Mailbox Management

The foundation of any document-management policy

You might not give much thought to the data in your Microsoft Exchange Server mailboxes and public folders. But if your company has suffered a breach of commercially sensitive information or other email-based catastrophe, the problems that corporate-communications misuse can create are all too obvious. User education is a crucial part of managing data intelligently, but sometimes users need predefined limits and automated mailbox-management tools to help them put that education into practice. To give users what they need, your best course of action is to learn which mailbox aspects you can control, which tools you can use to do so, and how you can incorporate those tools into a corporate document-retention and management policy. In other words, know what data you have, know what to do with the data, and know how to manage data distribution.

Managing Content
Exchange Server divides information into shared data, which resides in public folders, and personal data, which resides in mailboxes. Because public folders usually have definite purposes and owners who manage the folders' data, these folders are often better managed than mailboxes. However, mailboxes are typically the central designations and origins for incoming and outgoing messages, so a mailbox content-management policy is just as important as a public folder content-management policy. Before you develop such a policy, consider the methods you can use to control mailboxes.

Mailbox quotas. You can set mailbox quotas in two ways: The mailbox can inherit default values from the store in which you created the mailbox, or you can assign specific limits on a mailbox-by-mailbox basis. Figure 1, page 146 shows an example of the default limits for private-store mailboxes on an Exchange Server 5.5 machine. In this example, the System Attendant process sends warning messages when a mailbox's storage reaches 275MB, stops users from sending messages when storage reaches 300MB, and stops accepting incoming mail when storage reaches 350MB. (These quotas are generous, but not unusual.)

Exchange 2000 Server sets quotas a little differently. The Enterprise version of Exchange 2000 supports multiple storage groups, each of which can contain multiple mailbox stores; setting individual default quota settings for 20 possible mailbox stores would quickly become tiresome. To solve this problem, Exchange 2000 offers system policies that let you manage objects (e.g., quotas) through a set of parameters that you define once and then apply to multiple objects. After you define a policy to set mailbox limits, you can use Exchange System Manager (ESM) to associate mailbox stores with the policy, thereby applying the policy to those stores. You can use ESM to view the stores to which you've applied a policy, as Figure 2, page 146, shows. This example illustrates how you can use system policies to apply limits across an organization.

After you've set mailbox quotas, how do you track how much space mailboxes occupy within the Information Store (IS) databases? The easiest way is to view Mailbox Resources, which Exchange Server maintains as a mailbox store property. In Exchange Server 5.5, you can use Microsoft Exchange Administrator to view this property, as Figure 3, page 146, shows. If you're running a large system, you probably want to use the File, Save Window Contents option to save this data to a Comma Separated Values (CSV) file that you can then import into Microsoft Excel or Access. Exchange 2000's ESM supports the same functionality as Exchange Server 5.5, although to save the data you need to select a mailbox store, right-click Mailbox Resources, and select Save Data from the resulting context-sensitive menu.

The sum of the quotas for mailboxes on a server represents the maximum size of the IS databases that you must back up and manage. The average mailbox's size has increased steadily throughout Exchange Server's versions. Many early Exchange Server implementations permitted mailbox quotas of 10MB to 20MB, but current deployments permit quotas as high as 50MB to 200MB—I know of one mailbox that is larger than 4GB. Administrators often justify large mailboxes because disk space is cheap and users have little time to clean out their mailboxes on a regular basis. Although understandable, this reasoning is bad practice because it encourages users to behave like pack rats and increases the size of databases that you need to back up.

Deleted-item retention time. Exchange Server 5.5 and later use a two-phase deletion process. When a user deletes an item, Exchange Server first performs a soft delete, moving an item into the Deleted Items cache. A message is logically still part of a user's mailbox, but the message's size doesn't count against the mailbox quota, and you can use Microsoft Outlook's Tools, Recover Deleted Items option to recover the message. After soft-deleted items exceed the mailbox's or public store's deleted-item retention period, Exchange Server performs a hard delete, permanently removing the items as part of the System Attendant's nightly background maintenance process. After a hard delete, you can recover an item only through a database restore. Most installations set a retention period of between 7 and 14 days, on the principle that anyone wanting to restore an item will likely do so within that time span.

Deleted-mailbox retention time. This new Exchange 2000 feature expands on Exchange Server 5.5's deleted-item retention feature. Exchange 2000 uses a two-phase deletion process for mailboxes as well as for messages so that you can recover mailboxes that users remove by mistake.

Personal store (PST) management. When a user wants more space than a mailbox quota permits, you can let the user create .pst files for offline storage. This tactic was reasonable when disks were relatively expensive and Exchange Server limited the size of the mailbox store to 16GB. But PST storage became less appropriate with Exchange Server 5.5's introduction of the unlimited store and with Exchange 2000's store partitioning. For several reasons, server storage is much more desirable and manageable than PST storage. Finding all the PST files on a server or on users' hard disks, and ensuring that those files are backed up, is difficult. And if a virus such as the VBS.LoveLetter worm arrives, disinfecting all the messages that users might have moved into PSTs will be a chore.

