Get Compliant with Exchange Server 2007 Journaling

Exchange 2007 makes journaling easier to use, with features such as simpler rule configuration, better per-recipient control, and premium journaling

Executive Summary:
New government regulations that require more financial and communications disclosures, such as the Sarbanes-Oxley Act of 2002, are forcing many companies to journal their electronic communications, including internal and external emails, voicemails, and fax messages. Exchange Server 2007 makes journaling easier than with Exchange Server 2003 because Exchange 2007 uses journal rules enforced through the Hub Transport server and allows unified messaging (UM) journaling. This article explains the differences between journaling and archiving; explains journal rules, journal mailboxes, and journal reports; and compares standard journaling with premium journaling in Exchange 2007.

Government regulations are forcing IT administrators to journal increasingly more electronic communications, including email, voicemail, and fax transmissions. Many companies are also adopting similar internal requirements to prevent and prepare for government audits and lawsuits. Like its predecessors, Exchange Server 2007 provides a journaling capability that can help IT comply with such requirements. However, journaling in Exchange 2007 has some important differences from journaling in earlier Exchange versions. In particular, Exchange 2007 uses journaling agents to apply mailbox and unified communications (UC) journal rules via the Hub Transport server role. Exchange 2007 also provides multiple options for collecting journal reports, including journal mailboxes, Exchange Hosted Services, or a third-party archiving service. If you're just getting started using Exchange 2007 or plan to migrate to it, you'll find it helpful to understand the differences between journaling in Exchange 2007 and Exchange Server 2003, Exchange 2007 journaling basics, and the distinctions between standard and premium journaling. (And for a quick look at some regulations that have a bearing on the use of journaling, see the sidebar "A Few Regulations Relevant to Email Journaling.")

Exchange 2007 Journaling Basics: Journal Reports and Mailboxes
Journaling in Exchange 2007 is very different than journaling in Exchange 2003. Exchange 2007 journaling does its work primarily in the Hub Transport server role, whereas Exchange 2003 works in the mailbox server. Because journaling is handled in the Hub Transport server role, journaling activity won't impact mailbox servers, making them more efficient because they don't have to handle any journaling services. Exchange 2007 journaling also gives administrators better control of per-user and per-recipient journaling and is much easier to configure than Exchange 2003 journaling.

As in Exchange 2003, journal reports are the basic component of Exchange 2007 journaling. A journal report is any message sent to and stored in a journal mailbox specifically for record-keeping. Unlike Exchange 2003, which supports three types of journaling (message-only, BCC, and envelope), Exchange 2007 journal reports exclusively use envelope journaling, as Figure 1 shows. The Exchange 2007 envelope journaling format allows message-header archiving and includes the following parts:

  • The unaltered original message attached in Transport Neutral Encapsulation Format (TNEF), an encoding format that "packages" parts of a message (e.g., voting buttons, read receipts) to retain more of the message's original text, headers, and formatting.
  • The journal report body containing the sender's email address, subject, message ID, and recipients' email addresses, including blind carbon copy (BCC) addresses.

To enable Exchange 2007 journaling, you must designate a mailbox that will receive and store journal reports. You can create a single mailbox for the entire company and all journal rules or create a mailbox for each user, group, or rule. You also can forward journal reports to Exchange 2007 Global Address List (GAL) contacts, offsite mailboxes, or third-party messaging environments.

Your journal mailbox should be used only to receive journal reports and should be accessible to only a limited number of people. Since the journal mailbox could house messages from company executives and contain a company's sensitive information, you should limit access to the mailbox to only those people who have a legitimate need to use it. Individually add each user account and closely monitor access to the mailbox.

Many of the laws that require recording communications also require that once recorded, those messages be tamper-proof. This means your journaling mailbox can't receive mistakenly addressed messages. The best practice is to restrict the mailbox to receiving only messages sent directly to it. To do so, use the following Exchange Management Shell (EMS) mailbox command, where "Journal" is the mailbox name:

Set-Mailbox "Journal" `
-AcceptMessagesOnlyFrom "Journal" `
-RequireSenderAuthenticationEnabled $True

If you're using Exchange 2007 SP1, you can automatically convert TNEF and MIME messages to journal reports. The journal mailbox must be a GAL contact pointing outside your Exchange organization, and you'll need to turn off MAPI rich text formatting for the Hub Transport server to convert the message. To do so, in Exchange Management Console (EMC), on the properties page of the mail contact you want to configure, switch the Use MAPI rich text format option to Never. Alternatively, you can use the Set-MailContact command in EMS to configure the contact. For example, the following command configures a MIME contact. (Be sure to replace with your contact's Exchange alias.)

