How to Configure a Journaling Mailbox

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic explains how to use the Exchange Management Shell to configure a journaling mailbox to receive journal reports from authorized senders only.

Before You Begin

The procedure in this topic shows how to configure the journaling mailbox so that only the Microsoft Exchange recipient object can submit journal reports. If you restrict who can submit a journal report to the journaling mailbox, you reduce the risk of a fake journal report being submitted to the journaling mailbox.

For more information about journaling and why it's important to secure the journaling mailbox, see the following topics:

For information about how to create a journal rule, see How to Create a New Journal Rule.

If you want to grant permissions to access the journaling mailbox to another Active Directory directory service user, see How to Allow Mailbox Access.

Important

Journaling mailboxes contain very sensitive information. You must secure journaling mailboxes because they collect messages that are sent to and from recipients in your organization, and because these messages may be part of legal proceedings or may be subject to regulatory requirements. Various laws require that messages remain tamper-free before they are submitted to an investigatory authority. We recommend that your organization create policies that govern who can access the journaling mailboxes in your organization, limiting access to only those individuals who have a direct need to access them. Speak with your legal representatives to make sure that your journaling solution complies with all the laws and regulations that apply to your organization.

To perform the following procedures, the account you use must be delegated the following:

  • Exchange Recipient Administrator role

For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.

Procedure

To configure the journaling mailbox to accept only journal reports from the Microsoft Exchange recipient object, use the Exchange Management Shell to configure the journaling mailbox to accept messages only from the Microsoft Exchange recipient object or only from the journaling mailbox itself, depending on the version of Exchange 2007 you are running.

Configuring the Journaling Mailbox in Exchange Server 2007 Service Pack 1 (SP1)

By configuring the journaling mailbox to accept messages only from the Microsoft Exchange recipient object, only the Microsoft Exchange recipient object will be able to submit journal reports to the journaling mailbox. In addition, you must also configure the journaling mailbox to accept journal reports only from authenticated senders.

Use the following syntax to perform this procedure in the Exchange Management Shell in Exchange 2007 SP1:

Set-Mailbox <Journaling mailbox to configure> -AcceptMessagesOnlyFrom "Microsoft Exchange" -RequireSenderAuthenticationEnabled $True

To use the Exchange Management Shell to allow only the Microsoft Exchange recipient object to submit journal reports to the journaling mailbox in Exchange 2007 SP1

  1. Create a new mailbox to use as the journaling mailbox. For information about how to create a new mailbox, see How to Create a Mailbox for a New User.

  2. Run the following command:

    Set-Mailbox "Journaling Mailbox" -AcceptMessagesOnlyFrom "Microsoft Exchange" -RequireSenderAuthenticationEnabled $True
    

For detailed syntax and parameter information, see Set-Mailbox.

Configuring the Journaling Mailbox in the Release to Manufacturing (RTM) Version of Exchange 2007

By configuring the journaling mailbox to accept messages only from itself, only the Microsoft Exchange recipient object will be able to submit journal reports to the journaling mailbox. This is possible because journal reports override any restrictions placed on a mailbox. In addition, you must also configure the journaling mailbox to accept journal reports only from authenticated senders.

Use the following syntax to perform this procedure in the Exchange Management Shell in Exchange 2007 RTM:

Set-Mailbox <Journaling mailbox to configure> -AcceptMessagesOnlyFrom <Journaling mailbox being configured> -RequireSenderAuthenticationEnabled $True

To use the Exchange Management Shell to allow only the Microsoft Exchange recipient object to submit journal reports to the journaling mailbox in Exchange 2007 RTM

  1. Create a new mailbox to use as the journaling mailbox. For information about how to create a new mailbox, see How to Create a Mailbox for a New User.

  2. Run the following command:

    Set-Mailbox "Journaling Mailbox" -AcceptMessagesOnlyFrom "Journaling Mailbox" -RequireSenderAuthenticationEnabled $True
    

For detailed syntax and parameter information, see Set-Mailbox (RTM).