Exchange - Exchange 2007 POP3 Journaling

Updated

This article describes how to configure POP3S journaling for Exchange 2007 to make it work with the Mimecast ecosystem. This is a fallback in the event that SMTP journaling for 2007 is not an option.

Microsoft no longer supports Exchange 2007, meaning it is no longer supported by Mimecast. If you're considering using Exchange 2007, we strongly advise you to upgrade to a newer version for maximum productivity. See the Exchange 2007 End of Support Roadmap page in the Microsoft documentation for further details.

Considerations

      • POP3 is not supported for mixed-mode environments. See the Journaling in a Mixed Mode Environment  page for full details
      • Journaling must be enabled for individual mailbox stores on the Exchange Server.
      • Don't enable journaling for your entire organization at once. This might create performance issues for your Exchange Server.
      • Exchange 2007 requires Service Pack 1 to be compatible with Mimecast's journal services.
      • You can choose whether to:
        • Allow a Journal mailbox to receive all message traffic from a mailbox database.
        • Support a number of mailbox databases.
        • Create a separate mailbox database to store the mailbox that receives the journaled messages.

Walkthrough

Don't enable Journaling on the Exchange message store before you've tested and confirmed that Mimecast can connect and successfully extract messages. Failure to do this may result in a buildup of messages in the Journal mailbox. This in turn may lead to degradation in the performance of your Exchange Server.

Create a Journaling User Mailbox

You'll need to create a journaling mailbox on your Exchange server. This can be placed in an existing database or create a new database for this mailbox only. The mailbox must have:

      • An address of "journaling@<yourdomain>.com".
      • A username of "Journaling".
      • Make a note of the password you've set for this user.

To create a user mailbox for journaling, see the How to Create a Mailbox for a New User page in the Microsoft Exchange 2007 help file.

Creating a Journal Definition In Mimecast

To create a journal definition:

  1. Log in to the Mimecast Administration Console.
  2. Select the Services | Journaling menu item.
  3. Click on the New Journal Service Definition button.
  4. Complete the Journal Service Properties section as follows:
    Field / Option Description
    Description Enter a description for the journaling connector (e.g., Exchange 2007 Journal Connector).
    Transport Type Select the "POP" option from the drop-down.
    Disabled If selected, the journal service is suspended, and any error conditions related to the connection are reset. This is useful if a journal mailbox is going to be offline for an extended period of time. When the journal mailbox becomes available, ensure to enable activity before removing this option.
    Any changes made to this checkbox are recorded in the event log.
  5. Complete the Connection Properties section as follows:
Field / Option Description
Service Email Address Specify the mailbox email address that has been configured for the journal mailbox.
Mailbox Name Specify the username Mimecast will use when logging on to the journal mailbox.
Password Specify the journal mailbox's password. This will be automatically redacted when it is entered.
Hostname / IP Address Specify the public address of the server where the journal mailbox is located.
Port

Confirm the TCP/IP port number to be used for the connection to the journal mailbox. This is either:

  • 995 or POP3S
Journal Type

Specify the journal type as either:

  • Exchange Envelope Journaling (EEJ): This is the preferred option in terms of accuracy when determining an email's recipients. It also "steps down" to handle incorrectly enveloped messages. For example, journal mailboxes may receive non-envelope journaled emails, which would normally cause the journal service to fail. Mimecast automatically detects these malformed messages and absorbs them as normal emails, even though the journal mailbox is set to EEJ.
  • Standard EML: This is standard MIME format without the EEJ wrapper. Standard EML can only be assigned to mailboxes based on the message headers. This may not be reliable and does not include BCC recipients.
Encrypted

This checkbox is selected by default. Mimecast will only accept journal messages by Opportunistic TLS. Any other journal messages will be rejected. Also, the "Port Number" is set to 995 by default.
Encryption Mode

Mimecast supports the following Encryption Modes:

  • Strict-Trust Enforced: This is used in conjunction with trusted root certificate authorities. It is the default option.
  • Relaxed: Permits encryption with self-signed certificates, as well as other valid certificates that may not have a complete trust chain.
Remove Journal Headers