Mailbox Manager. Exchange Server 5.5 Service Pack 3 (SP3) introduced Mailbox Manager. This tool lets you check for messages that are older than a specified age and move those messages into a folder; Mailbox Manager can then automatically delete the messages the next time it runs. Mailbox Manager is useful for processing folders such as the Inbox and Sent Items, both of which tend to accumulate large quantities of items. (Few users take the time to regularly review the contents of these folders and remove unwanted items.)

The Mailbox Manager is a fairly unsophisticated tool: The sole removal criterion is a message's age. The tool removes items older than the age that the threshold specifies—including important items that users need to retain. Implementing the Mailbox Manager therefore requires some up-front planning and user involvement so that users aren't shocked when Mailbox Manager removes thousands of items from their mailboxes.

Internet-access restriction. Using SMTP to communicate across the Internet is important, but users can potentially use SMTP to send sensitive information, such as Out of Office notifications, to casual Internet correspondents. (For example, Out of Office notifications often contain telephone numbers or other details about people in the organization. You might be happy to give your coworkers this information, but you probably don't want to share it with unknown parties outside your organization.)

You can configure Exchange Server 5.5's Internet Mail Service (IMS) or Exchange 2000's SMTP connector to prevent users from sending Out of Office notifications to external recipients. You can also configure these connectors to limit the size of incoming and outgoing messages so that users can't clog up an Internet connector (e.g., by sending a 10MB attachment). Exchange 2000 lets you put messages larger than a specific size in a queue for later delivery. Figure 4 shows the properties of an Exchange 2000 SMTP connector. You can see that the connector will place any message larger than 2000KB in a queue and send the messages in that queue according to a custom schedule (e.g., outside working hours).

Appropriate content. Outgoing messages represent your organization's public face. Receiving a message that contains profanities or other inappropriate language (e.g., racial slurs) is neither pleasant nor professional. Educating users about the importance of message content is crucial, but if education fails, you can deploy content scanners to check all outgoing messages for terms or phrases that should be removed or replaced before the message leaves the organization. Scanning for inappropriate text is an ongoing struggle because language is in a continuing state of development; you must periodically update content scanners to include new words or phrases.

Journaling. Many companies operate under legislative requirements to record all communications with outside agencies. For example, the US Securities and Exchange Commission (SEC) requires financial trading companies to keep records of all electronic communications between traders and customers. Exchange Server 5.5 SP1 introduced a journaling feature that automatically copies all outgoing messages. (If you also want copies of incoming messages, you can configure the IMS or the SMTP connector to capture and archive text copies of the messages.) You can perform journaling on a per-server, per-site, or organization-wide basis. The feature can redirect a copy to any valid recipient, most commonly a public folder or mailbox. You can also direct copies to a custom recipient, such as an SMTP address.

Because medium or large servers commonly have difficulty handling the volume of accumulated messages after a short period, add-on products utilize the journaling feature to provide message copies that you can store in a permanent archive, perhaps under the control of a Hierarchical Storage Management (HSM) product. (Commercial products that perform Exchange Server email archiving currently use Exchange Server 5.5's journaling feature to capture information. However, in the future, these products might use Exchange 2000's event-based journaling, permitting you to use the Exchange 2000 Transport Engine to automatically copy and route each message to the HSM system, perhaps after applying criteria to filter items such as nondelivery notifications.)

Content indexing. Finding a specific item in a large public folder or mailbox can be difficult and time-consuming—a real stumbling block to intelligent data management. To address the problem, content indexing scans content and places it in a full-text index that clients can search. Microsoft currently offers Site Server 3.0, which lets you index public-folder data on Exchange Server 5.5 machines; however, radical improvements occur in Exchange 2000, which supports integrated full-text indexing for both mailbox and public stores. Exchange 2000 can automatically update indexes according to a customizable schedule, as Figure 5 shows. A set of files, which can occupy hundreds of megabytes of disk space (depending on the type and quantity of indexed data), represents each index.

Indexing content is only half the battle; you also need a client tool that can use the index. Outlook 2000 automatically uses the full-text index (if it's available) for a target store. The difference in responsiveness between an unindexed folder and an Exchange 2000 indexed folder is impressive: Searches that take many minutes without an index take only a few seconds after Exchange 2000 has created the index. Figure 6, page 150, shows Outlook 2000's Advanced Find option, which you can use to search a public folder's contents, including attachments such as Microsoft PowerPoint presentations and Excel worksheets.