Set-MailContact  `
-UseMAPIRichTextFormat Never

Now that you know some Exchange 2007 journaling basics, let's look at the two types of Exchange 2007 journaling: standard journaling and premium journaling, a new feature introduced for large enterprises.

Standard Journaling
Standard journaling is included with the Exchange Server standard CAL and is sufficient for small- to medium-sized companies with dozens (rather than hundreds) of mailboxes. Standard journaling is similar to the journaling concepts in Exchange 2003. You assign a journal mailbox for each mailbox database, and the mailbox saves every message sent to or from recipients in the database.

All messages that flow through a mailbox store are also sent to the journal mailbox. You control journaling by moving mailboxes between mailbox stores on an Exchange server or between Exchange servers.

Standard journaling is easy to implement through the Mailbox Database Properties dialog box; to do so, you need to be an Exchange 2007 Administrator or Exchange Organization Administrator. To enable standard journaling on your Exchange server, open EMC, then click Server Configuration. Next open the Mailbox Server, then open the Mailbox Database. Click Properties, and you'll see a dialog box similar to Figure 2. In this box on the General tab, you'll define the Mailbox Database properties, including designating the box as a journal recipient. After you've set the journal recipient, click OK.

Premium Journaling
Premium journaling, which requires an Exchange 2007 Enterprise CAL (an add-on to the standard CAL), is for large companies with many Exchange Mailbox servers, each hosting multiple databases. In a large enterprise, configuring and maintaining numerous mailbox databases is a challenge, and setting journaling rules for those databases can be a complicated process. To configure the premium journaling options, open EMC and expand Organization Configuration. Then click Hub Transport. With premium journaling, you can create multiple rules to match your enterprise's unique journaling needs, by using the following options:

Journal messages for recipient. This option lets you select specific mailboxes, contacts, or distribution lists (DLs) to journal, but every object selected must belong to your Exchange organization. If you want to journal mailbox items for a particular external SMTP address, you must first create a GAL contact for that address.

Using the Journal messages for recipient option, you can also use DLs to control journaling. For example, you can create a DL of all the mailboxes you must journal for regulatory compliance. Then you can assign the legal compliance department management rights to the DL. The Hub Transport server maintains a recipient cache to look up recipient and DL information, so changes to the DL could take up to four hours to take effect.

There's one drawback to using the Journal messages for recipient option. If you don't select any recipients to journal or disable this feature, every message sent to or from your Exchange organization will be journaled. To select individual mailboxes to add to a DL, do the following:

  1. Open EMC.
  2. Click Recipient Configuration.
  3. Click Distribution List.
  4. Under the Actions tab, use the New Distribution Group option to create a new DL.

To modify DL members, follow the same path, but double-click in the middle pane, then click the Members tab and use the Add button to add members. To disable the Journal messages for recipient feature, do the following:

  1. Open EMC.
  2. Expand Organization Configuration.
  3. Click the Hub Transport pane.
  4. Click the Journaling tab.
  5. Double-click a journal rule and remove the check from the Journal messages for recipient box.

Journal rule scope. You can configure the magnitude of your journaling for each rule to be global, internal, or external. Global journaling tells the Exchange server to journal every message that passes through the Hub Transport server. Internal journaling tells the Exchange server to record only messages sent and received by recipients within your Exchange organization. External journaling tells the Exchange server to record only messages sent to recipients outside your Exchange organization or messages sent by someone outside the organization and received by someone inside the organization. For example, you could set a global journal scope to record all messages during a time the audit department specifies, such as during negotiations to acquire another company. Or you could set an external journal rule scope to journal all messages sent by a stock broker to recipients outside your Exchange organization, which would journal all messages from the stock broker to clients and potential investors.

