Email Archiving for Microsoft Exchange Server 2000 Setup

Setup Guide
Email Archiving for Microsoft Exchange
Server 2000
COPYRIGHT
Copyright © 2012 McAfee, Inc. Do not copy without permission.
TRADEMARK ATTRIBUTIONS
McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,
McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,
McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,
TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and
other countries. Other names and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
2
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
Contents
1
Introducing Email Archiving for Microsoft Exchange Server
The role of envelope journaling in archiving messages . . . . . .
Associating messages with users in Email Archiving . . . . . . .
Rules for unassociated messages . . . . . . . . . . . .
Archiving historical messages . . . . . . . . . . . . . . . .
A known limitation in Exchange Server affects Historical Data
2
Getting Started
.
.
.
.
.
.
.
.
.
.
5
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
5
5
6
6
6
9
Supported versions of Exchange Server 2000 . . . . . . . . . . . . . . . . . . . . . . 9
Exchange Server 2000 requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Before you begin the setup process . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3
Set up a journal recipient mailbox
11
4
Enable standard email journaling
15
Enable envelope journaling on the server . . . . . . . . . . . . . . . . . . . . . . . . 16
Delete incorrectly formatted messages from the Journal Mailbox . . . . . . . . . . . . . . 17
5
Prevent mail from going directly to the journal mailbox
19
6
Remove storage limits on the journal mailbox
21
7
Setting up TLS on Exchange Server
23
Create and manage key certificates for TLS . . . . . . . . . . . . . . . . . . . . . . . 23
Set TLS encryption levels for the server . . . . . . . . . . . . . . . . . . . . . . . . 26
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
3
Contents
4
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
1
Introducing Email Archiving for Microsoft
Exchange Server
The Email Archiving service stores email messages from a journal mailbox on your Microsoft Exchange
Server and associates those messages with user accounts. Users can then log on to the Control
Console and view their archived messages. Additionally, Email Archiving allows you to store all of your
previously sent and received messages using an historical mailbox.
Contents
The role of envelope journaling in archiving messages
Associating messages with users in Email Archiving
Archiving historical messages
The role of envelope journaling in archiving messages
Email Archiving requires that you enable the envelope journaling feature of your Microsoft Exchange
Server.
The journaling feature of Exchange Server creates a copy — or journal — of all email messages that
are sent or received by the server. Using envelope journaling ensures that the BCC and distribution list
recipients are captured and archived in addition to the primary sender and recipient.
Once journaling is enabled, the Exchange Server then sends copies of all email to a dedicated mailbox
called the journal recipient mailbox. From here, the Email Archiving service can retrieve your email
and archive it.
Email Archiving stores messages for a user even after that user has been removed from the Active
Directory and the Exchange Server.
Associating messages with users in Email Archiving
Email Archiving automatically associates newly archived email messages with user accounts in the
Control Console. This process ensures that individual users are able to view their archived messages in
the Email Archiving tab of the Control Console. Otherwise, unassociated messages can be viewed by a
Customer Administrator.
You can use the Email Archiving Summary pane on the Overview tab of Email Archiving to view a count of
unassociated messages. This can help you troubleshoot problems in the archiving process.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
5
1
Introducing Email Archiving for Microsoft Exchange Server
Archiving historical messages
Rules for unassociated messages
An unassociated message is a message that the system cannot link to an existing user account. This
means that these messages can only be viewed and managed by customer administrators.
A message can fail to link to a user account for a number of reasons:
•
The user account was deleted.
•
The user account was created after the message was archived.
•
The user account was never created because the email message is historical.
You cannot recreate a user account once it is deleted or re-associate messages to a user account once
the account is deleted.
Archiving historical messages
You can also archive older, historical messages in addition to your active mail accounts. This involves a
completely different process and does not use journaling.
Historical messages include all of the messages that were on your mail server prior to setting up Email
Archiving. In order to archive these messages you can do one of the following:
•
Pay for the Managed Import Service. You can ask your sales representative for details.
•
Upload historical messages by setting up a designated historical mail source in the Control Console.
There is no extra charge.
If you choose to upload historical messages, you should complete these activities:
•
Create a user mailbox on the Exchange Server and place your historical messages into the inbox.
•
Set up a Historical Mail Source in the Control Console and connect it to your historical mailbox.
•
Enable the Historical Mail Source and messages placed into the inbox of your historical mailbox are
automatically imported into Email Archiving. Once they are archived, your messages are then
deleted from the mailbox. Messages in subfolders, however, are not imported.
For more information view the Email Archiving Administrator Guide or the Control Console Online Help.