Granular access to email content. The moment a user sends a message, it leaves the user's control. Regardless of the original sender's intentions, recipients can forward, post, alter, print, or copy the message. Users can attempt to recall messages, but recall works only if a recipient is in your Exchange Server organization and hasn't already read the message.

Deploying Advanced Security to enable message encryption and electronic signatures is a good way to ensure that only the intended recipients can see message content. However, you must expend substantial effort to set up a Certificate Authority (CA), issue certificates to users, and manage certificate revocation lists (CRLs) and certificate expiry lists. Encryption between email systems requires additional effort. (Exchange 2000's Advanced Security subsystem integrates with the Windows 2000 Certificate Server and offers better interoperability with other CAs that issue X.509 version 3 certificates.) You must also train users to encrypt and decrypt messages, apply digital signatures, and handle certificates they receive from other users—especially external correspondents. (For more information about certificates and encryption, see Jan De Clerq, "Advanced Security in Exchange 2000, Part 1,".)

Virus scanning. If you don't realize the need for good virus protection, you're a fool. The Melissa, Worm.ExploreZip, and VBS.LoveLetter viruses underscore the importance of running good virus-scanning software at multiple levels within your messaging infrastructure. Products are available to protect desktops, the backbone (including the entry point for messages from the Internet), the stores, or servers. Don't rely on protection at only one of these levels. Desktop scanners can stop viruses on 3.5" disks but might not stop a .vbs file such as the one the VBS.LoveLetter worm uses. Scanners running on your backbone should stop most viruses, but the virus-pattern file might be slightly out-of-date and might fail to recognize new viruses. Store or server scanners examine each message as it arrives into Exchange Server, but these scanners suffer from the same shortcoming as backbone scanners. Protecting all these levels gives you a better chance of resisting a virus attack.

Creating a Document-Management Policy
I've observed that most systems administrators and designers don't realize that document retention and management policies cover so much ground. After all, systems administrators aim to provide highly available messaging services—a big job that doesn't leave much time to think about better control, until you run into a problem.

Exchange 2000 adds features (e.g., mailbox retention, integrated full-text indexing, less reason to depend on PSTs, easier-to-manage Advanced Security options, a finer degree of control over large messages) that can help you implement a good document-management policy using only out-of-the-box software. However, you need to invest in additional software to achieve a finer degree of control than these tools can provide. You can divide these important add-on products into four categories: archiving, content checking, virus scanning, and granular access to message content.

Archiving. Archival software, such as kVault Software's (KVS's) Enterprise Vault, places messages in a permanent archive, often under the control of an HSM system. You can apply policies to state exceptions (e.g., don't remove items stored in any folder labeled Important) and to determine when to remove messages (e.g., never process the CEO's mailbox). Often, the software replaces an archived message with a small text file that informs the user that the message is now offline and under the control of the archival system and that gives instructions for retrieving the message. Microsoft Consulting Services' Enterprise Archive Agent utility for Exchange Server might be enough for your purpose, although it doesn't offer as many features as a true archival or HSM package.

Content checking. Software packages such as Content Technologies' MIMESweeper scan messages for appropriate content as the messages pass across the messaging backbone. This technology isn't specific to Exchange Server and often uses an examination of SMTP/MIME content.

Virus checking. As I noted earlier, you need to operate virus-checking software at multiple levels to attain maximum protection. For Exchange Server, two families of virus scanners are available: Messaging API (MAPI)-based and Extensible Storage Engine (ESE)-based. The former is an older implementation; the latter has been available only since 1999. Trend Micro's ScanMail and Sybari's Antigen are the best examples of these two scanner types.

Granular access. Granular access to message content lets users control sent messages after receipt. For example, users can specify that a recipient can't forward or print a message or can't copy message text into another file. Users can set messages to be unavailable offline so that recipients can download messages into a PST or offline store (OST) and view messages only when the recipients are connected to the server. Users can time-out messages so that recipients can view content only if they open messages within a preset time. Authentica's MailVault offers this type of Exchange Server support through an Outlook plugin. Some companies use this technology to exchange highly sensitive commercial information between predetermined users. These products are still fairly new but mark a trend that reflects a desire for greater control over sent messages.

Keep Looking
The products I mentioned are only a few of the available alternatives; I recommend that you search the Web or attend product demonstrations at events such as Microsoft TechEd or the Microsoft Exchange Conference. And ask vendors about their plans to upgrade and support Exchange 2000; you want to be able to deploy the product with Exchange 2000 when you migrate.

To define a practical and acceptable corporate document-management policy, you need to work with many people, including senior management and possibly legal advisors. To participate in developing a suitable plan, familiarize yourself with the different ways you can control information in Exchange Server. Follow through by setting mailbox quotas and implementing appropriate tools, such as journaling or content scanners. Invest in add-on products to fine-tune control, and investigate Exchange 2000 features that you might use now or in the future.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.