Overview of Exchange Server 2003 Journaling

 

As regulations for recording business communication have evolved, so has the journaling feature in Exchange. This section briefly describes the different types of Exchange journaling and explains some of the messaging data that is not journalized by Exchange. Journal data (message) format is also discussed.

Types of Journaling

There are three different types of journaling that you can enable in Exchange Server 2003.

  • Message-only journaling   Message-only journaling creates a copy of all messages and the corresponding P2 message header data to and from users on a mailbox database and sends the message copy to a specified mailbox. The P2 message header contains only the message recipient data that the sender declared to the recipients. If an external message is received from the Internet, Exchange journals the P1 message headers. The P1 message header is the address information that is used by message transfer agents (MTAs) to route mail. By default, when message-only journaling is enabled, Exchange does not account for blind carbon copy (Bcc) recipients, recipients from transport forwarding rules, or recipients from distribution group expansions.

  • Bcc journaling   Bcc journaling is message-only journaling with the added ability to capture the Bcc recipients. When Bcc journaling is enabled, Exchange captures all recipients (including Bcc recipients) that are known at the originating server. If this recipient list includes hidden distribution lists, query-based distribution lists, or distribution lists that are expanded on another server, the recipients for these lists will not be included in the journalized mail. This functionality is enabled by setting a registry key. For more information about setting this registry key, see Microsoft® Knowledge Base article 810999, "XADM: Bcc Information Is Lost for Journaled Messages in Exchange 2000."

  • Envelope journaling   Envelope journaling differs from message-only journaling and Bcc journaling because it permits you to archive transport envelope information (P1 message headers). This includes information about the recipients who actually received the message, including Bcc recipients and recipients from distribution groups. Envelope journaling delivers messages that are flagged to be archived by using an envelope message that contains a journal report together with the original message. The original message is delivered as an attachment. The body of the journal report contains the transport envelope data of the archived message.

Although three different journaling methods exist, the majority of regulations that require journaling will likely require envelope journaling for compliance. Therefore, unless specifically noted, all discussions about journaling in this guide refer to envelope journaling in an Exchange Server 2003 environment (or Exchange 2000 SP3 with the envelope journaling software update).

Where Journaling Does Not Work

Exchange does not journal the following scenarios and data-types:

  • Posts to public folders   Journaling cannot be enabled on public folder stores.

  • Mail sent to external distribution lists   All mail that is sent to and from internal or external distribution lists is journalized. However, the enumerated recipient list of an expanded distribution list can only be written to the envelope journal if the distribution group is internal. Therefore, recipients on a distribution list that is external to the Exchange organization are not enumerated.

Journal Data Format

Journaling is enabled at the mailbox store level. To enable journaling, you must enter a mailbox where the journalized messages are sent. When the message is delivered to the journal recipient mailbox and journalized, the format of the message is MAPI. Depending on the requirements of your compliance solution framework, MAPI format may be acceptable. However, most of the time, Multipurpose Internet Mail Extensions (MIME) is the preferred format, because it is standardized, widely understood, structured, and able to be streamed.

Sometimes, when a third party provides the storing and sorting functions of the compliance solution framework, sending Exchange data in the MIME format over Simple Mail Transfer Protocol (SMTP) is preferred. This is done by forwarding the messages from the journal recipient mailbox to the SMTP address by using a Microsoft Office Outlook® server-side rule.

In other cases, journalized messages can be retrieved from the journal recipient mailbox by using Post Office Protocol version 3 (POP3) or Internet Message Access Protocol version 4rev1 (IMAP4). This also provides a MIME format for the message.

The reason you cannot forward journalized messages directly from the mailbox database where journaling is enabled is because some of the envelope data (for example, Bcc recipients and expanded distribution list recipients) is added by the Exchange Information Store service upon delivery to the journaling mailbox. Therefore, if you journal all mail directly to SMTP, Bcc and expanded distribution list recipient data is lost.