http://clintboessen.blogspot.com/2009/06/exchange-2010-email-moderation.html
In this post we will be looking at how moderation works and the processes that go on in the back end.
The moderated transport application consists of the following components:
Categorizer
The transport categorizer initiates the approval process. When the categorizer detects a moderated recipient while processing a message, it reroutes the message to the arbitration mailbox.
Store driver
The store driver processes the messages that the categorizer marks for moderation. When the store driver encounters such a message, it stores the original message in the arbitration mailbox and sends approval requests to the moderators. When a moderator responds with a decision, the store driver marks that decision on the message that's stored in the arbitration mailbox. If an approved message is submitted again by the Information Assistant, the store driver removes the approval workflow wrappers so the message that's delivered is identical to the original message submitted by the sender.
Information Assistant
The Information Assistant process monitors the arbitration mailbox. The Information Assistant resubmits any approved messages to the submission queue for delivery to the intended recipients, or it deletes rejected messages. The Information Assistant is also responsible for sending rejection notifications to the sender. In addition, it cleans up the arbitration mailbox by deleting any stale or orphaned messages from the arbitration mailbox. For example, if a moderator simply deletes an approval request instead of making a decision, the corresponding message waiting for approval in the arbitration mailbox needs to be removed by the Information Assistant.
Arbitration Mailbox
The arbitration mailbox is used to store the original message that's awaiting approval. By default, one arbitration mailbox is created for moderated transport during setup. It's used for all moderated recipients. You can add additional arbitration mailboxes for load balancing purposes. If you're using multiple arbitration mailboxes, you need to specify which mailbox to use for each moderated recipient.
What processes occur in the backend?
The following screenshot is taken from Microsoft's TechNet Website:

1.The sender creates a message and sends it to the moderated recipient.
2.The categorizer intercepts the message, marks it for moderation, and then reroutes it to the arbitration mailbox.
3.The store driver stores the message in the arbitration mailbox and sends an approval request to the moderator.
4.The moderator uses the buttons in the approval request to either accept or reject the message.
5.The store driver marks the moderator's decision on the original message stored in the arbitration mailbox.
6.The Information Assistant reads the approval status on the message stored in the arbitration mailbox, and then processes the message depending on the moderator's decision:
6-a.If the moderator has approved the message, the Information Assistant resubmits the message to the submission queue, and the message is delivered to the recipient.
6-b.If the moderator has rejected the message, the Information Assistant deletes the message from the arbitration mailbox and notifies the sender that the message was rejected.
If the moderator doesn't respond to the message within five days, the Information Assistant will delete the message from the arbitration mailbox and notify the sender that their message has expired.
Handling Multiple Moderated Recipients
Taken from TechNet:
It's possible to send a message to a group of recipients that includes both moderated recipients and recipients that aren't moderated. In this case, a separate approval process occurs for each moderated recipient.
Consider a message that's sent to 12 recipients, one of which is a moderated distribution group. The categorizer splits this message into two messages. One message is delivered immediately to the 11 recipients that aren't moderated, and the second message is submitted to the approval process for the moderated distribution group.
If a message is intended for more than one moderated recipient, a separate copy is created for each moderated recipient and is submitted to the approval process.
A moderated distribution group may contain other moderated recipients. In this case, after the message to the distribution group is approved, a separate approval process occurs for each moderated recipient that's a member of the distribution group. However, you can also enable the automatic approval of the distribution group members after the message to the moderated distribution group is approved. To do this, you set the BypassNestedModerationEnabled parameter of the moderated distribution group to $true using the Set-DistributionGroup cmdlet.
Moderation and Exchange 2007 Hub Transport Servers
If you have Exchange 2007 Hub Transport servers mixed with your Exchange 2010 environment you must configure an Expansion Server on any item you have moderated. If you do not do this, the store driver on the Exchange 2007 Hub Transport server will simply deliver the message bypassing moderation. To enable an expansion server for a distribution group use the following command:
Set-DynamicDistributionGroup -Identity "GroupIdentity" -ExpansionServer "Exchange2010HubTransportServer"
So you want the basic cmdlet on how to enable moderation huh?
Below is an example on how you would go enabling moderation on a distribution group:
Set-DistributionGroup "All Employees" -ModerationEnabled $true -ModeratedBy "clint@kbomb.com.au","administrator@kbomb.com.au" -ByPassModerationFromSendersOrMembers "HR" -SendModerationNotifications Internal
 
 
 

 
Hey Clint,
ReplyDeleteIs there any way to view emails that are in the arbitration mailbox waiting for approval?
Cheers,
Steve
Hi Steve,
ReplyDeleteYou can view the message count which resides in the Arbitration mailbox using the Get-MailboxStatistics command. In regards to viewing actual messages pending approval, I have not done this however if possible you would need to grant an account permissions to read the mailbox then add the mailbox as a secondary mailbox in Outlook or alternatively enable the account linked to the arbitration mailbox and assign it a password in AD Users and Computers and then use that account to generate a new Outlook profile. I would do this in your test environment...
Kind Regards,
Clint
what if the moderated email was deleted ? How can you intercept it without notifying the sender.
ReplyDelete