Message Archiving Microsoft Exchange Journaling Configuration Guide For Exchange Server 2000 and 2003 • • Google Message Discovery Postini Message Archiving
Google, Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 www.google.com Part number: PMAEJCG_618_17 February 3, 2012 © Copyright 2009 Google, Inc. All rights reserved. Google, the Google logo, Google Message Filtering, Google Message Security, Google Message Discovery, Postini, the Postini logo, Postini Perimeter Manager, Postini Threat Identification Network (PTIN), Postini Industry Heuristics, and PREEMPT are trademarks, registered trademarks, or service marks of Google, Inc.
This software is provided “AS IS.” The copyright holders disclaim all warranties, either express or implied, including but not limited to implied warranties of merchantability and fitness for a particular purpose, with respect to this code and accompanying documentation. Although their code does not appear in gd 1.8.4, the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue Software Corporation for their prior contributions.
Contents About This Guide................................................................................................. 7 What This Guide Contains..................................................................................... 7 Who This Guide Is for ............................................................................................ 7 Related Documentation ......................................................................................... 8 How to Get Support ........................
About This Guide What This Guide Contains The Microsoft Exchange Journaling Configuration Guide provides information about: • How Microsoft Exchange journaling works • Setting up Microsoft Exchange Server to send copies of email messages to your archive in Postini Message Archiving. This guide is a supplement to the Message Archiving Administration Guide. It assumes that you are familiar with Postini Email Security.
Related Documentation For additional information about Message Archiving and your Message Security service, refer to the following related documents, which are available on the Postini Support Portal. For details, see “How to Get Support” on page 8.
https://support.postini.com Note: Postini Customer Care does not provide technical support for configuring mail servers or third-party products. Please contact Postini Professional Services (postini-professionalservices@google.com) for consulting services. Disclaimer for Third-Party Product Configurations This guide describes how our products work with Microsoft Exchange Server and the configurations that we recommend. These instructions are designed work with the most common Exchange Server scenarios.
Chapter 1 Introduction to Microsoft Exchange Server Journaling Chapter 1 What Is Microsoft Exchange Server Journaling? Microsoft Exchange Server journaling lets you record a copy of, or journal, all email communications in your organization and send them to a dedicated mailbox on an Exchange Server. The process of journaling, therefore, is different than archiving. Journaling is simply a means of recording your users’ messages.
Which Messages Does Microsoft Exchange Server Journal? Microsoft Exchange Server journals all email messages that users send or receive, including: • Messages that users send to others outside your network • Messages that users receive from others outside your network • Messages that internal users send to each other Note: • For messages sent to internal mailing lists, Exchange Server adds the expanded list of recipients to the journaled message.
What Are the System Requirements for Microsoft Exchange Journaling? Ensure that your Exchange messaging environment includes the following components.
www.microsoft.com • The exejcfg.exe tool is available in the Exchange Server 2003 SP1 download, in the i386\RTW directory. Or, you can download it at: http://www.microsoft.com/downloads/details.aspx?FamilyID=e7f73f107933-40f3-b07e-ebf38df3400d&displaylang=en What Should I Do Before Setting Up Journaling? During the journaling setup process for Exchange Server, you will turn on envelope journaling for each mailbox database, or store, that contains users for whom you want to journal messages.
To determine whether you need additional journal-recipient mailboxes, consider the number of users whose messages you want to archive and the typical load these messages place on your mailbox servers. Depending on these factors, you may also want to set up the journal-recipient mailboxes on a dedicated Exchange Server—called the Exchange journaling server—that is separate from the servers on which users’ mailbox stores reside.
For example, assume that you turned on journaling for a mailbox store that contains 10 user mailboxes, and you want to archive messages for only 6 of those users. In this case, you must place those 6 users in a separate organization on your Message Security service, and turn on archiving for that organization. When Message Archiving receives journaled messages for the 10 users, it will store messages for only the 6 users in the organization.
To avoid re-archiving messages exported from the archive as attachments, you can create an additional, separate email account on your Exchange Server for each user who has access to your corporate archive. Place these accounts in a separate mailbox store, and do not enable journaling for this store. For example, you can place these accounts in the same mailbox store as the journal recipient mailbox (see “Plan Your Journal-Recipient Mailbox Deployment” on page 14).
Chapter 1 Setting Up Microsoft Exchange Journaling Chapter 1 Overview of Journaling Setup The following are the basic steps for deploying Exchange Server journaling: 1. Create an SMTP contact with the email address of your Postini archive (which appears in the Administration Console once you set up Message Archiving for journaling). 2. Set up the journal recipient mailbox. This mailbox, named mailarchive, will receive all journaled email messages. 3.
The following figure is an overview of how Message Archiving works with Exchange Server journaling. WARNING: • The order of the steps in this document differs from that provided in the Microsoft documentation. Please follow the order of the steps in this document, to ensure that you set up journaling correctly for Message Archiving. • Microsoft documentation includes instructions for setting up the SMTP connector for the connection between your organization and your email archive.
