We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Message Archiver

How to Configure Envelope (SMTP) Journaling for Microsoft Exchange Server 2013 and Newer - Premium Journaling

  • Last updated on

This article refers to Barracuda Message Archiver Legacy Release firmware or higher, and a MicrosoftExchange Server 2013 or 2016 environment utilizing Premium Journaling with a Journal Rule and Exchange Enterprise Client Access Licenses (CALs).

If your Exchange environment does not support Premium Journaling, see the article How to Configure Envelope (SMTP) Journaling for Microsoft Exchange Server 2013 and Newer - Standard Journaling.

Microsoft Exchange allows a Journal recipient to be either a mailbox or contact. By using a contact with an email address that is part of a non-existent domain, you can create a send connector that uses SMTP to deliver journaled mail to the Barracuda Message Archiver. Also see Understanding SMTP Forwarding and Trusted Servers.

Excluding Health Monitor Alerts

By default, Health Monitor Alerts are automatically journaled in Exchange 2013. To exclude these alerts from journaling, refer to the Microsoft support article Managed Availability messages are journaled in Exchange Server 2013.

Use the examples included in this article to simplify troubleshooting. Note that you can cut and paste the shell commands directly from this article.

Step 1. Register Each Exchange Server as a Trusted SMTP Server

To ensure that archiving begins as soon as your Exchange Servers are configured to send journal copies, first register each Exchange Server that is in a Client Access Server (CAS) role as a Trusted SMTP Server with the Barracuda Message Archiver on the Mail Sources > SMTP page in the web interface.

  1. Log into the Barracuda Message Archiver web interface, and go to the Mail Sources > SMTP page.
  2. In the Trusted SMTP Servers section, enter the details for each Exchange Server that is to journal directly to the Barracuda Message Archiver; click Add after entering the details for each Exchange Server, and then click Save.

Step 2. Create a Remote Domain From the Exchange Management PowerShell

The Remote Domain must not be your normal email domain. The remote domain must be a non-existent and non-routable/unresolvable domain from either inside or outside your organization (such as bma.int). This domain must be used for the email address of the Mail Contact that is to be the journaled message recipient.

In previous versions of Exchange Server, the Exchange Management Console was used to create a Remote Domain; in Exchange Server 2013 the ECP/EAC has no analogous functionality so you must use PowerShell to create the Remote Domain.

To create a Remote Domain, you must enter a Name to describe the domain, and the actual Domain Name to use. In this example, bma.int is the "fake" Domain Name that is used. You can use bma.int or create your own "fake" Domain Name. Note that this Domain Name is used when creating the Mail Contact in Step 4. Create a Send Connector for the Remote Domain.

  1. Open the Exchange Management Shell. 
  2. Execute the following command to create the remote domain; this command ensures TNEF encoding is disabled and auto-forwarding is enabled:
    New-RemoteDomain -DomainName bma.int -Name "Message Archiver Domain"  
    Get-RemoteDomain | Where {$_.DomainName -eq "bma.int"} | Set-RemoteDomain -TNEFEnabled $false -AutoForwardEnabled $true
  3. Enter the following command to verify the settings:
    Get-RemoteDomain | Where {$_.DomainName -eq "bma.int"} |Format-table Name, DomainName, TNEFEnabled, AutoForwardEnabled

    This command ensures TNEF encoding is disabled and auto-forwarding is enabled. Barracuda recommends disabling TNEF encoding. Auto-forwarding is enabled to allow mail for the contact to be forwarded to the Barracuda Message Archiver.

     

Step 3. Create a Recipient Mail Contact/Alternate Email Address

The Mail Contact is the account that is to act as a "holding location" for journaled messages. The email address associated with this account is the designated recipient and must be associated with a non-existent, non-routable dummy Domain Name created above in Step 2. Create a Remote Domain From the Exchange Management PowerShell. Use the following steps to create the Mail Contact:

  1. Log in to the Exchange Admin Center (EAC) click recipients in the left pane, select contacts at the top of the page, and then click the + symbol to create a new mail contact:
    recipient_update.jpg
  2. In the new mail contact page, enter details for the designated recipient account details:
    new_mail_contact.jpg 
  3. Click save. The new contact displays in the contacts list:
    contact_created.jpg

    Hide Contact from Global Address List
    Barracuda Networks recommends hiding the mail contact from the Global Address List (GAL). One method to hide the mail contact is to utilize the following shell command:

    Get-MailContact | Where {$_.Name -eq "Journal Contact"} | Set-MailContact -HiddenFromAddressListsEnabled $True

    The setting can be verified by executing:
    Get-MailContact | Where {$_.Name -eq "Journal Contact"} | Format-table Name, HiddenFromAddressListsEnabled  

    Alternate Journaling Mailbox
    You can configure an additional parameter in Exchange 2013 to specify that a journal report temporarily cannot be delivered. For details, refer to the Journal Reports section of the Microsoft TechNet Journaling article.