If enabled, Mimecast removes the potentially sensitive journal headers listed below that Microsoft Exchange might have added:

  • X-MS-Exchange-Organization-BCC:
  • X-MS-Exchange-CrossPremises-BCC:

All other journal headers are respected.
Detailed Logging

If enabled, detailed log files are created. These are only available to Mimecast Support and are used to troubleshoot failed journal connections.
Journal Non Internal Addresses

If enabled, processed items are archived if they don't hold any internal addresses.
Journal Unknown Internal Addresses

If enabled, processed items are archived if they are sent from / to unknown internal addresses.
  1. The Service Status section displays the following information about the journal connection:
Field / Option Description
Service Status Displays the current status of the journal connector.
Last Successful Extract Displays the date/time of the last successful extract. "Awaiting initial run" is displayed if no extract has been performed.
Processing Queue Displays the number of mails that have been received by Mimecast but have yet to be processed.
POP3 Mailbox Queue Displays the number of emails in the mailbox the last time Mimecast connected to the journal mailbox.
  1. Click on the Save and Exit button.

Configuring the Firewall

Configure your firewall to allow and forward bidirectionally. The rule must go from Mimecast to Exchange and from Exchange to Mimecast. You'll need to open either:

      • Port 995 for POP3S: encrypted communications to the Exchange server containing the Journal mailboxes.

        POP3S requires an SSL certificate signed by one of the Mimecast-supported root certificate authorities. See the Secure Socket Layers (SSL) Certificates page for more information.

Enabling Journaling for a Specific Mailbox Database

To enable journaling for a specific mailbox database, see the How to Enable Per-Mailbox Database Journaling  page in the Microsoft Exchange 2007 help.

Enabling the POP3 Service and Virtual Server

Ensure you've created the journal connectors as described above before starting this step. Failure to do so may result in a mail buildup in the journal mailboxes. Mimecast is unable to resolve this if it occurs.

To ensure the POP3 service is enabled:

  1. Click on the Windows Start button.
  2. Start the Run application.
  3. Type services.msc into the field.
  4. Click OK.
  5. Ensure the Microsoft Exchange POP3 service is:
      • Set to Automatic.
      • Is Started.

Configuring POP3S

See the page in the Microsoft Exchange 2007 help file for full details.

Once the certificate has been installed on the server, you must bind it to the POP3 virtual server.

To configure the POP3 Virtual Server, see the How to Configure Authentication for POP3 help page in the Microsoft Exchange 2007 help. Ensure the virtual server has the following options:

      • Secure Logon: This ensures a TLS connection is required for the client to connect to the server.

Verifying Your Journaling Status

To verify your journaling is working as required:

  1. Log in to the Mimecast Administration Console.
  2. Select the Services | Journaling menu item.
  3. Click on the Journaling Service you want to verify.
  4. Click on the Test Journal Extraction button. This ensures whether we are able to:
      • Connect to your Exchange POP3 service on the port specified.
      • Properly authenticate as the Journaling user.
  1. Click on the Go Back button to return to the list of journaling services.

You can also look at the Service Status column of the journaling services list:

Configuring Exchange 2007 POP3 POP3S Journaling

This displays one of the following icons:

Icon Service Status Description
Configuring Exchange 2007 POP3 POP3S Journaling Service Awaiting Initial Run On initial configuration, the status icons for SMTP journal connectors are orange, with a service status of "Service Awaiting Initial Run".
Configuring Exchange 2007 POP3 POP3S Journaling_1 Service OK Once the first message is received, the icon changes, and the status is updated to "Service Enabled".
Configuring Exchange 2007 POP3 POP3S Journaling_2 Service Error If Mimecast cannot connect to the journal connector and retrieve emails, the status changes to "Service Error".

For Exchange Envelope Journal Format (EJF), the recipient is displayed as the sender and the journal address as the recipient.

See Also...

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.