Setup Guide. Archiving for Microsoft Exchange Server 2007

(1)

Setup Guide

(2)

COPYRIGHT

McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

(3)

1

Introducing Email Archiving for Microsoft

Exchange Server

The Email Archiving service stores email messages from a journal mailbox on your Microsoft Exchange Server and associates those messages with user accounts. Users can then log on to the Control Console and view their archived messages. Additionally, Email Archiving allows you to store all of your previously sent and received messages using an historical mailbox.

Contents

The role of envelope journaling in archiving messages Associating messages with users in Email Archiving Archiving historical messages

The role of envelope journaling in archiving messages

Email Archiving requires that you enable the envelope journaling feature of your Microsoft Exchange Server.

The journaling feature of Exchange Server creates a copy — or journal — of all email messages that are sent or received by the server. Using envelope journaling ensures that the BCC and distribution list recipients are captured and archived in addition to the primary sender and recipient.

Once journaling is enabled, the Exchange Server then sends copies of all email to a dedicated mailbox called the journal recipient mailbox. From here, the Email Archiving service can retrieve your email and archive it.

Email Archiving stores messages for a user even after that user has been removed from the Active Directory and the Exchange Server.

Associating messages with users in Email Archiving

Email Archiving automatically associates newly archived email messages with user accounts in the Control Console. This process ensures that individual users are able to view their archived messages in the Email Archiving tab of the Control Console. Otherwise, unassociated messages can be viewed by a Customer Administrator.

(6)

Rules for unassociated messages

An unassociated message is a message that the system cannot link to an existing user account. This means that these messages can only be viewed and managed by customer administrators.

A message can fail to link to a user account for a number of reasons: • The user account was deleted.

• The user account was created after the message was archived.

• The user account was never created because the email message is historical.

You cannot recreate a user account once it is deleted or re-associate messages to a user account once the account is deleted.

Archiving historical messages

You can also archive older, historical messages in addition to your active mail accounts. This involves a completely different process and does not use journaling.

Historical messages include all of the messages that were on your mail server prior to setting up Email Archiving. In order to archive these messages you can do one of the following:

• Pay for the Managed Import Service. You can ask your sales representative for details.

• Upload historical messages by setting up a designated historical mail source in the Control Console. There is no extra charge.

If you choose to upload historical messages, you should complete these activities:

• Create a user mailbox on the Exchange Server and place your historical messages into the inbox. • Set up a Historical Mail Source in the Control Console and connect it to your historical mailbox. • Enable the Historical Mail Source and messages placed into the inbox of your historical mailbox are

automatically imported into Email Archiving. Once they are archived, your messages are then deleted from the mailbox. Messages in subfolders, however, are not imported.

For more information view the Email Archiving Administrator Guide or the Control Console Online Help.

Do not turn on journaling for your historical mailbox.

1

Introducing Email Archiving for Microsoft Exchange Server Archiving historical messages

(7)

2

Getting Started

Your environment needs to include specific software to work with Email Archiving. Review these requirements and recommendations before setting up your Exchange Server.

Contents

Supported versions of Exchange Server 2007 Before you begin the setup process

Selecting premium or standard journaling

Supported versions of Exchange Server 2007

You should have one of the following versions of Exchange Server 2007 to support Email Archiving. • Microsoft Exchange Server 2007 Standard Edition

• Microsoft Exchange Server 2007 Enterprise Edition

Before you begin the setup process

Be sure to complete the following tasks before setting up the journaling feature in Exchange Server. • You must add your users on the Control Console before you set up Email Archiving and the

journaling feature of Exchange Server.

When you configure and enable Email Archiving before adding users to the Control Console, only the Customer Administrator role is able to search for and view archived email.

• You should check with your Firewall/Intrusion Prevention System vendor to verify that the Email Archiving service IP space is able to communicate with your network.

• Running a mixed Exchange Server environment is not recommended or supported. Interoperability limitations between different versions of Exchange Server can adversely affect journaling.

• The maximum message size that Email Archiving can store is 50 MB. Larger messages remain in the journal mailbox and are not archived. As a result, we recommend setting the maximum message size in Exchange Server to 50 MB as well. For more information, consult the Microsoft Exchange Server documentation.

• IMAP is the recommended protocol for all setup activities in Email Archiving.

Selecting premium or standard journaling

There are two types of journaling: standard and premium. Standard journaling is easier to implement and allows you to quickly enable journaling for ALL the users on a storage database. Premium

(8)

journaling is more complex to implement but it enables you to set up journaling based on rules. For example, you can enable journaling for specific users on a database.

