独立 EOP 中的邮件流规则(传输规则)Mail flow rules (transport rules) in standalone EOP

重要

改进的 Microsoft 365 安全中心现在可用。The improved Microsoft 365 security center is now available. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new.

适用对象Applies to

在没有 Exchange Online 邮箱的独立 Exchange Online Protection (EOP) 组织中,可以使用邮件流规则 (也称为传输规则) 来标识通过组织传递的邮件并采取措施。In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, you can use mail flow rules (also known as transport rules) to identify and take action on messages that flow through your organization.

本主题介绍邮件流规则的组件及其工作方式。This topic explains the components of mail flow rules, and how they work.

有关创建、复制和管理邮件流规则的步骤,请参阅 管理 Exchange Online中的邮件流规则。For steps to create, copy, and manage mail flow rules, see Manage mail flow rules in Exchange Online. 可以选择强制实施每个规则、只是测试规则,或测试每个规则并通知发件人。For each rule, you have the option of enforcing it, testing it, or testing it and notifying the sender. 若要了解有关测试选项的详细信息,请参阅 Exchange Online 中测试邮件流 规则和策略提示To learn more about the testing options, see Test mail flow rules and Policy Tips in Exchange Online.

有关匹配邮件流规则的邮件的摘要和详细报告,请参阅使用邮件保护报告查看有关恶意软件、垃圾邮件 和规则检测的数据For summary and detail reports about messages that matched mail flow rules, see Use mail protection reports to view data about malware, spam, and rule detections.

若要通过使用邮件流规则实现特定的邮件策略,请参阅下列主题:To implement specific messaging policies by using mail flow rules, see these topics:

以下视频演示了在独立 EOP 中设置邮件流规则。The following video provides a demonstration of setting up mail flow rules in standalone EOP.

邮件流规则组件Mail flow rule components

邮件流规则由条件、例外、操作和属性组成:A mail flow rule is made of conditions, exceptions, actions, and properties:

  • 条件:标识要应用操作的邮件。Conditions: Identify the messages that you want to apply the actions to. 一些条件检查邮件头字段(例如“收件人”、“发件人”或“抄送”字段)。Some conditions examine message header fields (for example, the To, From, or Cc fields). 其他条件检查邮件属性(例如邮件主题、正文、附件、邮件大小或邮件分类)。Other conditions examine message properties (for example, the message subject, body, attachments, message size, or message classification). 大多数条件要求你指定比较运算符(例如等于、不等于或包含)以及要匹配的值。Most conditions require you to specify a comparison operator (for example, equals, doesn't equal, or contains) and a value to match. 如果没有条件或例外,规则将应用到所有邮件。If there are no conditions or exceptions, the rule is applied to all messages.

有关独立 EOP 中的邮件流规则条件详细信息,请参阅 Mail flow rule conditions and exceptions (predicates) in Exchange OnlineFor more information about mail flow rule conditions in standalone EOP, see Mail flow rule conditions and exceptions (predicates) in Exchange Online.

  • 例外:(可选)标识操作不应应用到的邮件。Exceptions: Optionally identify the messages that the actions shouldn't apply to. 条件中可用的相同邮件标识符同样在例外中可用。The same message identifiers that are available in conditions are also available in exceptions. 例外会覆盖条件并阻止规则操作应用于邮件,即使邮件匹配所有配置的条件也是如此。Exceptions override conditions and prevent the rule actions from being applied to a message, even if the message matches all of the configured conditions.

  • 操作:指定对与规则中的条件匹配且不匹配任何例外的邮件执行哪些操作。Actions: Specify what to do to messages that match the conditions in the rule, and don't match any of the exceptions. 例外会覆盖条件并阻止将操作应用于电子邮件,即使该邮件符合所有配置的条件也是如此。There are many actions available, such as rejecting, deleting, or redirecting messages, adding additional recipients, adding prefixes in the message subject, or inserting disclaimers in the message body.

有关独立 EOP 中可用的邮件流规则操作详细信息,请参阅Mail flow rule actions in Exchange Online。For more information about mail flow rule actions that are available in standalone EOP, see Mail flow rule actions in Exchange Online.

  • 属性:指定条件、例外或操作之外的其他规则设置。Properties: Specify other rules settings that aren't conditions, exceptions or actions. 例如,应何时应用规则、是否强制实施或测试规则,以及规则可用的时间段。For example, when the rule should be applied, whether to enforce or test the rule, and the time period when the rule is active.