  4. In the EAC, click recipients in the left pane, select mailboxes at the top of the page, and click the + symbol to create an alternate journaling mailbox:   mailboxes.jpg 
  5. In the new user mailbox page, enter details for the alternate journaling mailbox:
    journal_ndr.jpg
  6. Click save. The new mailbox displays in the mailboxes list:
    journal_ndr2.jpg 

Hide Alternate Contact from GAL
Barracuda Networks recommends hiding the alternate mail contact from the GAL; to do so, with the new mailbox still selected, click the Edit ( editUpdate.jpg) icon. In the general page, turn on Hide from address lists:

hide.jpg

Step 4. Create a Send Connector for the Remote Domain

To route journaled mail that is sent to the contact to the Barracuda Message Archiver, use the following steps to create a Send Connector for the Remote Domain:

  1. In the EAC click mail flow in the left pane, select send connectors at the top of the page, and then click the + symbol to create a new send connector:
    sendConnector.jpg
  2. In the Name field, enter a name for the connector, and in the Type section, select Custom:
    new_send_connector.jpg
  3. Click next. In the Network settings page, select Route mail through smart hosts:
    new_send_connector2.jpg
  4. Click next. In the add smart host page, enter the Barracuda Message Archiver fully qualified domain name (FQDN) or IP address:
    add_smart_host.jpg
  5. Click save. The FQDN or IP address displays in the SMART HOST list; verify the address:
    smart_host_added.jpg
  6. Click next. In the Smart host authentication  page, because authentication is not used on the smart host connection to the Barracuda Message Archiver, no changes are necessary; click next:
    authenticationUpdate.jpg
  7. In the Address space section, click the + symbol:
    address_space.jpg
  8. In the Address Space page, enter the domain that matches the domain for the external email address used to create the journal contact, for example, bma.int (see Step 2. Create a Remote Domain From the Exchange Management PowerShell):
    add_domain.jpg
  9. The domain is added to the Address space list:
    verify_address_space.jpg
  10. Click next. In the Source server section, click the + symbol:
    source_server.jpg
  11. Verify all the Exchange Servers that are in the CAS role are listed; click add to add additional servers:
    verify_listed_servers.png
  12. Click ok. In the Source server page, the selected servers display:
    finishUpdate1.jpg
  13. Click finish. The new send connector displays as enabled in the send connectors list:
    finishUpdate2.jpg
  14. Click the Edit ( editUpdate.jpg) icon to edit the Send Connector properties. From the Maximum send message size (MB) drop-down list, select unlimited:
    edit_connector.jpg 
  15. Click save.

Step 5. Create a Journal Rule

Use the following steps to set up a journal rule:

  1. Open the EAC, and click compliance management in the left pane, select journal rules at the top of the page, and then click the + symbol:
    journal_rule01.jpg
  2. In the new journal rule page, enter the following details:
    1. Enter a name for the journal rule
    2. From the If the message is sent or received from list, select Apply to all messages  
    3. From the Journal the following messages list, select All messages  
    4. In the Send Journal Reports field, enter the email address of the contact created in Step 4. Create a Send Connector for the Remote Domain (bma.int):
      JournalRulebmaint.jpg
  3. Click save. If the warning message Do you want this rule to apply to all future messages displays, click yes:
    warning02.jpg
  4. The journal rule check box displays selected in the journal rules page:
    journal_rule02.jpg
  5. In the Send undeliverable journal reports to section, click Select address:
    select_address.jpg
  6. In the  non-delivery reports window, click browse:
    non_delivery.jpg
  7. Browse to and select the alternate mailbox created in Step 3. Create a Recipient Mail Contact/Alternate Email Address (Journal NDR Mailbox):
    journal_ndr3.jpg
  8. Click ok. Verify your selection, and then click save:
    non_delivery02.jpg
  9. The address displays in the Send undeliverable journal reports to section:
    journal_ndr4.jpg

The configuration is now complete and journaled mail is forwarded to the Barracuda Message Archiver. Log into the Barracuda Message Archiver, and go to the Basic > Search page in the web interface to verify that new mail is being processed. Note that it may take up to 30 minutes before journaled mail is available in the search results.

 

 

Last updated on