Configuring Journaling for Exchange 2013/2016
Situation | You are setting up journaling on Exchange 2013/2016 and want to know your options and how to implement them. |
---|---|
Solution |
See below for information on:
|
About Journaling in Exchange 2013/2016
Configuring the Essentials Email Archive
Configuring the Essentials Email Archive involved the following steps:
- Review your organizations retention policy
- Grant archive users additional permissions to interact with the archive
- Connecting to your Exchange or Office 365 environment
Step 1: Managing Retention
The Essentials Email Archive allows organizations to assign a retention policy to all archived email. This setting will apply to all archived email. By default, the retention policy is set to 12 months (1 year).
If you wish to change your retention policy you will need to update the retention policy currently applied to the organization.
For more information on managing your retention policy as well as instructions on changing your retention period, refer to: Manage Retention and Legal Holds
Step 2: Managing Users
Your organizations users are automatically synced between Proofpoint Essentials and the Essentials Email Archive. If you have not yet added users to your organization then you should complete that step before proceeding.
Users who have login rights to the Proofpoint Essentials user interface are, by default, able to access their personal archive. This allows them to search for any email that is associated to them (emails that they send or receive). If you do not wish for users to be able to access the archive, you will need to create an Access Control to disable this ability.
The following roles can be assigned to your users:
Role |
Description |
---|---|
Administrator |
An archive administrator can manage the archive configuration for an organization. This includes:
|
Discovery User |
A discovery user has rights to search all archived email for an organization (All Mailboxes) or only Specific Mailboxes (Mailbox list). |
For more information on managing your archive users as well as instructions on assigning additional roles, refer to: Managing Email Archive users
Step 3: Managing Connections
Connections are used to "connect" the Essentials Email Archive to your messaging environment for the purposes of collecting and archiving your organizations email.
There are two methods available:
Method |
Description |
---|---|
SMTP |
An SMTP connection allows you to remotely journal your organizations email to a Proofpoint Essentials SMTP address. Remote Journaling is required for organizations using Office 365. Remote Journaling is supported for organizations using Exchange 2010, 2013 and 2016. |
IMAP |
An IMAP connection requires that you journal email to a local mailbox and allow Proofpoint to connect to the mailbox to pull email. |
For more information on managing connections as well as instructions on creating a new connection, refer to: Managing Connections
Configuring Remote (SMTP) Journaling for Exchange 2013/2016
Configuring an External Contact
Remote Journaling should be enabled directly to a Proofpoint Essentials SMTP contact, not by using the forwarding rule.
- In the Exchange Admin Center, navigate to Recipients > Contacts.
- Click + then Mail Contact.
- Enter a first name (e.g. SMTP), last name (e.g. Connection), display name (e.g. SMTP Connection), name (e.g. SMTP Connection), and alias (e.g. Journaling).
- in the External email address field, enter the email address of the SMTP address provided when you created a connection in Proofpoint Essentials (e.g. uniqueaddress@us.earchive.cloud).
- Click Browse and select the desired Organization unit.
- Click Save.
Configuring a Send Connector
- In the Exchange Admin Center, navigate to Mail Flow > Send Connectors.
- Click + and add a Send Connector.
- Enter a descriptive Name for the connector.
- For Type, select Custom, then click Next.
- Under Network settings select MX record associated with recipient domain, then click Next.
- Click + to edit Address space.
- Set Type to SMTP.
- For Full Qualified domain name (FQDN): enter *.earchive.cloud.
- Set Cost field to 1.
- Click Save, then Next.
- Click + to edit Source server.
- Select the transport server(s) that will be associated with the connector.
- Click Add, then OK, then Finish.
- Check the new archive send connector properties
- Click Edit (pencil icon).
- Change Maximum send message size to unlimited.
By default a 35mb size is set on the connector
In Exchange 2013, the connector may visually state it is for 2010
Configuring Journaling
- In the Exchange Admin Center, click Compliance Management (in the list on the left).
- Click the Journal Rules tab.
- Add a new journal rule by clicking +.
- In the Send journal reports to field, enter the email address of the journaling mailbox created when you added an SMTP connection in Proofpoint Essentials (e.g. uniqueaddress@us.earchive.cloud).
- Enter a descriptive Name for the rule.
- From the If the message it sent to or received from... list, select Apply to all messages.
- From the Journal the following messages... list, select All messages.
- Click Save.
Choosing an Alternate Journaling Mailbox (Exchange 2016 Only)
It is recommended that you specify an alternate journaling mailbox in case the SMTP connection stops accepting traffic. You can then create an IMAP connection to collect any messages that were not sent via SMTP.
- In the Exchange Admin Center, click Compliance Management (in the list of the left)
- Click the Journal Rules tab.
- Click Select Address next to Send undeliverable journal reports to.
- In the NDR for undeliverable journal reports window that opens, click Browse.
- Select a mailbox in the dialog box and click OK.
- Click Save.
Configure Standard Journaling for Exchange 2013/2016
A new user account and a mailbox is needed for the journaling mailbox. If you have separate Exchange Servers, you may need a separate user account/mailbox per storage group and/or Exchange Server.
The journal account should not have any size restrictions applied to it. In addition, no Exchange Server rules should be applied to the account, especially rules that might move or delete messages from the account or move them to another folder such as Junk Mail.
Creating a New User Account and Journaling Mailbox
- While logged into the ECP web portal, click Recipients in the left panel.
- Click the mailboxes on the right panel.
- Click + and select User Mailbox.
- In the popup window, click New user.
- Enter the Alias, First Name and Last Name for this account.
- Browse to select the Organization Unit in which you want to create the account.
If you leave this blank, the account will be created under the default organization unit.
- Enter the User logon name.
- Enter and verify a password.
- Set the Require password change on next login options in accordance with your company’s policies.
- Browse to the Mailbox database in which you want to create the account.
If you leave this blank, the account will be created under in the default mailbox database.
- Click Save.
- Select the mailbox you just created and click the Edit icon.
- On the Mailbox Features tab (left panel), under Message Delivery Restrictions, click View details.
- For Accept message from, select Only senders in the following list, click + and select the mailbox created earlier.
- For Reject message from, ensure No senders is selected.
- Click OK, then Save.
- Log in to the new account using OWA to have Exchange initialize the mailbox.
Configuring Exchange Journaling
- While logged into the ECP web portal, click Compliance Management in the left panel.
- Click Journal Rules in the right panel.
- Click + to create a new journal rule.
- In the Send journal reports to field, enter the email address of the journal mailbox (created in the previous step).
- In the Name field, enter a descriptive name (e.g. Journal to Essentials Archive) for the journaling rule.
- Choose the appropriate option from the If the message is sent to or received from list.
- Choose the appropriate option from the Journal the following messages list.
- Click Save.
Configuring Journaling remote domain For Exchange 2013/2016
The Proofpoint Essentials Email Archive requires the data NOT be sent in Rich Text Format.
You'll need to setup a remote domain. Open the Exchange Management Shell.
Execute the following command to create the remote domain; this command ensures TNEF encoding is disabled
The example assumes the SMTP address is on the earchive.cloud domain. You may have been issued with another domain and should use it to configure your environment properly.
- New-RemoteDomain -DomainName earchive.cloud -Name "Proofpoint Essentials Archiver Domain"
- Get-RemoteDomain | Where {$_.DomainName -eq "earchive.cloud"} | Set-RemoteDomain -TNEFEnabled $false
- Verify the settings with the following command: Get-RemoteDomain | Where {$_.DomainName -eq "earchive.cloud"} |Format-table Name, DomainName, TNEFEnabled