One way to ensure that messages can't be tampered with is to store them off-site. For example, some organizations...
set up Web hosting accounts with ISPs to obtain an additional domain. They then create a mailbox in this domain and use it to store journaling reports.
Because the mailbox is stored on an off-site ISP server, there's no way for an unauthorized person to access it, even if he or she were able to hack into the Active Directory (AD). With this approach, only two people within the company are given access to the mailbox, one of whom is typically the designated contact for the message archives.
This lead contact often is the head of the company's IT, HR or legal department. The second contact is a backup. Depending on the company, the backup contact may or may not know the mailbox password offhand.
There is a distinct advantage to storing your journaling archives on an off-site, hosted mail server; however, Exchange Server 2007 doesn't allow this technique. In fact, Exchange Server 2007 has two rules regarding journaling mailboxes.
- The Exchange mailbox must reside on one of your company's mail servers.
- The Exchange mailbox must already exist at the time you create the journaling rule.
How do you get around these restrictions? When you create a journal rule, Exchange Server checks Active Directory to ensure that the designated journal mailbox exists. Exchange not only looks for a mail-enabled user account, it also checks for mail-enabled contacts. A mail-enabled contact can be pointed to an external SMTP address.
To create a mail-enabled contact in Active Directory, open the Active Directory Users and Computers console, right-click on the Users container and choose New -> Contact from the menus. When prompted, enter the first name, last name, full name and display name of the contact you're creating and click OK.
Wait a bit for the new contact to replicate to the other domain controllers, and then open the Exchange Management Console. If you attempt to create a journaling rule immediately, you won't be allowed to choose the contact as the journal's email address. You'll need to mail-enable the contact first.
To mail-enable a contact, navigate through the console tree to Recipient Configuration -> Mail Contact. Next, right-click on the Mail Contact folder and choose New Mail Contact from the menu. This will launch the New Mail Contact wizard.
The wizard's initial screen asks if you want to create a new contact or use an existing contact. Choose Existing Contact and then select the contact that you created earlier.
Click Next, and you will be prompted to enter an external SMTP address for the contact. This is the journal's email address.
Click Next and then New to mail-enable the contact.
If you attempt to create a new journaling rule, the mail-enabled contact should be listed among all of your Exchange mailboxes when you click Browse. When you select the contact that you just created, all journal reports will be sent to the external email address associated with the contact.
About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional award for his work with Exchange Server, Windows Server, Internet Information Services (IIS) and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.
Do you have comments on this tip? Let us know.
Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.