Journal unified messaging (UM). By default, premium journaling records Exchange 2007 UM communications, including voicemail messages, missed-call notifications, and faxes. You can elect not to journal every UM item, possibly to save hard disk space. You can enable or disable journaling for voicemail and missed-call notifications by using the following EMS commands:

Set-TransportConfig `
-VoicemailJournalingEnabled $true
Set-TransportConfig `
-VoicemailJournalingEnabled $False

Unfortunately, you can't enable or disable UM messaging on a per-server or per-user scope; it can only be globally enabled or disabled. Disabling voicemail and missed-call notification journaling won't disable faxes or messages from the Exchange 2007 Unified Messaging server.

Premium Journaling Benefits
Creating and managing a large organization's journaling rules and mailboxes is much simpler using Exchange 2007 premium journaling, as compared with Exchange 2003 journaling, which requires you to create, implement, and maintain separate mailbox databases for each journal rule. For example, a financial institution is required to journal all its stockbrokers' communications. With Exchange 2003, journaling every stockbroker communication would be a nightmare. You'd have to create a specific mailbox database for the stockbrokers' mailboxes and enable journaling for that database. If the brokers are geographically spread throughout a global organization, this would be quite an effort to implement. Either you'd end up with multiple mailbox databases, or you'd have to enable journaling for multiple mailboxes, either way substantially increasing your hard-disk space requirements.

Creating, implementing, and maintaining journaling for this imaginary organization would be easy with Exchange 2007. You'd simply create a stockbroker DL and apply the list to a journal rule. The rule would journal only the messages to and from the DL mailboxes. This process would immediately optimize your archiving volume with just a few steps. One thing to remember, however, is that the DL membership is cached to limit the number of Active Directory (AD) queries. As a result of the caching, new list members are recognized only once every four hours when the cache is refreshed or when the Microsoft Exchange Transport service is restarted.

You can access premium journaling through EMC by opening Organization Configuration, then Hub Transport, and selecting the Journaling tab, as Figure 3 shows. Alternatively, you can use EMS's New-JournalRule command. The following example uses the New-JournalRule command to create a premium rule named Journal for Sigi Mailbox that journals all the messages to and from the mailbox SigiJ to a mailbox named Journal.

New-journalRule -Name `
'Journal for Sigi Mailbox' `
-JournalEmailAddress `
'[email protected]' `
-Scope 'Global' -Enabled $true `
-Recipient '[email protected]'

Managing Premium Journaling
All journal rules are configured through EMC’s Organization Configuration node, so only Exchange Organization Administrators can create and modify them. Because journal rules are configured and applied in the Hub Transport server role, all Exchange organization configurations, including journal policies, are automatically replicated to all the organization's Exchange servers. When you complete one configuration, it's automatically replicated to all Hub Transport servers.

If you create multiple journal rules that include the same mailbox, you'll create multiple copies of the same journal reports. For example, if you create a journal rule that includes all mailboxes and journals for all internal messages, and you create a second journal rule for a mailbox called Trader, every message to and from the Trader mailbox will be sent to both the first and the second journal mailbox. To prevent such journaling redundancy, you’ll need to clearly plan your journaling rules.

Premium journaling requires an Exchange 2007 Enterprise CAL, which means an increased Exchange 2007 project budget. But the Enterprise CAL not only unlocks premium journaling but also allows other cool features such as Exchange 2007 managed folders and UM. (For more information about managed folders, see the Windows IT Pro article "Meet Email-Retention Needs with Exchange 2007," February 2007, You can leverage this argument in your budget request: Premium journaling will ease your workload, especially in medium to large organizations.

Save Your Sanity
For organizations required to journal because of regulatory requirements or internal policy mandates, Exchange 2007 journaling will make your job easier, and premium journaling will make it a lot easier. Premium journaling costs a bit more to start, but the savings in work hours and IT administrator sanity are well worth the extra cost. Migrating from Exchange 2003 to Exchange 2007 may also require an additional cost, but the sacrifice will pay off in the long term. Government regulation never goes away, and I expect it will increase as Uncle Sam and other public entities seek more oversight of private sector financial disclosures and policies. The sooner you implement Exchange 2007 journaling, the better.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.