Do not turn on journaling for your historical mailbox.
A known limitation in Exchange Server affects Historical Data
A limitation exists in Microsoft Exchange that might cause some messages to remain effectively
invisible to end users in Email Archiving. This limitation affects Exchange 2003 and earlier versions.
This issue specifically affects customers who are using SaaS Email Archiving Historical Data Hosting
with historical data that originated from Exchange 2003 or earlier. In these instances historical data is
imported without the SMTP address information which is needed for associating email messages to
user accounts.
6
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
Introducing Email Archiving for Microsoft Exchange Server
Archiving historical messages
1
What can cause missing SMTP address data?
Some historical messages do not contain SMTP address data for email recipients which can resulting in
possible side-effects, including:
•
Affected messages do not associate to end users because X.400 addresses, instead of SMTP
addresses, are present in the message header. SMTP addresses are required by SaaS Email
Archiving for end user association to occur.
•
Customer Administrator or Compliance Officer role archive searches by SMTP address will not work
because SMTP addresses are not present in the original message and therefore cannot be indexed.
This issue does not prevent messages from being archived so affected messages can be located by
other search criteria.
There are two scenarios where messages might be missing SMTP address data:
•
An internal recipient sends a message to one or more other internal recipients and the data is later
exported using .pst export (using Outlook or EXMERGE). This is because exporting to .pst does not
force Exchange to perform an X.400 to SMTP address translation.
•
An internal recipient sends a message to one or more other internal recipients and the data is
imported into SaaS Email Archiving using IMAP or POP, but the internal participant's Active
Directory account is no longer present. As a result, the X.400 to SMTP address mapping cannot
take place.
These early versions of Exchange rely primarily on X.400 addressing and SMTP addressing is only used
for messages that traverse the SMTP, POP, or IMAP services. Therefore, internal messages exported
to .pst do not translate to SMTP addressing and messages for users that no longer exist in the Active
Directory cannot be mapped to their SMTP addresses.
Workaround for historical data imports
If you are importing historical data into SaaS Email Archiving from Exchange 2003 or earlier, be sure
that:
•
The email is exported to SaaS Email Archiving using POP or IMAP.
•
Make sure that there is a valid Active Directory account containing a matching X.400 address (to
what is in the historical email), and at least one valid SMTP address for each user if you want end
user association or SMTP address searching.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
7
1
Introducing Email Archiving for Microsoft Exchange Server
Archiving historical messages
8
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
2
Getting Started
Your environment needs to include specific software to work with Email Archiving. Review these
requirements and recommendations before setting up your Exchange Server.
Contents
Supported versions of Exchange Server 2000
Exchange Server 2000 requirements
Before you begin the setup process
Supported versions of Exchange Server 2000
You should have one of the following versions of Exchange Server 2000 to support Email Archiving.
•
Microsoft Exchange Server 2000 Standard Edition
•
Microsoft Exchange Server 2000 Enterprise Edition
•
Microsoft Small Business Server with Exchange Server 2000 Standard Edition
Exchange Server 2000 requirements
You should install the required service packs, hotfixes, and tools prior to setting up journaling.
Install the following:
•
Exchange Server Service Pack 3
•
Exchange 2000 Update Rollup for envelope journaling (870540)
•
Email Journaling Advanced Configuration tool (exejcfg.exe)
You can download the required service packs and tools at: http://www.microsoft.com/downloads/
search.aspx?displaylang-en
Use the instructions on the Microsoft download pages for additional instructions.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
9
2
Getting Started
Before you begin the setup process
Before you begin the setup process
Be sure to complete the following tasks before setting up the journaling feature in Exchange Server.
•
You must add your users on the Control Console before you set up Email Archiving and the
journaling feature of Exchange Server.
When you configure and enable Email Archiving before adding users to the Control Console, only the
Customer Administrator role is able to search for and view archived email.
10
•
You should check with your Firewall/Intrusion Prevention System vendor to verify that the Email
Archiving service IP space is able to communicate with your network.
•
Running a mixed Exchange Server environment is not recommended or supported. Interoperability
limitations between different versions of Exchange Server can adversely affect journaling.
•
The maximum message size that Email Archiving can store is 50 MB. Larger messages remain in
the journal mailbox and are not archived. As a result, we recommend setting the maximum
message size in Exchange Server to 50 MB as well. For more information, consult the Microsoft
Exchange Server documentation.
•
IMAP is the recommended protocol for all setup activities in Email Archiving.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
3
Set up a journal recipient mailbox
A journal recipient mailbox in Exchange Server is required for Email Archiving.
