Secure E-Mail Gateway (SEG) Service Administrative Guides Archiving Service Exchange server setup (2007) 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Email Archiving Quick Setup Guide for Microsoft Exchange Server 2007 February 14, 2011 Proprietary and Confidential
RESTRICTION ON USE, PUBLICATION, OR DISCLOSURE OF PROPRIETARY INFORMATION. Copyright 2011 McAfee, Inc. This document contains information that is proprietary and confidential to McAfee. No part of this document may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise) without prior written permission from McAfee. All copies of this document are the sole property of McAfee and must be returned promptly upon request. McAfee, Inc. 9781 South Meridian Blvd., Suite 400 Englewood, CO 80112 USA Direct +1.720.895.5700 Toll Free +1.877.695.6442 Fax +1.720.895.5757 Web site: www.mxlogic.com Documentation Feedback: documentation@mxlogic.com 2 Proprietary: Not for use or disclosure outside McAfee without written permission. February 14, 2011
Contents Email Archiving and Exchange Server 2007... 5 How Email Archiving Uses the Journaling Feature of Exchange Server... 5 The Two Types of Journaling in Exchange Server... 5 Message Association to End Users... 6 Journaling in a Mixed Exchange Version Environment... 6 Setting Up Journaling on Exchange Server 2007... 7 Before You Set Up Journaling... 7 Selecting Premium or Standard Exchange Journaling... 7 Adding a New Journaling Mailbox... 8 Enabling Standard Journaling... 11 Setting Up Premium Journaling... 13 Hiding the Journaling Mailbox from the Global Address List... 15 With Exchange Management Shell... 15 With Exchange Management Console... 15 Preventing Users from Sending Mail Directly to the Journaling Mailbox... 16 With Exchange Management Shell... 16 With Exchange Management Console... 17 Remove Storage Limits on the Journal Mailbox... 18 TLS Support in Email Archiving on Your Server... 21 How TLS Works... 21 Configuring Exchange Server 2007 to Use TLS with POP3 and IMAP4... 21 Historical Data Upload and Hosting... 22 February 14, 2011 Proprietary: Not for use or disclosure outside McAfee without written permission iii
iv Proprietary: Not for use or disclosure outside McAfee without written permission. February 14, 2011
Email Archiving and Exchange Server Email Archiving and Exchange Server 2007 How Email Archiving Uses the Journaling Feature of Exchange Server McAfee SaaS Email Archiving uses the journaling feature of Microsoft Exchange Server to capture and queue messages. Exchange journaling records a copy of all inbound, outbound, and internal email messages to a dedicated mailbox called the journal recipient mailbox. Email Archiving periodically downloads messages from the journal recipient mailbox and archives them. Note: Email Archiving stores messages for a user even after that user has been removed from the Active Directory and/or Exchange Server. This document describes how to set up journaling on the following servers to support Email Archiving: Microsoft Exchange Server 2007 Standard Edition Microsoft Exchange Server 2007 Enterprise Edition The Two Types of Journaling in Exchange Server Microsoft Exchange Server 2007 offers two types of journaling: Standard Journaling: Standard journaling journals all messages sent to or received from recipients and senders assigned to a particular mailbox database. For example, messages for all users in mailbox database A might be journaled, while messages for all users in mailbox database B might not be journaled. Premium Journaling: Premium journaling journals messages according to rules you configure. Journaling rules specify the scope of journaling and whether messages are journaled for specific recipients or to a distribution list. Global scope includes all messages that pass through a Hub Transport server. Internal scope includes all messages that are sent and received within the Exchange 2007 organization. External scope includes all messages sent and received outside the Exchange 2007 organization. For example, you can create a rule to journal all internal messages, as well as messages sent to a distribution list of customers outside your Exchange organization. February 14, 2011 Proprietary: Not for use or disclosure outside McAfee without written permission 5
Email Archiving and Exchange Server 2007 Microsoft Exchange Server 2007 Message Association to End Users When Email Archiving ingests messages from the journal mailbox, it attempts to associate the message s participants to users that exist in the Control Console. This process allows users to view their messages. Unassociated messages are emails that the system cannot match to a User. Those messages can only be viewed by Customer Administrators. The number of unassociated messages is displayed in the Message Archive Summary window of the Overview tab. Messages may not be associated to an end user if: A user s account is deleted. Note: Recreating the account will not re-associate the user to the orphaned messages. The message includes participants that are no longer provisioned in the Control Console. These messages will only be visible to the customer administrator. A message is archived before a corresponding user account is created. Journaling in a Mixed Exchange Version Environment Journaling in a mixed environment is affected by interoperability limitations between different versions of Exchange Server and therefore running a mixed environment is neither recommended nor supported by McAfee. 6 Proprietary: Not for use or disclosure outside McAfee without written permission. February 14, 2011