    有关详细信息, 请参阅本文中的 邮件流规则属性部分。For more information, see the Mail flow rule properties section in this article.

多个条件、例外和操作Multiple conditions, exceptions, and actions

Use a transport rule so messages can bypass ClutterThe following table shows how multiple conditions, condition values, exceptions, and actions are handled in a rule.


组件Component 逻辑Logic 注释Comments
注释Multiple conditions ANDAND 邮件必须匹配该规则的所有条件。如果需要匹配一个条件或另一个条件,请对每个条件使用不同的规则。例如,如果要为带有附件的邮件和包含指定文本的邮件添加相同的免责声明,请为每个条件创建一个规则。在 EAC 中,你可以轻松地复制规则。A message must match all the conditions in the rule. If you need to match one condition or another, use separate rules for each condition. For example, if you want to add the same disclaimer to messages with attachments and messages that contain specific text, create one rule for each condition. In the EAC, you can easily copy a rule.
邮件必须匹配该规则的所有条件。如果需要匹配一个条件或另一个条件,请对每个条件使用不同的规则。例如,如果您要为带有附件的邮件和内容匹配某个模式的邮件添加相同的免责声明,请为每个条件创建一个规则。您可以轻松地复制规则。One condition with multiple values OROR 一些条件允许你指定多个值。邮件必须匹配任一(并非全部)指定值。例如,如果电子邮件的主题为 Stock price information,并且 主题包含这些词中的任一个 条件被配置为匹配单词 Contoso 或 stock,则符合该条件,因为主题中至少包含指定值中的一个。 Some conditions allow you to specify more than one value. The message must match any one (not all) of the specified values. For example, if an email message has the subject Stock price information, and the The subject includes any of these words condition is configured to match the words Contoso or stock, the condition is satisfied because the subject contains at least one of the specified values.
一些条件允许您指定多个值。如果一个条件允许输入多个值,则邮件必须与为该条件指定的任何值匹配。例如,如果电子邮件的主题为股价信息,并且主题包含这些词中的任一个条件被配置为匹配词 Contoso 或 stock,则符合该条件,因为主题中至少包含条件值中的一个。Multiple exceptions OROR 如果邮件匹配任何例外,则操作不会应用到邮件。该邮件不需要匹配所有例外。If a message matches any one of the exceptions, the actions are not applied to the message. The message doesn't have to match all the exceptions.
如果邮件匹配任何例外,则不会执行操作。邮件不需要匹配所有例外。Multiple actions ANDAND 匹配规则条件的邮件获取规则中指定的所有操作。例如,如果选择了操作" 在邮件主题前面追加"和" 将收件人添加到密件抄送框",则两种操作都将应用至邮件。 Messages that match a rule's conditions get all the actions that are specified in the rule. For example, if the actions Prepend the subject of the message with and Add recipients to the Bcc box are selected, both actions are applied to the message.

匹配规则的条件的邮件会获取规则中指定的所有操作。例如,如果选择了操作“在邮件主题前面追加”和“添加收件人到密件抄送框”,两种操作都将应用至邮件。该邮件将在邮件主题的前面添加指定的字符串作为前缀,并且指定的收件人将添加为密件抄送收件人。Keep in mind that some actions, such as the Delete the message without notifying anyone action, prevent subsequent rules from being applied to a message. Other actions such as Forward the message do not allow additional actions.

还可以为规则设置操作,以便在应用该规则时,后续规则不会应用至邮件。You can also set an action on a rule so that when that rule is applied, subsequent rules are not applied to the message.

邮件流规则属性Mail flow rule properties

下表介绍了邮件流规则中所提供的规则属性。The following table describes the rule properties that are available in mail flow rules.


EAC 中的属性名称Property name in the EAC PowerShell 中的参数名称Parameter name in PowerShell 说明Description
优先级Priority PriorityPriority 指示规则应用于邮件的顺序。默认优先级基于规则创建的先后顺序(较早规则的优先级高于较新规则的优先级,先处理具有较高优先级的规则,然后再处理具有较低优先级的规则)。 Indicates the order that the rules are applied to messages. The default priority is based on when the rule is created (older rules have a higher priority than newer rules, and higher priority rules are processed before lower priority rules).

