WinDeveloper O365 Mailer FREE for 1 Year

WinDeveloper IMF Tune
WinDeveloper IMF Tune

Setting Up Journaling in Exchange 2007

Andrew Z. Tabona [BSc (Hons) Computing, MCSE, Network+, Security+ etc]

Andrew Z. Tabona [BSc (Hons) Computing, MCSE, Network+, Security+ etc] Photo

Andrew Z. Tabona, MBCS, MSc, BSc (Hons), ITILF v3, MCSE, Network+, Security+, etc, has over 10 years’ experience in Quality Assurance, Incident Management, and Pre- and Post-Sales Technical Support roles, as well as recent specialization in Digital Forensics and E-Discovery.

Cast your Vote
Poor Excellent

Exchange 2007 gives more flexibility with more options available for what and how to journal communications. In this article we look at how to setup the two different methods of e-mail journaling.

I'd like to start off by pointing out the difference between Journaling and Archiving. Journaling is the ability to record all e-mail communications in an organization (and Exchange Journaling is a tool that will help you to do this) - the location to which e-mails are journaled is sometimes called an "archive". Archiving, although sometimes referred to as the whole process together, is actually the backing up of the recorded data and storing is elsewhere (in an SQL database for example). Some third party e-mail archiving solutions do just that; they pull the data from the Exchange journaling location (the "archive") and store it in a backend database or on disk. Some archiving solutions give you the ability to search for e-mail by means of a user friendly interface.

You would need to journal your communications to comply with regulatory requirements set by the government, financial and health institutions. One well known example would be the Sarbanes Oxley Act which necessitates that all e-mail communications "in connection with an audit or review" are recorded. Thus if ever a financial dispute came about one could refer to any previous communications for clarification.

Exchange 2007 further enhances the journaling capabilities of its predecessor by offering the ability to journal communications on a per-user, per-distribution list, and per-mailbox database level by means of a journaling agent, giving you more flexibility on how and what to journal. Journaling forms part of the Hub Transport Server role and both standard and premium journaling use the Journaling Agent located on Hub Transport Servers. You can choose to journal only internal communications, only external communications, or both. As we'll see later on, using standard journaling requires the Mailbox server role to be installed.

Standard Journaling - similar to Exchange 2003 when you would enable journaling on each mailbox store, Standard Journaling in Exchange 2007 allows you to journal all messages that are located on a specific mailbox database on a server running the Exchange Mailbox Server role.

Premium Journaling - requires an Exchange Enterprise Client Access List (CAL) and allows you to create journal rules for specific users, or groups of users. The settings for these journaling rules are stored in Active Directory and are replicated across the sites within your organization. In this manner all Hub Transport Server will read the new configuration.

When a message matches a journal rule and a copy has to be submitted to the journaling mailbox, a journal report is created - this is what is known as a "Message Envelope" in Exchange 2003 (when you have envelope journaling enabled). The body of the journal report contains message information such as the FROM e-mail address, the TO e-mail address, the subject of the e-mail and Message-ID, along with the original message as an attachment.

The downside of enabling journaling is that it increases server load by a rather significant percentage and may require dedicated server resources, but this is something worth living with if it means complying with company policies, and / or regulatory requirements.

Configuring Standard Journaling

To configure standard journaling and force all messages that go through the specified mailbox database to be copied to a journal mailbox, follow the procedure below:

  1. Open the Exchange Management Console | Server Configuration | Mailbox Database (this being the mailbox database for which you want to journal all e-mail communications), and Right Click | Properties.

Adding a Journaling Recipient

Figure 1 - Adding a Journaling Recipient

  1. In the General tab of the "Mailbox Database Properties" dialog, select the "Journal Recipient" check box and click the Browse button.

  2. This will bring up the "Select Recipient" dialog in which you must choose a mailbox that will store all the journaled e-mails. For the purpose of this example, I have created and chosen a mailbox called "Journal" (as seen in Figure 1).