Setting Up Journaling on Exchange Serv- Setting Up Journaling on Exchange Server 2007 Before You Set Up Journaling You must add your users on the Control Console before you set up Email Archiving and the journaling feature of the Exchange Server. If you configure and enable Email Archiving before adding users to the Control Console, all messages to your users will be searchable and viewable only by the customer administrator. See Message Association to End Users. Check with your Firewall/Intrusion Prevention System vendor to verify that the McAfee SaaS service IP space is able to communicate with your network. The maximum size of a message that Email Archiving can store is 50 MB. Messages larger than 50 MB are not archived. As a result, it is recommended that you configure your Exchange Server for a maximum message size of 50 MB. For more information on setting the maximum message size, see the Microsoft Web site (www.microsoft.com). Selecting Premium or Standard Exchange Journaling There are two types of journaling: Standard and Premium. Standard journaling is easier to implement and allows you to quickly enable journaling for ALL the users on a storage database. Premium journaling is more complex to implement but it enables you to enable journaling based on rules. For example, you can enable journaling for specific users on a database. The following Exchange Server service packs and tools must be installed for Exchange Server Journaling. Journaling agents configured on the appropriate Hub Transport servers For premium journaling, you also need the Exchange Enterprise Client Access License (CAL) Note: Premium journaling can be implemented on Exchange Server 2007 Standard and Enterprise versions. Table 1 Journaling options If you want to setup... Complete these tasks... Standard Journaling 1 Adding a New Journaling Mailbox on page 8 2 Enabling Standard Journaling on page 11 Premium Journaling 1 Adding a New Journaling Mailbox on page 8 2 Setting Up Premium Journaling on page 13 February 14, 2011 Proprietary: Not for use or disclosure outside McAfee without written permission 7
Setting Up Journaling on Exchange Server 2007 Microsoft Exchange Server 2007 Adding a New Journaling Mailbox Use this task to set up a new journal recipient mailbox in Exchange Server: 1 Open the Exchange Management Console on the Mailbox server. 2 Expand Recipient Configuration, right-click Mailbox, then New Mailbox. 3 Select User Mailbox, then click Next. 8 Proprietary: Not for use or disclosure outside McAfee without written permission. February 14, 2011
Setting Up Journaling on Exchange Serv- 4 Select New User, then click Next. February 14, 2011 Proprietary: Not for use or disclosure outside McAfee without written permission 9
Setting Up Journaling on Exchange Server 2007 Microsoft Exchange Server 2007 5 Select the Organizational Unit in which you want to create the journaling mailbox. 6 In the First Name field, type the first name of the mailbox, for example Journal. 7 In the Last Name field, type the last name of the mailbox, for example Mailbox. 8 In the Name field, type the secondary name for the mailbox, for example journalmailbox. 9 In the User logon name (User Principal Name) field, type a user name with which to log into the mailbox, for example acmejournalmailbox. Note: You must also type this name in the Mailbox field on Mail Sources screen of Email Archiving. 10 Type and confirm the password for this user. Note: You must also type this password in the Password field on Mail Sources screen of Email Archiving. 11 Deselect User must change password at next logon. 12 Click Next. 13 Select the appropriate mailbox database, managed folder mailbox policy, and Exchange ActiveSync mailbox policy, then click Next. 10 Proprietary: Not for use or disclosure outside McAfee without written permission. February 14, 2011
Setting Up Journaling on Exchange Serv- 14 Review the Configuration Summary. If you need to make changes, click Back. When you are satisfied with your configuration, click New to create the mailbox. Although Email Archiving removes messages from the journal mailbox after they have been archived, there may be delays in archiving messages. This delay might cause a temporary buildup of messages in the journal mailbox. A limit to the size of the journal mailbox might inadvertently cause messages to be removed before they have been archived. As a result, you might want to remove any storage limits that might be applied to your journal mailbox. See Remove Storage Limits on the Journal Mailbox. Enabling Standard Journaling Standard journaling is enabled by turning it on for each database and applies to all of the mailboxes on that server. Follow these steps to enable standard journaling: 1 Open the Exchange Management Console on the Mailbox server on which you want to enable journaling. 2 Expand Server Configuration, then click Mailbox. February 14, 2011 Proprietary: Not for use or disclosure outside McAfee without written permission 11