通过在规则列表中上移或下移规则可更改 EAC 中规则的优先级。You change the rule priority in the EAC by moving the rule up or down in the list of rules. 在 PowerShell 中,将优先级数字设置为 (0 是优先级最高的) 。In PowerShell, you set the priority number (0 is the highest priority).

例如,如果有一个拒绝包含信用卡号码的邮件的规则,还有一个需要批准的规则,你希望拒绝规则先发生,并停止应用其他规则。For example, if you have one rule to reject messages that include a credit card number, and another one requiring approval, you'll want the reject rule to happen first, and stop applying other rules.

模式Mode ModeMode 可以指定是否让规则立即处理邮件,或是否在不影响邮件传递(启用或不启用数据丢失防护或 DLP 策略提示)的情况下测试规则。You can specify whether you want the rule to start processing messages immediately, or whether you want to test rules without affecting the delivery of the message (with or without Data Loss Prevention or DLP Policy Tips).

策略提示在 Outlook 或 Web 上的 Outlook 中显示简短说明,该说明可提供有关邮件创建者可能违反策略的信息。有关详细信息,请参阅 Policy TipsPolicy Tips present a brief note in Outlook or Outlook on the web that provides information about possible policy violations to the person that's creating the message. For more information, see Policy Tips.

有关模式的详细信息,请参阅 Test a mail flow ruleFor more information about the modes, see Test a mail flow rule.

在以下日期激活此规则Activate this rule on the following date

在以下日期停用此规则Deactivate this rule on the following date

ActivationDateActivationDate

ExpiryDateExpiryDate

指定启用该规则的日期范围。Specifies the date range when the rule is active.
选中或未选中 On 复选框On check box selected or not selected 新规则 :New-TransportRule cmdlet 上的 Enabled 参数。 New rules: Enabled parameter on the New-TransportRule cmdlet.

现有规则:使用 Enable-TransportRuleDisable-TransportRule cmdlet。Existing rules: Use the Enable-TransportRule or Disable-TransportRule cmdlets.

该值显示在规则的 State 属性中。The value is displayed in the State property of the rule.

可以创建一个禁用规则,并在准备测试它时将其启用。或者,在不删除该规则的情况下将其禁用,以保留设置。You can create a disabled rule, and enable it when you're ready to test it. Or, you can disable a rule without deleting it to preserve the settings.
如果规则处理未完成,则延迟邮件Defer the message if rule processing doesn't complete RuleErrorActionRuleErrorAction 如果无法完成规则处理,可以指定邮件的处理方式。默认情况下,系统将忽略该规则,但可以选择重新提交邮件进行处理。You can specify how the message should be handled if the rule processing can't be completed. By default, the rule will be ignored, but you can choose to resubmit the message for processing.
匹配邮件中的发件人地址Match sender address in message SenderAddressLocationSenderAddressLocation 如果规则使用检查发件人的电子邮件地址的条件或例外,则可以在邮件标头、 邮件信封或同时在两者中查找该值。If the rule uses conditions or exceptions that examine the sender's email address, you can look for the value in the message header, the message envelope, or both.
停止处理更多规则Stop processing more rules SenderAddressLocationSenderAddressLocation 这是一种规则操作,但它看起来像 EAC 中的属性。你可以选择在规则处理完某个邮件后,停止向邮件应用其他规则。This is an action for the rule, but it looks like a property in the EAC. You can choose to stop applying additional rules to a message after a rule processes a message.
注释Comments CommentsComments 可以输入有关规则的描述性注释。You can enter descriptive comments about the rule.

如何将邮件流规则应用于邮件How mail flow rules are applied to messages

All messages that flow through your organization are evaluated against the enabled mail flow rules in your organization.All messages that flow through your organization are evaluated against the enabled mail flow rules in your organization. 规则按照 EAC 中的"邮件流规则"页中列出的顺序进行处理,或基于 PowerShell 中的相应 > Priority 参数值进行处理。Rules are processed in the order listed on the Mail flow > Rules page in EAC, or based on the corresponding Priority parameter value in PowerShell.

每个规则还提供在规则匹配时停止处理其他规则的选项。此设置对于匹配多个邮件流规则中条件的邮件而言非常重要(想要哪个规则应用于邮件?全部?还是一个?)。Each rule also offers the option of stopping processing more rules when the rule is matched. This setting is important for messages that match the conditions in multiple mail flow rules (which rule do you want applied to the message? All? Just one?).