Task
1
On the Exchange Server desktop, select Start | Programs | Administrative Tools | Active Directory Users and
Computers
2
Connect to the domain where the journal mailbox will reside.
3
Right-click the name of the organization where you want to create the mailbox and click New, then
User.
4
In the New Object - User window, type the following:
Figure 3-1 New Object - User window: Create log on
Option
Definition
First name
Type Journal.
Last name
Type Mailbox.
Full name
Enter a single text string name for the mailbox. For example, type journalmailbox.
User login name Enter a user name for the mailbox, for example examplejournalmailbox.
You will use this same login information when you add the journal mailbox as a mail source in Email
Archiving.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
11
3
Set up a journal recipient mailbox
5
Click Next.
6
Set and confirm the password.
Figure 3-2 New Object - User: Set password
7
Select Password never expires.
If necessary, deselect all other options.
8
Click Next.
9
Select Create an Exchange mailbox and then select the Server and Mailbox store.
Figure 3-3 New Object — User window: Select Create an Exchange mailbox
12
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
Set up a journal recipient mailbox
3
10 Click Next.
11 Click Finish.
The journal recipient mailbox now appears in your user list in Active Directory Users and Computers.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
13
3
Set up a journal recipient mailbox
14
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
4
Enable standard email journaling
Locate the mailbox store and enable journaling.
Task
1
In Exchange System Manager, click Servers.
2
Select the active server.
3
In the list, locate the storage group that contains the mailbox store.
4
Click the plus sign next to the storage group name to expand the display.
5
Right-click the mailbox store and then click Properties.
6
From the General tab, select Archive all messages sent or received by mailboxes on this store.
Figure 4-1 Mailbox Store Properties window — General tab
7
Click Browse to select your mailbox store.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
15
4
Enable standard email journaling
Enable envelope journaling on the server
8
Double-click the name of the journal recipient mailbox you created earlier.
Figure 4-2 Select Recipient window
For example, double-click journal mailbox.
9
Click OK and then click OK again.
Repeat to enable standard journaling for each of your mailbox stores. If you want to archive all
messages in your Exchange environment, you must enable standard journaling on every mailbox store
(with the exception of the mailbox store that contains your journal recipient mailbox).
Once you have set up your mailbox stores, you must complete two additional tasks:
•
Turn on envelope journaling on the server.
•
Delete messages from the Journal Mailbox.
After you enable standard journaling, but before you turn on envelope journaling, messages may
begin to flow into you journal mailbox. These messages are not formatted correctly and must be deleted.
Messages that are journaled after you enable envelope journaling are formatted correctly and can
remain in the journal mailbox.
Tasks
•
Enable envelope journaling on the server on page 16
Use the exejcfg.exe tool to manually enable envelope journaling for the journal mailbox.
•
Delete incorrectly formatted messages from the Journal Mailbox on page 17
Manually delete all of the messages in the journal mailbox that were copied into the
mailbox before envelope journaling was enabled.
Contents
Enable envelope journaling on the server
Delete incorrectly formatted messages from the Journal Mailbox
Enable envelope journaling on the server
Use the exejcfg.exe tool to manually enable envelope journaling for the journal mailbox.
Before you begin
You should set up your journal recipient mailbox and enable standard email journaling
before completing this task.
16
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
Enable standard email journaling
Delete incorrectly formatted messages from the Journal Mailbox
4
Task
1
Download and unzip the exejcfg.exe tool.
2
Open a command prompt and navigate to the directory where you unzipped exejcfg.exe.
3
At the prompt, type exejcfg -e.
The system displays the following message when envelope journaling is successfully enabled:
Successfully ENABLED the Email Journaling Advanced Configuration feature
4
To verify, type exejcfg -l.
The system displays a confirmation.
You should now delete messages from the journal mailbox that were copied before envelope journaling
was enabled.
Delete incorrectly formatted messages from the Journal Mailbox
Manually delete all of the messages in the journal mailbox that were copied into the mailbox before
envelope journaling was enabled.
Before you begin
Set up your journal recipient mailbox, enable standard email journaling, and enable
envelope journaling before completing this task.
Task
1
Log on to the journal mailbox with Webmail or a preferred email client.
Use the user name and pass you assigned the journal mailbox during set up.
If you have forgotten the password, change the password the journal mailbox and use the new one.
2
Select all of the messages in the journal mailbox and delete them.
3
Immediately log off.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
17
4
Enable standard email journaling
Delete incorrectly formatted messages from the Journal Mailbox
18
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
5
Prevent mail from going directly to the
journal mailbox
Remove the journal recipient mailbox from the Global Address List in order to keep it from receiving
mail directly. The journal mailbox should only be used for archiving purposes.