Setting Up Journaling on Exchange Server 2007 Microsoft Exchange Server 2007 3 In the top middle section of the page, select the server for the mailbox database for which you want to enable journaling. 4 In the lower middle section of the page, right-click the mailbox database, then click Properties. 12 Proprietary: Not for use or disclosure outside McAfee without written permission. February 14, 2011
Setting Up Journaling on Exchange Serv- 5 Select Journal Recipient, then click Browse, select the journal recipient mailbox, then click OK. In our example, the journal recipient mailbox is journalmailbox administered in Adding a New Journaling Mailbox. 6 Click OK. All journaled messages for users on this mailbox database are now sent to journalmailbox. Setting Up Premium Journaling Adding journal rules allows you to enable the premium journaling options available in Exchange Server 2007 on those clients with an Exchange Enterprise Client Access License (CAL): 1 On the Exchange Server desktop, select Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell. 2 Issue the following command to determine whether or not the Journaling agent is enabled on the Hub Transport server: Get-TransportAgent If no agent name is returned, the agent is not enabled. To enable the Journaling agent, issue the following command: Enable-TransportAgent -Identity Journaling agent 3 Open the Exchange Management Console on the Hub Transport Server. 4 Expand Organization Configuration, then click Hub Transport. February 14, 2011 Proprietary: Not for use or disclosure outside McAfee without written permission 13
Setting Up Journaling on Exchange Server 2007 Microsoft Exchange Server 2007 5 In the middle section of the page, select the Journaling tab. 6 In the Action section, click New Journal Rule. 7 type a name for the journal rule. 8 For Send Journal reports to e-mail address, click Browse, then select the name of the journal mailbox, in our example journalmailbox. 9 Under Scope, select scope of the journal rule. 14 Proprietary: Not for use or disclosure outside McAfee without written permission. February 14, 2011
Setting Up Journaling on Exchange Serv- If you want the rule to apply to a single recipient, for Journal Messages for Recipient, click Browse, then select the appropriate recipient. If you want the rule to apply to multiple recipients, for Journal Messages for Recipient, click Browse, then select the appropriate distribution list. 10 Click New, then click Finish. All journaled messages for users on this Hub Transport server are now sent to the journal mailbox, in our example journalmailbox. Repeat this process for each Hub Transport server on which you want to enable journaling. Hiding the Journaling Mailbox from the Global Address List It is important that mail is not sent directly to the journal mailbox. In order to prevent this from happening, follow these instructions to remove the journal mailbox from the global address list. With Exchange Management Shell Follow these steps to remove the journaling mailbox from the Global Address List using the Exchange Management Shell: 1 On the Exchange Server desktop, select Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell. 2 Issue the following command: Set-Mailbox journalmailbox -HiddenFromAddressListsEnabled $true Where journalmailbox is the name of your journal mailbox. In our example, it is acmejournalmailbox. With Exchange Management Console Follow these steps to remove the journaling mailbox from the Global Address List using the Exchange Management Console: 1 Open the Exchange Management Console on the Mailbox server. 2 Expand Recipient Configuration, then right-click the journal mailbox. The General Properties screen is displayed. February 14, 2011 Proprietary: Not for use or disclosure outside McAfee without written permission 15
Setting Up Journaling on Exchange Server 2007 Microsoft Exchange Server 2007 3 Select Hide from Exchange address lists. 4 Click OK. Preventing Users from Sending Mail Directly to the Journaling Mailbox It is important that mail is not sent directly to the journal mailbox. In order to prevent this from happening, follow these instructions so that the journal mailbox will not accept messages from outside users. With Exchange Management Shell Follow these steps to set the delivery restriction using the Exchange Management Shell: 1 On the Exchange Server desktop, select Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell. 2 Issue the following command: Set-Mailbox journalmailbox -AcceptMessagesOnlyFrom journalmailbox Where journalmailbox is the name of your journal mailbox. In our example, it is acmejournalmailbox. 16 Proprietary: Not for use or disclosure outside McAfee without written permission. February 14, 2011