基于消息类型的处理的差异Differences in processing based on message type

通过组织进行传递的邮件有几种类型。下表显示了哪些邮件类型可以通过邮件流规则进行处理。There are several types of messages that pass through an organization. The following table shows which messages types can be processed by mail flow rules.


通过组织的邮件有几种类型。下表显示了哪些消息类型可以通过传输规则进行处理。Type of message 消息类型Can a rule be applied?
常规邮件:包含 RTF 格式 (RTF) 、HTML 或纯文本邮件正文或多部分或备用邮件正文集的邮件。Regular messages: Messages that contain a single rich text format (RTF), HTML, or plain text message body or a multipart or alternative set of message bodies. Yes
Office 365 邮件加密:由 Office 365 中的 Office 365 邮件加密加密的邮件。Office 365 Message Encryption: Messages encrypted by Office 365 Message Encryption in Office 365. 有关详细信息,请参阅 Office 365 中的加密For more information, see Encryption in Office 365. 规则可始终根据检查这些标头的条件来访问信封头并处理邮件。Rules can always access envelope headers and process messages based on conditions that inspect those headers.

对于检查或修改加密邮件内容的规则,需要验证是否启用了传输解密(强制或可选;默认为可选)。For a rule to inspect or modify the contents of an encrypted message, you need to verify that transport decryption is enabled (Mandatory or Optional; the default is Optional). 有关详细信息,请参阅在 Office 365中定义加密或解密电子邮件的规则。For more information, see Define rules to encrypt or decrypt email messages in Office 365.

S/MIME 加密邮件S/MIME encrypted messages 规则仅可根据检查这些标头的条件来访问信封头并处理邮件。Rules can only access envelope headers and process messages based on conditions that inspect those headers.

无法处理具有需要检查邮件内容的条件的规则或可以修改邮件内容的操作。Rules with conditions that require inspection of the message's content, or actions that modify the message's content can't be processed.

RMS 保护的邮件:应用了 AD RMS Active Directory Rights Management Services (或 Azure 权限) 策略 (Azure 权限) 的邮件。RMS protected messages: Messages that had an Active Directory Rights Management Services (AD RMS) or Azure Rights Management (RMS) policy applied. 规则可始终根据检查这些标头的条件来访问信封头并处理邮件。Rules can always access envelope headers and process messages based on conditions that inspect those headers.

对于检查或修改 RMS 保护的邮件内容的规则,需要验证是否启用了传输解密(强制或可选;默认为可选)。For a rule to inspect or modify the contents of an RMS protected message, you need to verify that transport decryption is enabled (Mandatory or Optional; the default is Optional).

已清除签名的邮件:已签名但未加密的邮件。Clear-signed messages: Messages that have been signed but not encrypted. Yes
UM 邮件:由统一消息服务创建或处理的邮件,例如语音邮件、传真、未接来电通知以及使用 Microsoft Outlook Voice Access。UM messages: Messages that are created or processed by the Unified Messaging service, such as voice mail, fax, missed call notifications, and messages created or forwarded by using Microsoft Outlook Voice Access. Yes
匿名邮件:匿名发件人发送的邮件。Anonymous messages: Messages sent by anonymous senders. Yes
阅读报告:为响应发件人的已读回执请求而生成的报告。Read reports: Reports that are generated in response to read receipt requests by senders. 读取报告的邮件类别为 IPM.Note*.MdnReadIPM.Note*.MdnNotReadRead reports have a message class of IPM.Note*.MdnRead or IPM.Note*.MdnNotRead. Yes

我还应该知道些什么?What else should I know?

  • 在 Exchange Online Protection 中,规则的 Version 或 RuleVersion 属性值不十分重要。The Version or RuleVersion property value for a rule isn't important in Exchange Online Protection.

  • 创建或修改邮件流规则后,可能需要 30 分钟才能将新的或更新的规则应用于邮件。After you create or modify a mail flow rule, it can take up to 30 minutes for the new or updated rule to be applied to messages.

更多信息For more information

使用邮件流规则检查 Exchange Online 中的邮件附件Use mail flow rules to inspect message attachments in Exchange Online

Office 365 中的电子邮件加密Email encryption in Office 365

日记、传输和收件箱规则限制Journal, transport, and inbox rule limits