Premium journaling requires that you purchase an Exchange Server Enterprise client access license (CAL). If you have not purchased enterprise CALs, you must use standard journaling.

Additionally, you should configure journaling agents on the appropriate Hub Transport servers.

If you wish to archive all of your users, we recommend setting up standard journaling on each of your storage databases. Be sure to determine which journaling method you will use before proceeding with the setup process.

2

Getting Started

Selecting premium or standard journaling

(9)

3

Add a new journaling mailbox

You should set up a journaling mailbox for use with Email Archiving.

Complete these steps when setting up both standard and premium journaling.

Task

1 Open the Exchange Management Console on the mailbox server.

2 Click to expand Recipient Configuration, right-click Mailbox, and then click New Mailbox.

3 Select User Mailbox and click Next.

(10)

4 Select New User and click Next.

Figure 3-2 New Mailbox — User Type

5 Under User Information, complete the following:

a Select the Organizational Unit.

b Enter a name in the First name and Last name fields.

c Edit the Name field as necessary.

d Enter a log on name in the User logon name (User Principal Name) field.

3

Add a new journaling mailbox

(11)

e Type and confirm a password in the Password and Confirm password fields.

f Deselect User must change password at next logon.

This is the user logon name and password you will use to set up a mail source in Email Archiving.

Figure 3-3 New Mailbox — User Information

6 Click Next.

7 Under Mailbox Settings, complete the following:

a Enter an alias for the mailbox user in the Alias field.

b Select your Mailbox database.

(12)

c Select Managed folder mailbox policy and click Browse to specify.

d Select Exchange ActiveSync mailbox policy and click Browse to specify.

Figure 3-4 New Mailbox — Mailbox Settings

8 Click Next.

9 Review the Configuration Summary and click New to create the mailbox.

Figure 3-5 New Mailbox — Configuration Summary

10 Click Finish.

3

(13)

4

Enable standard journaling

Enable standard journaling by turning it on for each database. Once enabled, standard journaling applies to all of the mailboxes on a server.

This task is required for setting up standard journaling. Do not complete this task if you are setting up premium journaling.

Task

1 Open the Exchange Management Console on the mailbox server where you are enabling standard journaling.

2 Click to expand Server Configuration, then click Mailbox.

Figure 4-1 Mailbox Configuration — Database Management

3 In the Mailbox panel, select the server name.

4 In the lower panel, right-click the mailbox database, and then click Properties.

(14)

5 Select the Journal Recipient checkbox and then click Browse to select a recipient.

Figure 4-2 Mailbox Database Properties

6 Select the journal recipient mailbox and click OK.

7 Click OK to complete the process.

All journaled messages for users on this mailbox database are sent to the journal mailbox.

4

Enable standard journaling

(15)

5

Set up premium journaling

Add journal rules to enable the premium journaling options on those clients with Enterprise Edition Licensing CALs.

This task is required for setting up premium journaling. Do not complete this task if you are setting up standard journaling.

Task

1 Enable the journaling agent on the Hub Transport server.

a Click Start | All Programs | Microsoft Exchange Server 20xx | Exchange Management Shell

b To determine whether or not the journaling agent is enabled, enter: Get-TransportAgent If no agent name is returned, the agent is not enabled.

c To enable the agent, enter: Enable-TransportAgent -Identity "Journaling agent"

2 Open the Exchange Management Console on your Hub Transport Server.

3 Click to expand Organization Configuration and then click Hub Transport.

4 In the Hub Transport panel, select Journal Rules.

Figure 5-1 Hub Transport — Journal Rules

5 In the Hub Transport section of the Actions panel, click New Journal Rule.

(16)

6 Configure a new journal rule:

a For Rule name, enter a name for new rule.

b For Send Journal reports to e-mail address, click Browse and select the name of the journal mailbox.

c For Journal messages for recipient, click Browse to select the recipient of the journal messages.

Figure 5-2 My Journal Rules

7 Click OK.

8 Click Finish.

All journaled messages for users on this Hub Transport server are now sent to the journal mailbox.

5

Set up premium journaling

(17)

6

Hide the journal mailbox from Exchange

address lists

You should remove the journal recipient mailbox from Exchange address lists in order to prevent it from receiving mail directly. The journal mailbox should only be used for archiving purposes. You can complete this task using either the Exchange Management Console or the Exchange Management Shell. • From the Exchange Management Console:

a Open the Exchange Management Console on the mailbox server.

b Click to expand Recipient Configuration and then double-click the journal mailbox to open the

Properties window.