Setting Up Journaling on Exchange Serv- With Exchange Management Console Follow these steps to set the delivery restriction using the Exchange Management Console: 1 Open the Exchange Management Console on the Mailbox server. 2 Expand Recipient Configuration, then right-click the journal mailbox. The General Properties screen is displayed. 3 Select Mail Flow Settings. The Mail Flow Settings screen is displayed. 4 Double-click Message Delivery Restrictions. The Message Delivery Restrictions screen is displayed. February 14, 2011 Proprietary: Not for use or disclosure outside McAfee without written permission 17
Setting Up Journaling on Exchange Server 2007 Microsoft Exchange Server 2007 5 Select Only senders in the following list. 6 Click Add to add the journal mailbox in the Only senders in the following list box. 7 Click OK. Remove Storage Limits on the Journal Mailbox Although Email Archiving removes messages from the journal mailbox after they have been archived, there may be delays in archiving messages. This delay might cause a temporary buildup of messages in the journal mailbox. A limit to the size of the journal mailbox might inadvertently cause messages to be removed before they have been archived. In addition, limits on the journal mailbox can cause a large number of additional warning messages to be sent to users, which in turn are added to the journal mailbox, causing further buildup of messages in the mailbox. As a result, you might want to remove any storage limits that might be applied to your journal mailbox. 1 Open the Exchange Management Console on the Mailbox server. 2 Expand Recipient Configuration, then right-click the journal mailbox. The General Properties screen appears. 3 Select Mailbox Settings. 18 Proprietary: Not for use or disclosure outside McAfee without written permission. February 14, 2011
Setting Up Journaling on Exchange Serv- 4 Click Storage Quotas, then click OK. 5 Deselect all of the options under Storage Quotas: Use mailbox database defaults Issue warning at (KB): Prohibit send at (KB): Prohibit send and receive at (KB): February 14, 2011 Proprietary: Not for use or disclosure outside McAfee without written permission 19
Setting Up Journaling on Exchange Server 2007 Microsoft Exchange Server 2007 6 Click OK. 20 Proprietary: Not for use or disclosure outside McAfee without written permission. February 14, 2011
TLS Support in Email Archiving on Your TLS Support in Email Archiving on Your Server Transport Layer Security (TLS) is an encryption protocol that provides secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. It can also be used to protect communications between Email Archiving and Exchange Server. How TLS Works Email Archiving supports TLS, providing you with an option to enhance the security of your outbound journaled email messages. Using TLS is recommended but not required. If you set up your Exchange Server and Email Archiving to use TLS encryption, Email Archiving uses a TLS certificate to authenticate the Exchange Server. Email Archiving then automatically accepts the encrypted messages as they are transported from the Exchange Server, decrypts the messages, and then stores them in your archive using another 256-bit encryption method. Configuring Exchange Server 2007 to Use TLS with POP3 and IMAP4 Note: IMAP is the recommended protocol for Email Archiving. Secure POP3 and IMAP4 access with TLS is enabled by default on Exchange Server 2007. To check that TLS is enabled, perform the following steps: 1 At the Exchange Server desktop, select Start > All Programs > Microsoft Exchange Server 2007 Exchange Management Shell 2 At the prompt, type Get-POPsettings. 3 Check that the LoginType field is set to SecureLogin. 4 At the prompt, type Get-IMAP settings. 5 Check that the LoginType field is set to SecureLogin. February 14, 2011 Proprietary: Not for use or disclosure outside McAfee without written permission 21
Historical Data Upload and Hosting Microsoft Exchange Server 2007 Historical Data Upload and Hosting Historical messages are any messages that existed prior to your purchase of the Email Archiving service. They cannot be imported into the archive without a historical data plan. There are two ways to import historical messages into Email Archiving: Pay for the Managed Important Service. Ask your sales representative for details. At no extra charge, upload historical messages by setting up a designated historical Mail Source in the Control Console. If you choose to upload historical messages, you will need to complete these tasks: 1 Place your historical messages into the inbox of a mailbox designated by you for historical message upload. Any messages placed into this inbox will be imported into Email Archiving and deleted from the mailbox. Messages in subfolders will not be imported. 2 Setup a Historical Mail Source in the Control Console, pointing it at the designated historical mailbox (see online help for instruction on setting up a Historical Mail source). 22 Proprietary: Not for use or disclosure outside McAfee without written permission. February 14, 2011