match these text patterns" at "Except if" part when create transport rule
With message header like this
Received: from exserver (192.168.2.9) by exserver
(192.168.2.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend
Transport; Thu, 5 Aug 2021 09:49:43 +0700
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70078.outbound.protection.outlook.com [40.107.7.78])
by ex with ESMTP id 1752oCCm001331-1752oCCp001331
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=CAFAIL);
Thu, 5 Aug 2021 09:50:14 +0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=RDtHm/3EMnNIljSp6SQT73Urumqo7/NwtAp8N59hGFqfE0bkYX36TAJNuieo6OvY36OZ9Ol7VRgZQW3oCI9X+yeGHNV1JTEauLnVTNISCH+ugIhMFsTeZHKgKpg/itehNBjAkoQ1N1sBVbPEmMtelePv31/zGItCiTVrrJtInRFHL59lXWyCguhVeiWi5A1uq1durVHSLItMF7a4pWePrMm1lIOEY1J9bQiXr1jVzQEUk5Y558leJeshJOYTZMgZGidpPwuGQI6/h+onQAkiHmzntLTxqzok/HlUThIo/S8ObuWog2M9M+t9kgbh+YeiqHWK6psF9Za1wai0q5R+WQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=hbn8GTBFDZsNLLcWVi6RPXs5MV8GbS4QMtsFkN6IPXo=;
b=a1TMao3K8Tn3Wf/CcRaASYuG4Hiug+gPvFEsTPDM5dzWYo9aJGwdCptabLOWk4P9QVMBdrydt5/fbX1B19NN0x/3cvD5Om26g9gtNMRcAH/eAhXAQCgGU6gxq6s5V0ZY0x5Vw0bKzw2Q01j1erRDqVehVrAPVShoHd3gHLjxHcS5vT7jMCl6PnB3YhAlH917HIIJNEnR0UKCGMre3fvb527fZnfrASf+q6UXvP7Pr/G5LtcTzlF1v1BOsiT018ROeUFTnMqCNJKo8JQB4u2M5KF4S+0S+Evs8EEqPEFzg+0pLmBrNRz9fJ7lVS8OxtQ4csRYM10y3dPJ3dWzQn5jPA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=customer.com; dmarc=pass action=none
header.from=customer.com; dkim=pass header.d=customer.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mycustomer.onmicrosoft.com; s=selector2-customer-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=hbn8GTBFDZsNLLcWVi6RPXs5MV8GbS4QMtsFkN6IPXo=;
b=l1zGcgywP3NRc1m2WFsbZvynVoWKne89/pVvzFlY1tiARwazd8xRs0W2TUYW/PKXnpDc8d8zyY1/1PPGRzxbnIFDSel0Jcqu5a445NUAfj3g6zYjMWoD1Q487Z5/yMBb3lp0MXXi1qioGuVN1aA2xJNPGS0lTFdpEcv8YuPil8A=
Received: from AM6PR05MB6104.eurprd05.prod.outlook.com (2603:10a6:20b:ac::32)
by AS8PR05MB7974.eurprd05.prod.outlook.com (2603:10a6:20b:319::10) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Thu, 5 Aug
2021 02:48:52 +0000
Received: from AM6PR05MB6104.eurprd05.prod.outlook.com
([fe80::61d9:19be:eb22:ee2a]) by AM6PR05MB6104.eurprd05.prod.outlook.com
([fe80::61d9:19be:eb22:ee2a%3]) with mapi id 15.20.4373.026; Thu, 5 Aug 2021
02:48:52 +0000
From: *@customer.com>
To: myuser@mydomain.com>
Subject: adsfasdf
Thread-Topic: adsfasdf
Thread-Index: Add0fX8dKI7HN4jxSiyobZV3s3IpwwE4oViAAACjjCAEEHPqwA==
Date: Thu, 5 Aug 2021 02:48:52 +0000
Message-ID: <AM6PR05MB6104B5AAB3669F1EFD48D54BF0F29@AM6PR05MB6104.eurprd05.prod.outlook.com>
References: <AM6PR05MB6104A14EDB6E8A8CDAD06C81F0189@AM6PR05MB6104.eurprd05.prod.outlook.com>
<AM0PR05MB61002FE8A5AF6F5BC8F6B4BFF0129@AM0PR05MB6100.eurprd05.prod.outlook.com>
<c453ef66512c4c178c2b3e50b22cc8d6@IDCEXC003.mydomain.com>
In-Reply-To: <c453ef66512c4c178c2b3e50b22cc8d6@ex.mydomain.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Authentication-Results: ;
spf=pass (
dkim=pass header.i=
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f7709162-ed42-464f-d10e-08d957bb8f5f
x-ms-traffictypediagnostic: AS8PR05MB7974:
x-microsoft-antispam-prvs: <AS8PR05MB79744D8241D401142129F79CF0F29@AS8PR05MB7974.eurprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JzrDiaA79N14gFY6Jw8L1UYqedshK3RZWDJljKR917/3EQ4lMC/NS2IEY4h5WwKwzUYpGiur7F+oNJk6kfLIL5trgBaTlMtCVK0c0vutiPRO8cGxMYMOPaGucFPVI/mmTNSMV+qke5trLIzGBuP31znl0XeNL0jwUJ9XfiVeDbKMGppMfYOBAMourfjLzYfF13V29vhlky4YUHGBOccpCnz0E/VNnH5DX4FUXVS1XjQ7dDc+oHO9bXf45H3GSQGrghOiaVHA7CP4FrLEo7orTHB5A5hSH9vKhascLz0IbSWukfFcxDOs3OyXUDfwQekeqNWMLp5rzgNcNUSzTIpSN1XMWBhLmgyOew3eB+5942QxZtdq7rCJrB6qEONJtgRS44ZD3xSez6LzOnpkg+i5Kz5y7D1NwaUDSp6x6RAtm4SEXTZeq9M3BAlRx5Y1YrwhPd3RbfufuG4pdv9V1H6ZZnUmXOoSYDI0cWK2vOSPVuaOVY96tOkGLxGkE+ZZmh8VJYzuq0aCDMxlmZZi0McvlMw3/HUKseeiQWtkDrPAwGObK6F10DSCnylIuwqrReuWSbjGnCz+EcnvkVur1LyHVBzObuVStxgFeH8R2kgFLeS/Rjn4OE0yIQed0M165JoB7dd9IxQtlweik/KAf9Ei+u1yQ6q0AaCN/LyKDs7HyNgy2eCM+8v8Q7yHVG51vyFdAOl+tLE+AalT4UtPwW7FuePKQPNzSHkevXCPkNEf43ZkV4PY3+IrFJNjYn4guNp6
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:vi;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM6PR05MB6104.eurprd05.prod.outlook.com;PTR:;CAT:NONE;SFS:(6019001)(396003)(136003)(366004)(39860400002)(376002)(346002)(269900001)(478600001)(4326008)(76116006)(6916009)(86362001)(8676002)(66446008)(83380400001)(66574015)(316002)(66616009)(99936003)(66476007)(66946007)(64756008)(66556008)(450100002)(55016002)(9686003)(26005)(6506007)(122000001)(52536014)(7696005)(53546011)(71200400001)(2906002)(7116003)(8936002)(38070700005)(5660300002)(186003)(38100700002)(33656002);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?bnNPM0h6TVBYSVlJcHl2S1pPVGtpdmVDbk9sVUVrZkZ4dkt6S0FvTWxjUWVx?=
=?utf-8?B?NkpLa09NY2VBdDhtd09pZ0JGRStoNzdxYlBET1R3WXZiZjRuUU5POGpINkU4?=
=?utf-8?B?c3hNNnVKSExYMlJ0UitNR3JSM2ZIQ3pseVJJWHhvOGg4dmZpVmxCb2RpM1dY?=
=?utf-8?B?UGdxU21oYWlTc1M0Q1ZZeGh6dnNKYWNMcHVUR1c3OTF6WCtqbnRjYVNhU0du?=
=?utf-8?B?OU1XU2pKKzZuRkcxUWtHM1VUdlF4ZkJpdGRUNFRPK3luMjJEZHp3bUhSYzJW?=
=?utf-8?B?SFdTS0FCZWorTUoyS01qdy9LL00zQzQ4UlRWVS81WVF6d1NLbEIyZCtrZG9w?=
=?utf-8?B?eEFLMkFHb1ZNQm9sUjBWYlNwL0M2anF3blBidEZTT1ErOFVPMzMxNEQ3aGIz?=
=?utf-8?B?dzFXMkx0UlBJVWFmQ0ZUak9mVlB4MDllWmFnT2JJcWNDUWxzdG1BVlEzTHlY?=
=?utf-8?B?VW9YQjlvQmFrNXZITWFsVlU0RC9iL0FYazNTSklRRWg2a1djaXVESExjYWdZ?=
=?utf-8?B?Ry9GTmloZDJHWFhxNlluTDk5YmlNbUhrcDFBL1RvYlJWMUs4clFvK2xPZWk2?=
