Exchange Server 2007: Using Journaling Rules

Overview

The upcoming release of Exchange Server, Exchange Server 2007, has many changes at the architectural level. These changes maximize the features available, one of them being journaling.

As a reminder, journaling is the ability to record all messages flowing in and out of an organization.

It is a very useful feature because there are many legal and regulatory requirements, such as the Sarbanes Oxley Act, SEC Rule 17A-4 and many more, that need a journaling solution.

The journaling method used in Exchange Server 2003 can be used in Exchange Server 2007, but now journaling can be used at the Hub Transport Server role. Due to the characteristic of any message exchanged between users passing through the Hub Transport Server role, new functionality such as journaling mail-enabled contacts, mail-enabled groups, recording user messages with a single journal rule without setting the changes in each mailbox database is provided.

Journaling: The traditional way…

In Exchange Server 2003, journaling took place directly in the mailbox store because there was no hub transport role.

In Exchange Server 2007 we can choose either to have the same option (allowing a Journal mailbox to receive all message traffic from a mailbox database) or to support a number of Mailbox databases. We can also create a separate mailbox database to store the mailbox which will receive the journaling.

In the following example, we are going to configure a mailbox database in Exchange Server 2007 to record all user messages that have been sent and received within the same database to be redirected to a specific mailbox.

To configure Journaling for a specific mailbox database, follow these steps:

  1. Open the Exchange Management Console.
  2. Expand Server Configuration, and then click on Mailbox Database.
  3. In the Toolbox Actions of selected Mailbox Database click on Properties (Figure 01).


Figure 01: Exchange Management Console – Requesting Properties of Mailbox Database

  1. In the Mailbox Database Properties page, go to the General tab and then select the Journal Recipient checkbox (Figure 02).


Figure 02: Mailbox Database Properties Page

  1. Before checking Journal Recipient, click on Browse and choose which mailbox will get all messages from the mailbox database. For the purposes of this article, this user is called Journal (Figure 03), click OK to finish.


Figure 03: Selecting the user who will receive all messages of selected Mailbox Database

  1. This is the final screen of journaling settings at mailbox database level; now, all the messages by existing users in the mailbox database, will be copied to the mailbox called Journal (Figure 04).


Figure 04: Mailbox Database with Journal Recipient enabled and set to Journal recipient

From now on, all the messages from all users that have mailboxes in this mailbox database will be recorded in the mailbox named Journal.

Testing the traditional way of Journaling

To check which users will be affected by our configuration, we should run a cmdlet. To do this, go to the MSH console and type the following:

Get-Mailbox | Group-Object database | fl

The output of this command will be a list of all mailbox databases with the respective users as shown in Figure 05.


Figure 05: Viewing users by Mailbox Database

Now, we will test this feature by sending a message from the user Anderson Patricio to Jose Rodas.

Once this message is sent, we will have to check the Journal mailbox and analyze if the message was recorded. We can see all the recipient information and the real message will appear as an attachment.


Figure 06: Viewing the message sent by User Anderson Patricio in the Journal Mailbox

Overview of the Exchange Server 2007 Journal Rule

Exchange Server 2007 uses Hub Transport to journal messages, so it is valid for the whole organization because all the information on Hub transport server is kept and replicated on Active Directory. The process of message journaling has three main components:

  • Journal agent: This is an agent that can be configured to journal e-mail messages that are sent or received by recipients in an Exchange 2007 organization.
  • Journaling Mailboxes: This is a mailbox that is only used for collecting journal reports (messages).
  • Journal Reports: This is the message that Microsoft Exchange generates when a message matches an existent journal rule and then is submitted to the journaling mailbox.

The journaling process is very simple. All the messages that pass through the Hub transport are inspected, and if they match the defined criteria that was configured in the journal rule, a journal report will be created and delivered to the Journaling Mailbox as shown in Figure 07.


Figure 07: Process of journaling in Exchange Server 2007

Now… Using the new Exchange Server 2007 feature

In this section, we will start using the new Exchange Server 2007 feature: the Journaling Rules. Consider the following scenario: we will record all messages sent and received from user Jose Rodas in the mailbox Journal.

To create a journal rule, follow these steps:

  1. Open the Exchange Management Console, expand Organization Configuration, click Hub Transport, and select New Journaling Rule on the Toolbox Actions (Figure 08).


Figure 08: Creating the new journaling rule

  1. On the New Journaling Rule page, type a name on the Rule name field. This name can have up to 245 characters.
  2. In the Journal e-mail address field, select the recipient that will get all the message traffic for this rule.
  3. In Scope we can choose one of these options:

    • Global: All messages (Internal and External)
    • External: Only external messages
    • Internal: Only internal messages

  4. In the Journal e-mail for recipient field select the user who you want a record of his/her messages. For the purpose of our example, we have made a journal rule for all messages sent and received for the user [email protected]


Figure 09: Creating the journal rule

  1. On the Completion page, the result of the rule creation will appear on the screen with the cmdlet used to create the rule. Click Finish to exit (Figure 09).


Figure 10: Finishing the rule creation

Testing the Journaling Rule…

We will send a test message from the user Anderson Patricio to the user Jose Rodas. The expected result is to get the message in our recently configured Journal Mailbox (Figure 11).


Figure 11: User Anderson Patricio sends a test message to Jose Rodas to test a recently created Journaling Rule

Now, we can access the Journal mailbox and check if the journal rule is working correctly (Figure 12).


Figure 12: Viewing the message recorded in Microsoft Outlook Web Access

At this point, we see that the journaling rule is working as expected. It was completed with just a rule in the Hub Transport role at Organizational level.

How can I make a journaling rule for the whole organization?

In many cases, the journaling feature is required for all the members of an organization because of legal requirements, as we described in the beginning of this article. Using Journaling Rules makes this process easier, storing all the users’ messages in the same, or another, mailbox database than the one that actually stores the mailboxes by just creating a rule.

The creation process is just the same, the only difference is that we do not need to choose anything on Journal e-mail for recipient so all the organization’s mail traffic will be stored in the Journal mailbox (Figure 13).


Figure 13: Creating a Journaling Rule for all users

Problem Resolution: Journaling vs. Transport Rules

In some cases, we could get a conflict between Transport Rules and Journal Rules.

In order to better understand this difference, we will use the following example. There is a transport rule that blocks all the messages between users Anderson Patricio and Jose Rodas (Ethical Wall), but the administrator is required to record all the messages before they are dropped.

By default, the Transport Agent rules are executed first then Journaling Rules. So, in this situation, it will not be possible to journal when you have a transport rule that deletes some messages. The order of agent transport in Exchange 2007 is shown in the figure below (Figure 14).


Figure 14: Some of Hub Transport Architecture. The full version can be found here (image courtesy of Microsoft)

So, as discussed earlier, the default order does not let us record blocked messages on Transport Rules, so let’s check the order through a cmdlet called Get-TransportAgent in the Exchange Management Shell (Figure 15).

To check the orders that are assigned, type the following in an MSH Console:

Get-TransportAgent


Figure 15: Checking the TransportAgent order priority

In this example, our scenario will not work as expected, in other words, the blocked message will not be recorded in the mailbox Journal.

To solve this, we will have to change the transport agents order with the Set-TransportAgent cmdlet.

The full syntax to solve this is:

Set-TransportAgent <Transport-Agent-Name> -Priority:<Number> (Figure 16).


Figure 16: Changing Agents priority and visualizing them after changes

With this change, our scenario works as expected. The Journaling Agent has a higher priority than the Transport Rule Agent. So even blocked messages will be recorded in the Journal mailbox.

Conclusion

In the article we have discussed how to use journaling using two different methods:

  • The first being similar to Exchange Server 2003 (mailbox database).
  • The second, using journaling rules, which is a feature that will be available in Exchange Server 2007.

We have also seen that this new method of journaling is easier and more advanced than the method used in previous versions of Exchange Server.

We also learned how to manage TransportAgent orders in the Hub Transport Role of Exchange Server 2007 using cmdlets in the Exchange Management Console.

Note:
This article was written using an Exchange Server 2007 Beta 2 version. The final release (RTM) may have different screens than the ones described in this article.

For More information:

Managing Transport Information

Overview of E12 features

Using Transport Rules in Exchange Server 2007

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top