I have a group of users that I have to restrict email access for and so far using Exchange Transport Rules has worked very well. The problem I am having is that Rule 0 is supposed to bcc the email to a review mailbox but otherwise not change anything and Rule 9 is supposed to block the email and throw a custom NDR to tell the user why they were blocked. Here are my results in practice however.

• If Rule 0 is enabled and Rule 9 is enabled then only Rule 9 functions
• If Rule 0 is disabled and Rule 9 is enabled then Rule 9 functions
• If Rule 0 is enabled and Rule 9 is disabled then Rule 0 functions

This is after the Transport Service has been restarted (multiple times actually).

I have other rule pairs that work correctly. None of these are overlapping rulesets however. - copy email going to address outside domain and then block - copy email coming in from outside and then block

Here is the rule for copying internal emails (Rule 0):

Apply rule to messages from a member of Blind carbon copy (Bcc) the message to except when the message is sent to a member of or [email protected]

Here is the rule to block the same email (rule 9):

Apply rule to messages from a member of send 'Email to non-supervisors or managers has been prohibited. Please contact your supervisor for more information.' to sender with 5.7.420 except when the message is sent to , [email protected],

The distribution group used for membership in these rules is used for the other blocking and copying rules and works as expected.

Is there something I missed in this setup? All of the copy rules are at the front of the transport rule group and all the actual copies at at the end of the queue if that makes a difference.

Any thoughts as to why the email doesn't get copied when it gets blocked?