Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-10-26

If journaling is configured in a Microsoft Exchange Server 2010 organization, the Journaling agent generates journal reports that contain message metadata, and the entire original message is attached to the journal report. It's important to protect the integrity of journal reports and the journaling mailbox, and to protect them from unauthorized access.

You can protect journal reports sent inside an Exchange 2010 organization and journal reports that are sent to third-party solution providers.

Looking for management tasks related to journaling? See Managing Journaling.

Protecting Journal Reports Sent Inside an Exchange 2010 Organization

Exchange 2010 protects journal reports in transit by performing the following tasks:

  • It uses secure links between Hub Transport servers and Mailbox servers in the Exchange 2010 organization.

  • It sends the journal report as Exchange and authenticates the session between the Hub Transport server and the Mailbox server.

  • It accepts only secure, authenticated connections when journal reports are sent between Hub Transport servers and Mailbox servers in the same Exchange 2010 organization.

We recommend that you configure the journaling mailbox to accept messages sent only from the Exchange recipient object and that you configure the mailbox to require senders to be authenticated. This helps reduce the possibility of tampering with journal reports delivered to the journaling mailbox. For more information, see Create and Configure a Journaling Mailbox.

Additionally, you must implement adequate access controls to ensure the journaling mailbox is protected from unauthorized access. These controls should include measures such as recording and monitoring password changes to journaling mailbox user accounts, domain logons by such user accounts, and changes to mailbox permissions for journaling mailboxes.

Caution:
Improperly secured communication links, journaling mailboxes, or servers can expose sensitive data.

Protecting Journal Reports Sent to Third-Party Solution Providers

You can configure Exchange 2010 to send journal reports to a recipient that doesn't reside in the same Exchange 2010 organization as the Hub Transport server, including recipients residing on another e-mail system within the organization, or to an e-mail system outside the organization. You can use such a configuration to send journal reports to third-party providers of archival or other journaling solutions that aren't Exchange 2010-based.

In configurations where the source and destination servers aren't servers running Exchange 2010 or Exchange Server 2007 in the same Exchange organization, the connections between the two servers may not be automatically encrypted. However, even in these configurations, you can use Exchange 2010 to help protect the journal reports sent to the third-party solution providers.

You can use the following Exchange solutions to help protect communication between the Exchange server and the third-party solution providers:

  • Configure Transport Layer Security (TLS) between the two systems.

  • Require authentication on the receiving system.

  • Accept only e-mail messages from the SMTP address of the Exchange contact.

  • Configure a mail-enabled contact that sends e-mail messages to the SMTP address of the third-party solution and configure Exchange 2010 to send journal reports to that contact. Then configure the contact to accept journal reports only from an Exchange recipient.

Caution:
Improperly secured communication links, journaling mailboxes, or servers can expose sensitive data.

TLS is a standard protocol used to provide secure communications over TCP/IP networks such as the Internet. It enables clients to authenticate servers or, optionally, servers to authenticate clients. It also provides a secure channel by encrypting communications. For more information, see TLS Functionality and Related Terminology in Exchange 2010.

Important:
TLS encrypts the SMTP session between two hosts. If you configure TLS to protect journal messages, and Exchange doesn't directly deliver mail to the destination server that stores the journal reports, you must configure TLS between each server through which the journal report travels to the destination server.
Important:
Journal message recipients in a distribution group cannot view decrypted message attachments in an Exchange 2010 environment

This issue occurs because Exchange 2010 does not decrypt the journal message if at least one SMTP address of a distribution group member is not present in any journal rules. This behavior is by design.

For More Information