=?utf-8?B?WU85c0tydDdXa1V6SDIwZndtZzRGWit0NzQ3MVpSVTlBTVZ2NnJFb25WQ0w3?=
=?utf-8?B?QllndytydWRWTGY0bFFXV3IxaXkxWm05bTNncGpPQnc2aGJvajYzb2dHYzNy?=
=?utf-8?B?c2ZpUXBocU1MdXduMHFwUVpubU9iaXBGYTBmOU44M3pJUVp1NWNpODRVeHA5?=
=?utf-8?B?RTYzZFhRd2M5cG9Xei9JNCtMdDdjNmR5aGs0NjF4Q3FtWmRocWRSRHJpb0F1?=
=?utf-8?B?ekdQdGF1aS9mdmVEVmt6U0pyYlgvMWNmaUZSZThNYjlja3pPaTNWQ0ZJL2lt?=
=?utf-8?B?RzNNMG5XMldjU3ZuLzRhSVJoY1BLS0RzUE1jY3ZWeUZWRTZ4T2dlUDBwVTUx?=
=?utf-8?B?OHJpK0doSmxKS3pUV3lzTFBoWXVHUHFlMm41WGxrREtWWjVKQzV4aWZtc2pP?=
=?utf-8?B?ODRCR3FxVzdWbzFYK3NMblRVYjZrV3U5Z0EwL3EvZ1BYS1BmYzd4TEN4a0tk?=
=?utf-8?B?aFdDL1hiWFFsRVQ5WE81NFc5SytRcisxbDhsRHZJUHY2U2lMOUptcmtIZFpV?=
=?utf-8?B?dkhZcGFoWG9ySDN6K2pBOW4rTm9YbjJHVEdRc0xFckFpWVJNeS9FdS92ZnlQ?=
=?utf-8?B?Ty9YODZlczFjMXVaR0laRTEvZTBVdVFMcmNqbzFrOU85YjFxNStoNTByYUt5?=
=?utf-8?B?K0c0aUdjYnp1TTJzb0RReWFLTXQraUlSeFZDamwrOTRoU2lEdjZHTHVzc1l4?=
=?utf-8?B?QkdhSVhjdTMxQUhIMGo0aVpaY1N0QnVZRytBa3VWUDRRVEpWRzZlL29KQVph?=
=?utf-8?B?cWxlaGgyYU5ybzJ5c2tEVC80d0FlYWpaRTdrUDNBOVdZc1NEaHFEY1dmdTZ4?=
=?utf-8?B?NTZDYjFvYTEzTi83OEpEMStCdlhWK3pzUzVrTjVWRUxiVDQ3OGJiUDN2NVlQ?=
=?utf-8?B?ZFllbUlaOGlFMS93SnRadG5LSU5tRHFUU0JoL1JHVTA1cnVvR1hBOUhobkpQ?=
=?utf-8?B?bTJCUHVFZm1zMW5STmVZLzkvVGVxdFFzYjhXQnJGZ1VWNmNyeEVBMHN5YUc5?=
=?utf-8?B?b3lTdk5rQTc4MGZLcTgxQjZ0aW5Ib2NKZGplSUJWalI4dkw2eWRlcW9ZZjhz?=
=?utf-8?B?dXdrR0p6MGN6UWpzOXcyS3RseVZpZ05oNFFkdzVCRkRXOExxRDRCcnJINTY3?=
=?utf-8?Q?nRNMn6WPie52Qg3t/I9bfxK3sqJv8rcBmu1bwOT?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/mixed;
boundary="_004_AM6PR05MB6104B5AAB3669F1EFD48D54BF0F29AM6PR05MB6104eurp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR05MB6104.eurprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f7709162-ed42-464f-d10e-08d957bb8f5f
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Aug 2021 02:48:52.4178
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9180b9a6-a316-4a88-9910-39cb4079ee5f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sbwsVvQo2TtBG3f4RG5QKQs1g1LPMvtuIJIBS7o/l77XPsrhUkG+VBvgQYXi3yHMhAiudqrC0xVbciw8vY2fk2hP8ZirsHegX6x2UykzUcA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR05MB7974
X-OrganizationHeadersPreserved: AS8PR05MB7974.eurprd05.prod.outlook.com
X-FEAS-SPF: pass, ip=40.107.7.78, helo=eur04-he1-obe.outbound.protection.outlook.com, mailFrom=*@mycustomer.com
X-FEAS-DKIM: Valid
Return-Path: *@mycustomer.com
X-CrossPremisesHeadersFiltered:
X-MS-Exchange-Organization-Network-Message-Id: ddac2bc8-d106-4eac-7d65-08d957bbad78
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-Organization-AuthSource:
X-MS-Exchange-Organization-AuthAs: Anonymous
What are sender's specified properties ?
I should check message headers "From" , "Authentication-Results" , right ?