Step 1. Create an SMTP Contact To forward all journaled messages in your journaling-recipient mailboxes to Message Archiving, you need to add a new contact to your Microsoft Active Directory, and specify the email address of your archive for that contact. Microsoft refers to this contact as the custom SMTP recipient, because the Exchange journaling server will forward all journaled messages to your archive address, using SMTP.
5. Click Next. 6. Accept the default alias PostiniArchive. 7. Verify that the Create an Exchange e-mail address check box is selected, and then click Modify. 8. In the New E-mail Address box, select SMTP Address, and then click OK. 9. In the Internet Address Properties box, enter your archive e-mail address, and then click OK. Click Next. 10. Click Finish.
The SMTP contact Postini Archive now appears in your user list in Active Directory Users and Computers. For example: Note: You can add a description, such as that shown in the figure, by editing the contact. Step 2. Set Up the Journal-Recipient Mailbox Based on the number of journal-recipient mailboxes you need, which you determined during your planning, you now need to set up the necessary journaling mailbox stores and journal-recipient mailboxes on one or more Exchange Servers.
2. Right-click the organizational unit in which you want to create the contact, point to New, and then click User. 3. Enter the following: • First name: Journal • Last name: Recipient • User logon name: mailarchive If you plan to set up multiple mailboxes, you can append identifiers to the names. For example: mailarchive_1, mailarchive_2. 4. Click Next. 5. Set the password, and then select Password Never Expires. Clear all other check boxes on the dialog box, and then click Next.
6. Make sure Create an Exchange Mailbox is selected, and then select the appropriate server and mailbox store. (Remember, you will not enable journaling on this mailbox store.) 7. Click Finish. The journal recipient user mailarchive now appears in your user list in Active Directory Users and Computers. For example: Note: You can add a description, such as that shown in the figure, by editing the user.
To remove the journal recipient from the Global Address List: 1. In Active Directory Users and Computers, double-click the mailarchive user you just added. 2. Click the Exchange Advanced tab. 3. Select Hide from Exchange address lists. 4. Click OK. To set the delivery restriction: 1. In Active Directory Users and Computers, double-click the mailarchive user you just added. 2. Click Exchange General > Delivery Restrictions > Only From. 3. Click Add.
4. Enter mailarchive. Then click OK. The mailarchive user appears in the dialog box. 5. Click OK to close the Delivery Restrictions dialog box. Step 3: Turn On Envelope Journaling By default, envelope journaling is disabled on Exchange Server. To use envelope journaling, you must complete two basic steps: 1. Enable envelope journaling for your Exchange Server environment, using the exejcfg (Email Journaling Advanced Configuration) tool. You can run this tool on any of your Exchange Servers.
2. Start envelope journaling for each mailbox store that contains users for whom you want to journal messages. To complete this step, you use Exchange System Manager. WARNING: Ensure that you do not enable journaling for your journaling mailbox stores. If you use a separate Exchange Server for your journaling stores, do not turn on any type of journaling on this server. To enable envelope journaling: 1. Download and unzip the exejcfg.
4. On the General tab, select Archive all messages sent or received by mailboxes on this store, and then click Browse. 5. Enter mailarchive. Then click OK. All journaled messages for users on this mailbox store are now sent to mailarchive. Repeat this process for each mailbox store for which you want to turn on journaling.
Step 4: Set a Forwarding Rule for Journaled Messages After you enable envelope journaling, use Microsoft Outlook to set a server-side rule for each journal-recipient mailbox to: • Forward all journaled messages to the address of your Postini archive in Message Archiving. This address is the custom SMTP contact (Postini Archive) that you created in Step 1. • Move copies of all forwarded messages to the Deleted Items folder of your journal recipient mailbox.
Step 5: Enable Automatic Forwarding After you set the forwarding rule in Step 4, ensure that your Exchange Server can automatically forward messages to your Postini archive. You can do either of the following: • Use the organization-wide automatic forwarding option. This option allows automatic forwarding to any domain. • Specify your Postini archive domain in Exchange Server. Choose this option if your corporate policy does not allow the use of organization-wide automatic forwarding.
3. On the General tab, do the following: a. In the Name box, enter a name for the policy, such as Postini Archive. b. In the SMTP domain box, enter the domain for your archive email address. For example, if your archive address is archive@xyz.archive.psmtp.com, enter xyz.archive.psmtp.com. For example: 4.
5. Click the Advanced tab, and verify that all check boxes are selected: 6. Click OK. Step 6: Create a Policy to Delete Forwarded Messages from the Journal-Recipient Mailbox In Step 4, you set up a rule to forward journaled messages to your archive and then move the journaled messages to the journal recipient’s Deleted Items folder.
