Microsoft Exchange: Mail rule allows regular expressions. But which ones?

Question

I'm trying to set up a filter rule in Microsoft Exchange Online via the web interface (Office365 Admin Center > Exchange Admin Center > Mail Flow / Rules).

I want to match the "sender address" against known addresses that are "inside the organization" so as to detect incoming phish/whale delivery.

A dialog "specify words or phrases" appears, inviting me to enter the strings to match against:

Contextual help is sadly missing. However, according to Mail flow rule conditions and exceptions (predicates) in Exchange 2016 I can use regular expressions in the entry box :

But which regular expressions exactly? Perl?

great question - I was wondering the same, and your link put me in the right direction. I turned my comment into an answer as the other 2 at this time are incorrect. Thanks again for the link. — Hicsy, Sep 21 '20 at 12:08

score 6 · Accepted Answer · edited Feb 03 '17 at 07:34

You're right that the documentation there is a little light. However, EAC is just a UI for the PowerShell commands that get run.

So, the real question is "What regular expressions does PowerShell support?"

RegEx is supported and in the case of "The Sender address matches..." this would be a -match expression. So, you could put something like this into that box [a-z]+ to match any character from a to z. This is just an idea to get you going since you didn't say exactly what kind of match you wanted to make.

score 3 · Answer 2 · answered Feb 03 '17 at 05:56

3

You're in the right location...

Just enter a regular expression.
There a handy utility available at: http://regexhero.net/tester/

answered Feb 03 '17 at 05:56

ewwhite

197,159
92
443
809

score 2 · Answer 3 · answered Sep 21 '20 at 12:05

As you pointed out, the table under the "SENDERS" heading suggests that the property type used is: "Patterns". This is defined later in that same document.

If you scroll down further on that page to the heading "PROPERTY TYPES" and look under Patterns: