Journaling and archiving are two concepts that are sometimes confused with one another. Journaling is the recording of all email communications in an organization. Archiving is a method of backing up and storing data and removing it from its native environment.
Both
of these strategies can be used for meeting certain regulatory
requirements, and journaling can often be used as a tool in an
organization’s archiving strategy.
In the
past several years, there has been a significant increase in
regulations requiring organizations to maintain records of
communication. Although the financial services, insurance, and
health-care industries have faced many more requirements than most
other lines of business, many companies have found that maintaining
accurate and complete records of employee communications can assist
them in the legal arena, whether they are defending against or
initiating lawsuits.
For example, a
disgruntled former employee might file a lawsuit against a company for
wrongful termination stating that he had never been notified that the
employee’s behavior was unsatisfactory. If the organization has an
email journaling solution in place, they could go through the
historical data and show specific examples where the behavior problems
were discussed with the employee. More and more courts are accepting,
and often insisting on, historical corporate messaging data in the
effort to determine culpability.
Some of
the more well-known U.S. regulations that, in recent years, have
specified requirements that may rely on journaling technology are as
follows:
Sarbanes-Oxley Act of 2002 (SOX)—
One of the most widely known regulatory acts, the Sarbanes-Oxley act is
a U.S. federal law that requires the preservation of records by certain
Exchange members, brokers, and dealers. This act was passed into law in
response to a number of major corporate and accounting scandals that
resulted in a decline of public trust in corporate accounting and
reporting practices.
Security Exchange Commission Rule 17a-4 (SEC Rule 17a-4)— A U.S. Security and Exchange Rule that provides rules regarding the retention of electronic correspondence and records.
National Association of Securities Dealers 3010 & 3110 (NASD 3010 & 3110)—
The NASD details requirements for member firms that include the
supervision of registered representatives, including inbound and
outbound electronic correspondence with the public. In addition, the
NASD details how long this information must be maintained, and what
conditions must be met.
Health Insurance Portability and Accountability Act of 1996—
More commonly known as HIPAA, this U.S. federal law provides rights and
protections for participants and beneficiaries in group health plans.
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001—
Better known as the Patriot Act, this U.S. federal law expands the
authority of U.S. law enforcement for the stated purpose of fighting
terrorist acts in the United States and abroad.
The Journaling Agent
Exchange 2007 contains a journaling agent that can be configured to capture email messages that meet the following criteria:
Previous
revisions of Exchange Server allowed the administrator to configure
journaling at a message store level—either all recipients were
journaled, or none of them. However, Exchange Server 2007 allows you to
configure and implement rules that give you more granular control over
what messages will be journaled.
The Scope of a Journal Rule
When configuring a journal rule, the scope of the rule defines what type of messages will be journaled. You can choose from the following three scopes:
Internal—
When journaling entries are based on the Internal scope, messages that
are sent and received by mailboxes within the Exchange organization are
journaled.
External—
When journaling entries are based on the External scope, messages that
are sent to recipients outside the Exchange organization, or that are
received from senders outside of the Exchange organization, are
journaled.
Global—
When journaling entries are based on the Global scope, all messages
that pass through a server with the Hub Transport server role are
journaled.
Note
When
the Global scope is selected, the Hub Transport servers journal ALL
messages that pass through. This includes messages that might or might
not have been journaled already by rules in the Internal and External
scopes.
In addition to
defining the scope of the rule, you must decide if you want to journal
any voice mail or missed call notifications that are processed by your
Exchange 2007 Unified Messaging servers. These messages can be
significant in size, so if your organization is not required to store
this historical data, significant disk space savings can be realized.
However, messages that contain faxes and that are generated by a
Unified Messaging server are always journaled, even if you disable journaling of unified messaging voice mail and missed call notifications.
Journal Recipients
In
addition to the journaling scopes just discussed, the journaling agent
also allows you to create additional rules that can target specific
SMTP addresses that exist in your organization. This can be helpful
when your organization has specific individuals or positions that are
subject to regulatory requirements that are more stringent than other
personnel in your organization. In addition, this feature can be
extremely useful when an individual is being investigated for a legal
proceeding and your organization wants to track his or her messages to
be used as evidence.
Journaling Mailboxes
All
of these journaled messages must reside somewhere if they are ever to
be utilized. A journaling mailbox is one that is used only for
collecting journal reports. In Exchange Server 2007, you have the
flexibility to create a single journaling mailbox to store all journal
reports, or you can create separate journaling mailboxes for each
journal rule that you configure. This flexibility even allows you to
configure multiple journal rules to use one specific journaling
mailbox, and then configure other rules to each use their own specific
one.
It is important to note that
journaling mailboxes contain sensitive information, and should be
handled with the utmost security. There are various laws in place that
mandate who should be able to access these message stores, and other
laws that require these stored messages to be tamper-free if they are
going to be used in any type of investigation. You should work with the
legal department in your organization (if one exists) to develop
policies that mandate who can access this data, and put security
measures in place to ensure no unauthorized access.
Creating a New Journal Rule
To
create a journal rule on a Hub Transport server, you must log on as a
member of the Exchange Organization Administrators group. You must also
be a local Administrator of the server you are working on.
For
journaling to function, the journaling agent must be enabled. If
individual rules are enabled, but the agent is not, Exchange Server
2007 will not apply the rules.
To determine if the journaling agent is enabled on a server, run the following command from the Exchange Management Shell:
get-transportagent <enter>
A report will be generated on
the screen showing the current status of several agents. Look for the
journaling agent, and check the Enabled column. If this reads True, the
agent is enabled. If this reads False, use the following command to
enable the agent:
enable-transportagent <enter>
You will then have to supply a value telling the shell which agent you want to enable. Next to the Identity: prompt, type:
After doing this, you can run the get-transportagent command again to ensure the journaling agent is now enabled.
Now that the agent is enabled, you can create a journal rule in the Exchange Management Console. To do so, follow these steps:
1. | Open the Exchange Management Console on the Hub Transport server.
|
2. | In the console tree, expand Organization Configuration, and then select Hub Transport.
|
3. | In the results pane, select the Journaling tab, and then in the action pane, click New Journaling Rule.
|
4. | In the New Journaling Rule dialog box, enter a name for your journaling rule.
|
5. | In
the Journal E-Mail Address field, click Select. In the Journal Mailbox
window, select the recipient who will receive the journal reports.
|
6. | Under Scope, select the scope to which the journal rule should be applied.
|
7. | If
you want to target a specific recipient, in the Recipient Text field,
click Select. In the Select Recipient window, select the mailbox,
contact, or distribution group that you want to journal, and then click
OK.
|
8. | By
default, the rule will be enabled upon completion. If you do not want
the rule enabled, remove the check mark from the Enable Rule check box.
|
9. | Click New to create the new journal rule, and then click Finish.
|
You can also create a new journaling rule using the Exchange Management Shell. You must have the following parameters:
Name— The name of the new journaling rule
JournalEmailAddress— The name of the mailbox that the messages will be journaled to
Scope— The scope of the journaling rule that is either global, internal, or external
Enabled— The state of rule whether it is enabled or disabled
Recipient— The association of the journal rule whether it is for a specific recipient or group
The following is a sample Microsoft shell command:
new-journalRule -Name:'TestRule' -JournalEmailAddress:'COMPANYABC.COM/Users/TestJournalingMailbox1'
-Scope:'Global' -Enabled:$true -Recipient:'[email protected]'