4. In the New Policy dialog box, select Mailbox Manager Settings, and then click OK. 5. In the Properties dialog box, on the General tab, do the following: a. In the Name box, enter mailarchive for the policy name. b. Under Filter rules, click Modify. 6. In the Find Exchange Recipients box, create a search query that will return all the journal-recipient mailboxes that you created.
There are several ways to create the query. Because you used a naming convention for the journal-recipient mailboxes, an easy way to create the query is as follows: a. On the Advanced tab, click Field, point to User, and then select Logon Name. b. In the Value box, enter mailarchive. Click Add. 7. When you finish building the query, click OK. 8. In the message that appears, click OK.
9. Click the Mailbox Manager Settings (Policy) tab, and then do the following: a. In the When processing a mailbox drop-down menu, select Delete Immediately. b. In the Folder list, clear all folders except the Deleted Items folder. c. Select Deleted Items, and then click Edit. d. In the Folder Retention Settings dialog box, specify the criteria by which you want Exchange Server to delete the messages. You can specify a number of days or the total size of the deleted messages. For example: e. Click OK.
To schedule Mailbox Manager to run policies: 1. Open Exchange System Manager and locate the server that is hosting mailarchive. 2. Right-click the server, and then click Properties. 3. In the server Properties dialog box, click the Mailbox Management tab. 4. In the Start mailbox management process drop-down list, select a schedule appropriate for your organization. For example: 5. Click OK.
Verify Your Setup of Exchange Server Journaling After you finish setting up Exchange Server journaling, you can verify that journaling is set up correctly with the following methods: Verify SMTP Contact and Journal Recipient 1. Open the archivemanager contact and verify that you entered the correct email address for your archive. 2. Use System Manager to verify that the journal recipient mailbox resides in its own mailbox store. For example: Verify Envelope Journaling 1.
2. On Exchange Server, go to the journal recipient mailbox and open the journaled copy of the message you just sent. 3. Verify that the members of the distribution list and the BCC recipient appear in the Recipient list. Also verify that the body of the original message you sent is an attachment to the journaled message. For example: Verify Archiving 1. To verify that Message Archiving is archiving journaled email messages from your Exchange Server, send a test email message to a user.
In addition to the recommendations from Microsoft, we offer the following guidelines to ensure that your Exchange journaling environment is fully compatible with Message Archiving: 1. Route mail coming from the internet to an Exchange 2003 server first. Why? Having Exchange 2003 process the messages first cuts down on creating duplicate journal reports.
Troubleshoot Exchange Server Journaling Setup Troubleshooting Steps If you cannot verify that Message Archiving is archiving email messages, do the following: Check custom SMTP recipient: In Exchange Active Directory, check that the email address you specified for the custom SMTP recipient is correct. It must be the address that Message Archiving generated when you configured journaling for Message Archiving. For details, refer to the Message Archiving Administration Guide.
Bounced Journaled Messages Error Code 554: Cannot relay journal - psmtp Your Exchange Server is not on the access control list for Message Archiving, or the IP address You must enter the IP address of your server. If the IP address of your server has changed since you set up Message Archiving for journaling, you must enter a new journaling configuration entry for your email configuration on your Message Security service. For details, refer to the Message Archiving Administration Guide.
Chapter 2 Monitoring Journaling Performance Chapter 2 Once you have successfully deployed Exchange Server journaling, there are three easy ways to monitor journaling activity and spot potential problems: • Use the Storage Overview report in Message Archiving • Use the Inbound Archiving by Domain report in the Administration Console • Turn on journaling alerts Monitoring Journaling Performance 43
Use the Storage Overview report in Message Archiving Message Archiving administrators who have the Archive Search and Archive Reports privileges can view the Storage Overview report, which includes an up-tothe-minute view of your journaling traffic. To view the Storage Overview report, log in to Message Archiving, click the Reports tab, then click Storage Overview in the Navigation panel.
Use the Inbound Archiving by Domain report in the Administration Console You can use the Inbound Archiving by Domain report in the Message Security Administration Console to get a summary of the following data related to journaling: • Account Messages: Messages journaled for active archiving users. • Non-Account Messages: Valid journals for users who do not have archiving enabled. These journals are archived if Non-account Archiving is enabled.
Appendix A Checklist Appendix A Use the following checklist to verify that you have successfully completed all the steps necessary to set up journaling on your Exchange Server. Create an SMTP contact To forward all journaled messages in your journaling-recipient mailboxes to Message Archiving, you need to add a new contact to your Microsoft Active Directory, and specify the email address of your archive for that contact. For more information, see “Step 1. Create an SMTP Contact” on page 21.
Set a Forwarding Rule for Journaled Messages After you enable envelope journaling, use Microsoft Outlook to set a server-side rule for each journal-recipient mailbox to: • Forward all journaled messages to the address of your Postini archive in Message Archiving. This address is the custom SMTP contact (Postini Archive) that you created in Step 1. • Move copies of all forwarded messages to the Deleted Items folder of your journal recipient mailbox.
