Journaling
In
the new regulatory climate, there are numerous requirements for record
retention and monitoring. This can include the requirement to journal
some or all messages that traverse the messaging system. Some
regulations that might be interpreted as requiring journaling include
the following:
Sarbanes-Oxley Act of 2002 (SOX)
Gramm-Leach-Bliley Act (Financial Modernization Act)
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
European Union Data Protection Directive (EUDPD)
Japan’s Personal Information Protection Act
The
journaling agent on the Hub Transport server allows organizations to
comply with these regulatory requirements by using journaling rules.
This is a feature that is called premium journaling to distinguish it
from the still available Exchange 2003 form of journaling called
standard journaling.
Note
Within Exchange 2007, journaling comes in two flavors: standard and premium.
Premium journaling is a Hub Transport server function with journaling rules that is discussed in this section.
Standard
journaling is really a Mailbox role feature and is configured in the
properties of each database on the Mailbox server. It allows you to
specify a journal recipient and all messages into and out of the
database are journaled to that mailbox on the server. However, it does
not allow you to control the journaling nor is it replicated throughout
the organization.
Standard journaling was available as a feature in Exchange 2003 and continues to be available in Exchange 2007.
Journaling
allows the Exchange 2007 to journal messages to a mailbox based on
rules. This is a Hub Transport server role feature.
The scope of journaling can be:
Internal— This applies to messages sent and received by recipients within the Exchange 2007 organization.
External— This applies to messages sent to and from recipients outside of the Exchange 2007 organization.
Global— This applies to all messages regardless of destination.
For
example, suppose an organization is required by statute to retain
records of all email that is sent or received by the organization. The
organization will store it in a mailbox named “journal.” To create the
journal rule, execute the following steps:
1. | From the Exchange Management Console, expand the Organization folder, and select the Hub Transport folder.
|
2. | In the actions pane, select New Journaling Rule.
|
3. | Enter the rule name, such as Journal All Email.
|
4. | Click the Browse button to specify the journal email address (this is the mailbox that will hold the journal).
|
5. | Select the journal mailbox, in this case Journal, and click OK.
|
6. | Make sure Global is selected as the scope, which is the default.
|
7. | Click New to create the rule.
|
8. | Click Finish to close the wizard.
|
Now,
all messages through the organization will be copied to the journal
mailbox, allowing all messages to be retained and enabling the
organization to meet its statutory requirements.
After creation, journal rules take effect immediately. Rules can be disabled, edited, or removed after creation as well.
Note
Even
though journal rules take effect immediately, the Hub Transport server
relies on the recipient cache for recipient and distribution list
information. This is updated every 4 hours, by default. Thus, changes
to the distribution lists referenced in the transport rules might not
be reflected for up to 4 hours.
Similar
to transport rules, journal rules are stored in Active Directory. They
are also replicated via Active Directory to all Hub Transport servers
in the organization for consistency. The
rules are stored in the Configuration partition under Service,
Microsoft Exchange, <Organization Name> Transport Settings,
Rules, Journal. Each rule is stored in AD as a separate object, which
has the same name as the rule.
Interestingly,
the messages are not simply transferred to the journaling mailbox by
the journaling agent on the Hub Transport server. Rather, they are
converted by the journaling agent into a journal report format and then
sent to the journaling mailbox. Each message creates a corresponding
journal report message. In the message, key fields, such as Sender,
Subject, Message ID, and To fields, are placed into the body of the
report in a separate line preceded by the field name (for example,
Sender: [email protected] or Subject: Vacation). This
format allows for easy parsing of the reports by automated tools. The
actual message is attached to the journal report message.