  3. Once ready, click Apply and OK to close the Mailbox Database Properties dialog.

From now on any users who have mailboxes located on this Mailbox Database will have a copy of all their e-mails sent to the "Journal" mailbox.

Configuring Premium Journaling

Premium Journaling is based on a set of rules - each message that passes through the Hub Transport Server is checked to see whether it matches a set of pre-configured criteria for a journal rule. If it does, a journal report will be created and a copy of the e-mail put into the journal mailbox. Premium Journaling is also known as per-recipient journaling.

To create a journal rule, follow the steps below:

  1. Open Exchange Management Console | Organization Configuration | Hub Transport. In the Journaling tab found in the middle pane, right click and select "New Journal Rule". This will bring up the Journal Rule Wizard and allow you to create a new journal rule.

  2. Type a name for this rule and press the Browse button to bring up the Select Recipient dialog. Choose a mailbox to which journal reports (enveloped messages) will be sent and click OK. In this example I have chosen to send messages to the "Journal" mailbox (as seen in Figure 2).

Creating a Journal Rule

Figure 2 - Creating a Journal Rule

  1. Next, you must choose the scope of the messages you want to journal. You can choose from the following:

    1. "Global - all messages" - Journals all messages, both Internal and External.

    2. "Internal - internal messages only" - Journals all messages sent and received by all recipients within your Exchange 2007 organization.

    3. "External - messages with an external sender or recipient" - Journals all messages received from or sent to an external recipient, outside of your Exchange 2007 organization.

  2. Enable the "Journal messages for recipient" if you want to journal messages for a particular user or set of users. Click the Browse button to choose which user, group or distribution list you want to journal messages for. In my example, I have opted to journal messages for a user called "Andrew Z Tabona".

  3. The "Enable rule" checkbox is enabled by default. If you wish to create a rule but set it to be inactive, simply uncheck this option.

  4. Once you have configured the desired options, press New and the rule will be created, after which you can press the "Finish" button from the Completion page to return to the Exchange Management Console.

Using this rule, all messages sent to and from the user "Andrew Z Tabona" will be copied to a journaling location called "Journal".

NOTE: It's worth mentioning the potential conflict that may occur when you have both transport rules and journaling rules setup on the Hub Transport Server role. By default transport rules are executed first. Now, imagine you had a transport rule to block all messages sent from User A to User B, but your company policy stated that you had to journal messages for all users in your Exchange organization (for which you setup a Journaling rule). Like this, messages sent between User A and User B would not be journaled because the transport rule would kick in first and delete the messages before the journaling rule could journal them.

To solve this you would have to change the priority of the transport rules and journaling rules using the Set-TransportAgent cmdlet from the Exchange Management Shell, as shown in figure 3 below.

Setting Transport Agent priorities

Figure 3 - Setting Transport Agent priorities

Follow these instructions to change the Transport Agent and Journaling Agent priorities:

  1. Open the Exchange Management Shell and type "get-transportagent" without quotes. This will list the current priority list of the Agents installed on the server.

  2. Now type:
    set-transportagent "Journaling Agent" -priority:1

    This will set the priority of the Journaling Agent to be the first in the list.

  3. Typing "get-transportagent" again will confirm the changes have been made and show you the new prioritized list.

Conclusion

As we have seen Exchange 2007 offers far more Journaling flexibility and the ability to journal e-mails for only a specific set of people rather than everyone in the organization, which will suit most Exchange Administrators - you can choose to only journal e-mails for people within the accounts department, for example. Alternatively you could use Standard journaling and make use of a third party application to manage your archive of e-mails. Whichever you choose, you're sure to like the new and improved functionality that Exchange 2007 has when it comes to Journaling.

References

Overview of Journaling

Managing the Journaling Agent

User Comments - Page 1 of 1

Add New Comment...

Jorge Gaitan 17 Mar 2015 10:07
great doc! just one question ... do I need both enable? or should it be enough with the DB journaling option?
I dont want to get double the emails on my journaling and create a disk space issue.
Copyright © 2005 - 2018 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation