Create a journal rule in Exchange 2007 to secure journaling mailboxes

One way to ensure that messages can't be tampered with is to store them off-site. For example, some organizations set up Web hosting accounts with ISPs to obtain an additional domain. They then create a mailbox in this domain and use it to store journaling reports.

Because the mailbox is stored on an off-site ISP server, there's no way for an unauthorized person to access it, even if he or she were able to hack into the Active Directory (AD). With this approach, only two people within the company are given access to the mailbox, one of whom is typically the designated contact for the message archives.

This lead contact often is the head of the company's IT, HR or legal department. The second contact is a backup. Depending on the company, the backup contact may or may not know the mailbox password offhand.

There is a distinct advantage to storing your journaling archives on an off-site, hosted mail server; however, Exchange Server 2007 doesn't allow this technique. In fact, Exchange Server 2007 has two rules regarding journaling mailboxes.

• The Exchange mailbox must reside on one of your company's mail servers.
• The Exchange mailbox must already exist at the time you create the journaling rule.

How do you get around these restrictions? When you create a journal rule, Exchange Server checks Active Directory to ensure that the designated journal mailbox exists. Exchange not only looks for a mail-enabled user account, it also checks for mail-enabled contacts. A mail-enabled contact can be pointed to an external SMTP address.

More on Exchange 2007 journaling and message retention: Exchange Server 2007 journaling tutorial Email archiving and retention with Exchange 2007 managed folders Email archiving: Planning, policies and product selection

To create a mail-enabled contact in Active Directory, open the Active Directory Users and Computers console, right-click on the Users container and choose New -> Contact from the menus. When prompted, enter the first name, last name, full name and display name of the contact you're creating and click OK.

Wait a bit for the new contact to replicate to the other domain controllers, and then open the Exchange Management Console. If you attempt to create a journaling rule immediately, you won't be allowed to choose the contact as the journal's email address. You'll need to mail-enable the contact first.

To mail-enable a contact, navigate through the console tree to Recipient Configuration -> Mail Contact. Next, right-click on the Mail Contact folder and choose New Mail Contact from the menu. This will launch the New Mail Contact wizard.

The wizard's initial screen asks if you want to create a new contact or use an existing contact. Choose Existing Contact and then select the contact that you created earlier.

Click Next, and you will be prompted to enter an external SMTP address for the contact. This is the journal's email address.

Click Next and then New to mail-enable the contact.

If you attempt to create a new journaling rule, the mail-enabled contact should be listed among all of your Exchange mailboxes when you click Browse. When you select the contact that you just created, all journal reports will be sent to the external email address associated with the contact.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional award for his work with Exchange Server, Windows Server, Internet Information Services (IIS) and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Exchange Server Email Archiving Relocating Outlook email messages on a hosted Exchange 2007 server Email archiving: Planning, policies and product selection Exchange Server 2010 public beta rolls out new features Microsoft Exchange Server email archiving tutorial Exchange Server 2007: Email archiving tips and hosted services trends Does Microsoft SharePoint make a good email archiving solution? Microsoft fortifies Exchange Server with archiving Securing your Exchange Server 2007 journaling archives Prompt Microsoft Outlook users to save sent email messages Eliminate .PST file use for secure email retention in Exchange 2007 Microsoft Exchange Server Email Archiving Research Email Compliance Exchange Insider e-zine Set up messaging records management (MRM) in Exchange Server 2007 Exchange event sink scripting error when configuring email disclaimer Email archiving and e-discovery best practices for Microsoft Exchange How to set up email disclaimers on a single, back-end Exchange server How to set up Exchange 2007 message classifications Exchange Server email compliance guide Exchange Server 2007 journaling tutorial How to set up Exchange Server 2007 transport rules Top 10 best practices for email archiving Email Compliance Research Microsoft Exchange Server 2007 Virtualizing Exchange Server 2007 -- Where it works Fixing DPM 2007 inconsistent replica errors in Exchange Server Using Mobile Device Manager 2008 server roles in Exchange 2007 Relocating Outlook email messages on a hosted Exchange 2007 server New high availability features in Exchange Server 2010 An introduction to the DSAccess service in Exchange Server 2007 Control Outlook 2007 in cached mode settings with group policies Exchange Performance Monitor tracks domain controller communication Meeting Workspaces in Microsoft Office SharePoint Server 2007 Exchange Server 2007 SP2 reinstates built-in backup capabilities Microsoft Exchange Server 2007 Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary ArchiveSink  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary