In "An Exchange 2003 Journaling Primer" (April 2005, InstantDoc ID 45348), I described the fundamental differences between journaling, archiving, and compliance, and I talked about the most basic form of journaling: message journaling. However, message journaling might not provide the functionality you need for a comprehensive compliance system. For example, what if you need to support distribution list (DL) expansion and deal with message reports?
Exchange Server 2003 provides another form of journaling: envelope journaling. Envelope journaling is a more sophisticated form of journaling and is generally the most common form implemented by organizations that are serious about journaling. Let's take a close look at envelope journaling—how to enable it in both Exchange 2003 and Exchange 2000 Server and how to make it work in a multiserver environment.
Envelope-Journaling Benefits
Message journaling simply captures a copy of any messages sent from or received by a mailbox in a database on which journaling has been enabled, then forwards those captured messages to the journal mailbox. Message journaling looks only at the P2 message headers and uses those headers to determine the recipients and originators of the message. (See "An Exchange 2003 Journaling Primer" for information about both P1 and P2 headers.)
However, envelope journaling inspects the P1 message headers on the message envelope. The envelope contains the definitive routing information for the message. The headers contain the actual SMTP addresses that the Exchange transport system uses to route and ultimately deliver the message. The P1 headers contain any recipients that may be blind carbon copy (Bcc) recipients. In addition, P1 headers explicitly identify the SMTP addresses for recipients who are members of any DLs to which the message might have been sent. As such, the P1 headers authoritatively define to whom messages have been transmitted. For more information about P1 and P2 message headers, see the Internet Engineering Task Force (IETF) Request for Comments (RFC) 821 and RFC 822, respectively.
Configuring Envelope Journaling
Exchange 2003 supports envelope journaling only if all Exchange 2003 servers in your organization are running Exchange 2003 Service Pack 1 (SP1). There's no check for SP1 servers during configuration, but you'll experience inconsistent behavior with envelope journaling if non-SP1 servers exist in your organization. Enabling envelope journaling in your organization is a two-step process. First, you must enable message journaling for any Exchange databases on which you want to journal messages that are either sent or received by mailboxes homed in that database. (For details about this process, see "An Exchange 2003 Journaling Primer.")
Second, you must enable envelope journaling in your organization. To do so, go to Microsoft's Downloads for Exchange Server 2003 page (http://www.microsoft.com/exchange/downloads/2003/default.mspx) and download the E-Mail Journaling Advanced Configuration tool—aka Exejcfg—to a convenient directory on any Exchange 2003 server in your organization. This tool is also available in the Exchange 2003 SP1 kit, in the \i386\rtw folder. The download is a self-expanding executable file that contains a license file, a user guide, and the exejcfg.exe file. From a DOS command window, you can enable envelope journaling by typing
exejcfg.exe -e
where the -e qualifier indicates that envelope journaling should be enabled. You can disable envelope journaling by using the same command with a -d qualifier. Using the -l qualifier displays the current status of envelope journaling. Figure 1 shows the result of enabling envelope journaling in my test environment.
The Exejcfg utility merely sets an attribute value on the Exchange organization in Active Directory (AD). The Exchange organization's heuristics attribute typically has the value 0, but when envelope journaling is enabled, this attribute has the value 512, as you can determine by using ADSI Edit as Figure 2 shows. (You don't actually need to use the Exejcfg tool for this task. You could simply use a utility such as ADSI Edit or LDP, which can modify AD attributes, to enable envelope journaling.) Because you're applying an organizational setting, envelope journaling is enabled for the entire organization. Thus, you can't enable a combination of message journaling and envelope journaling. However, in general, envelope journaling is considered superior to message journaling.
If you've been using message journaling and have used the registry modification outlined in the Microsoft article "XADM: Bcc Information Is Lost for Journaled Messages in Exchange 2000" (http://support.microsoft.com/?kbid=810999) to configure the journaling of Bcc recipients, you must either remove the JournalBCC registry subkey, or at least set the value to 0, if you want to upgrade to envelope journaling. The JournalBCC registry subkey is incompatible with envelope journaling. After you delete or modify the registry subkey, you should restart the Exchange Store process and the SMTP process before you enable envelope journaling.
You don't need to restart any services after you enable (or, for that matter, disable) envelope journaling. However, because an AD attribute controls the configuration of envelope journaling, not all servers that have journal-enabled databases will use envelope journaling until the new heuristics attribute value has successfully replicated through your organization. Actually, when you enable even message journaling for a given Exchange database, the msExchMessageJournalRecipient AD attribute of that database is updated with the value of the journal mailbox's distinguished name (DN). This new attribute value must replicate through your organization before journaling will work reliably.
If you run a mixed environment that contains both Exchange 2003 servers and Exchange 2000 servers, you can still enable envelope journaling, but the system will handle DL-expansion–related journaling (which I discuss later) incorrectly unless you apply some updates to your Exchange 2000 servers. Specifically, to operate correctly with envelope journaling, any Exchange 2000 servers must be running at least Exchange 2000 SP3, with the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup. (For information about how to obtain the Update Rollup, see the Microsoft article "Update Rollup for Exchange 2000" at http://www.microsoft.com/downloads/details.aspx?familyid=363a57a4-8bed-4bbb-bbe4-abc11ab04611&displaylang=en.) In fact, even if you have no Exchange 2003 servers and you exclusively run Exchange 2000 SP3 servers with the Update Rollup, you can still use the Exejcfg tool and fully implement envelope journaling in your organization.