(18)

c Select Hide from Exchange address lists.

Figure 6-1 Mailbox Properties — Hide from Exchange address lists

d Click OK to complete the process. • From the Exchange Management Shell:

a Select Start | All Programs | Microsoft Exchange Server 20xx | Exchange Management Shell.

b _{Type Set-Mailbox journalmailbox -HiddenFromAddressListsEnabled $true.}

Where journalmailbox is the name of your journal mailbox.

6

Hide the journal mailbox from Exchange address lists

(19)

7

Prevent mail from going directly to the

journal mailbox

You should remove the journal recipient mailbox from the Global Address List in order to keep it from receiving mail directly. The journal mailbox should only be used for archiving purposes.

You can complete this task using either the Exchange Management Console or the Exchange Management Shell. • From the Exchange Management Console:

a Open the Exchange Management Console on the mailbox server.

b Click to expand Recipient Configuration and then double-click the journal mailbox to open the

Properties window. c Select Mail Flow Settings.

(20)

d Double-click Message Delivery Restrictions to set your configuration options.

Figure 7-2 Message Delivery Restrictions

e Select Only senders in the following list.

f Click Add to open the Select Recipient window.

g Select a recipient, and click OK.

h Click OK to complete the process. • From the Exchange Management Shell:

a Select Start | All Programs | Microsoft Exchange Server 20xx | Exchange Management Shell.

b _{Type Set-Mailbox journalmailbox -AcceptMessagesOnlyFrom journalmailbox.}

Where journalmailbox is the name of your journal mailbox.

7

Prevent mail from going directly to the journal mailbox

(21)

8

Remove storage limits on the journal

mailbox

Although Email Archiving removes messages from the journal mailbox after they have been archived, there may be delays. This can cause a temporary buildup in the journal mailbox. If you have

previously set a limit to the size of the journal mailbox, this setting might inadvertently cause messages to be removed before they can be archived. As a result, you should consider removing storage limits that can affect the journal mailbox.

Before you begin

Set up your journal recipient mailbox before completing this task.

Task

1 Open the Exchange Management Console on the mailbox server.

2 Click to expand Recipient Configuration and then double-click the journal mailbox to open the Properties window.

(22)

3 Select Mailbox Settings.

Figure 8-1 Mailbox Properties — Mailbox Settings

4 Double-click Storage Quotas.

Figure 8-2 Storage Quotas

8

Remove storage limits on the journal mailbox

(23)

5 Deselect all of the options under Storage Quotas and Deleted item retention, and then click OK.

6 Click OK to complete the process.

(24)

8

(25)

9

Setting up TLS on Exchange Server

Transport Layer Security (TLS) is an encryption protocol that provides secure communications on the internet for such things as web browsing, email, internet faxing, instant messaging, and other data transfers. Email Archiving supports TLS, allowing you to enhance the security of your outbound journaled email messages. Using TLS is not required.

Email Archiving uses a TLS certificate to authenticate your Exchange Server. It then automatically accepts the encrypted messages as they are transported from Exchange Server, decrypts the messages, and then stores them using a 256-bit encryption method.

You can find detailed information about setting up TLS for Exchange Server on the Microsoft website: http://technet.microsoft.com/en-us/library/bb430764.aspx

Verify that your Exchange Server is using TLS with POP3 and

IMAP4

Secure POP3 and IMAP4 access with TLS are both enabled by default. However you should verify the settings to ensure that both are using SecureLogin.

IMAP is the recommended protocol for Email Archiving.

Task

1 At the Exchange Server desktop, select Start | All Programs | Microsoft Exchange Server 20xx Exchange

Management Shell to open a command prompt. 2 Type Get-POPsettings.

3 _{Verify that the LoginType field is set to SecureLogin.}

UnencryptedOrTLSBindings SSLBindings LoginType X509Certifcate Name --- --- --- ---{:::110, 0.0.0.0:110} {:::995, 0.0.0.0:995} SecureLogin w2008

4 _{Type Get-IMAPsettings.}

5 Verify that the LoginType field is set to SecureLogin.

UnencryptedOrTLSBindings SSLBindings LoginType X509Certifcate Name --- --- --- ---{:::143, 0.0.0.0:143} {:::993, 0.0.0.0:993} SecureLogin w2008

6 Close the command prompt.

(26)

9

Setting up TLS on Exchange Server

Verify that your Exchange Server is using TLS with POP3 and IMAP4

(27)