Task
1
In Active Directory Users and Computers, double-click the name of the journal recipient mailbox.
2
Select the Exchange Advanced tab.
Figure 5-1 Mailbox properties window — Exchange Advanced tab
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
19
5
Prevent mail from going directly to the journal mailbox
If the Exchange Advanced tab is not available, you need to enable it.
a
Return to the Active Directory Users and Computers list.
b
Right-click the organization unit where the journal mailbox exists.
c
Select Properties | View | Advanced Features.
3
On the Exchange Advanced tab, select Hide from Exchange address lists and click OK.
4
Return to Active Directory Users and Computers and double-click the user login name you added for the
journal mailbox.
For example, double-click examplejournalmailbox.
5
Select Exchange General | Delivery Restrictions | Only From to set the delivery restriction.
Figure 5-2 Delivery Restrictions window
6
Click Add.
7
Type the name of the journal recipient mailbox, and then click OK.
For example, type journalmailbox.
The journal user appears in the dialog box.
8
20
Click OK to close the Delivery Restrictions dialog box.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
6
Remove storage limits on the journal
mailbox
Although Email Archiving removes messages from the journal mailbox after they have been archived,
there may be delays. This can cause a temporary buildup in the journal mailbox. If you have
previously set a limit to the size of the journal mailbox, this setting might inadvertently cause
messages to be removed before they can be archived. As a result, you should consider removing
storage limits that can affect the journal mailbox.
Before you begin
Set up your journal recipient mailbox before completing this task.
Task
1
In Active Directory Users and Computers, double-click the user login name you added for the journal mailbox.
For example, double-click examplejournalmailbox.
2
Select Exchange General | Storage Limits to remove file size limits from the journal mailbox.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
21
6
Remove storage limits on the journal mailbox
3
From the Storage Limits dialog, deselect all fields to ensure that there are no storage limits.
Figure 6-1 Storage Limits window - Deselect all fields
4
22
Click OK.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
7
Setting up TLS on Exchange Server
Transport Layer Security (TLS) is an encryption protocol that provides secure communications on the
internet for such things as web browsing, email, internet faxing, instant messaging, and other data
transfers. Email Archiving supports TLS, allowing you to enhance the security of your outbound
journaled email messages. Using TLS is not required.
Email Archiving uses a TLS certificate to authenticate your Exchange Server. It then automatically
accepts the encrypted messages as they are transported from Exchange Server, decrypts the
messages, and then stores them using a 256-bit encryption method.
You can find detailed information about setting up TLS for Exchange Server on the Microsoft website.
Contents
Create and manage key certificates for TLS
Set TLS encryption levels for the server
Create and manage key certificates for TLS
Add an X.509 server certificate to begin configuring TLS.
IMAP is the recommended protocol for all setup activities in Email Archiving.
Task
1
Install an X.509 server certificate on the server.
For more information about X.509 certificates, view the Microsoft Knowledge Base:
319574 (http://support.microsoft.com/kb/319574/) How to use certificates with virtual servers in
Exchange 2000 server.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
23
7
Setting up TLS on Exchange Server
Create and manage key certificates for TLS
2
Start Exchange System Manager.
Figure 7-1 Exchange System Manager window
3
24
Expand the name of the Exchange Server and select Protocols | IMAP4 | Default IMAP4 Virtual Server |
Properties.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
Setting up TLS on Exchange Server
Create and manage key certificates for TLS
4
7
Select the Access tab and then click Certificate to set up new key certificates as well as manage key
certificates that are installed for the IMAP virtual server.
Figure 7-2 Default IMAP4 Virtual Server Properties window — Access tab
5
On the Welcome to the Web Server Certificate Wizard window, click Next.
Figure 7-3 Web Server Certificate Wizard window
6
On the Modify the Current Certificate Assignment window, select Renew the current certificate and then click Next.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
25
7
Setting up TLS on Exchange Server
Set TLS encryption levels for the server
7
On the Server Certificate window, select Assign and Existing Certificate and then click Next.
8
Select the server name and then click Next.
9
On the Certificate Summary window, click Next.
10 On the Completing the Web Server Certificate Wizard window, click Finish.
Repeat for the POP3 protocol.
Set TLS encryption levels for the server
Complete the process for TLS setup.
Task
26
1
Start Exchange System Manager
2
Right-click the Default IMAP4 Virtual Server, and then click Properties.
3
Select the Access tab and then click Authentication.
4
Select Basic Authentication.
5
Select Integrated Windows Authentication.
6
Click OK.
Email Archiving for Microsoft Exchange Server 2000
Setup Guide
00