I wanted to create a transport rule that blocks outgoing email to external recipients that contains an attachment, except for members of the "Allow Outbound Attachments" group. So, I created the following rule:
The trouble is, that it blocks any email that is not sent as plain-text, even though there is no attachment. Not good.
I examined the headers on emails with and without attachments and found the X-MS-Has-Attach X-header has a yes value when there's an attachment and is <blank> when there isn't.
...Message-ID: <BL0PR01MB4243EF8B4D8DD1624C9C6E77D4D20@BL9PR01MB4243.prod.exchangelabs.com>References: <email@example.com>In-Reply-To: <firstname.lastname@example.org>Accept-Language: en-USContent-Language: en-USX-MS-Has-Attach: yesX-MS-TNEF-Correlator:Authentication-Results-Original: spf=none (sender IP is )...I modified the rule as below and it now works perfectly.
It's worth noting that the header values are not cAsE sensitive.