Collection: Exchange 2007 Hub Transport Role Server(3)

Exchange Server 2007: Using Journaling Rules

Journaling: The traditional way...

In Exchange Server 2003, journaling took place directly in the mailbox store because there was no hub transport role.

In Exchange Server 2007 we can choose either to have the same option (allowing a Journal mailbox to receive all message traffic from a mailbox database) or to support a number of Mailbox databases. We can also create a separate mailbox database to store the mailbox which will receive the journaling.

In the following example, we are going to configure a mailbox database in Exchange Server 2007 to record all user messages that have been sent and received within the same database to be redirected to a specific mailbox.

To configure Journaling for a specific mailbox database, follow these steps:

1. Open the Exchange Management Console.
2. Expand Server Configuration, and then click on Mailbox Database.
3. In the Toolbox Actions of selected Mailbox Database click on Properties (Figure 01).

Figure 01: Exchange Management Console – Requesting Properties of Mailbox Database

4. In the Mailbox Database Properties page, go to the General tab and then select the Journal Recipient checkbox (Figure 02).

                                          Figure 02: Mailbox Database Properties Page

5. Before checking Journal Recipient, click on Browse and choose which mailbox will get all messages from the mailbox database. For the purposes of this article, this user is called Journal (Figure 03), click OK to finish.

Figure 03: Selecting the user who will receive all messages of selected Mailbox Database

6. This is the final screen of journaling settings at mailbox database level; now, all the messages by existing users in the mailbox database will be copied to the mailbox called Journal (Figure 04).

Figure 04: Mailbox Database with Journal Recipient enabled and set to Journal recipient

From now on, all the messages from all users that have mailboxes in this mailbox database will be recorded in the mailbox named Journal.

Testing the traditional way of Journaling

To check which users will be affected by our configuration, we should run a cmdlet. To do this, go to the MSH console and type the following:

Get-Mailbox | Group-Object database | fl

The output of this command will be a list of all mailbox databases with the respective users as shown in Figure 05.

                                            Figure 05: Viewing users by Mailbox Database

Now, we will test this feature by sending a message from the user Anderson Patricio to Jose Rodas.

Once this message is sent, we will have to check the Journal mailbox and analyze if the message was recorded. We can see all the recipient information and the real message will appear as an attachment.

Figure 06: Viewing the message sent by User Anderson Patricio in the Journal Mailbox

Overview of the Exchange Server 2007 Journal Rule

Exchange Server 2007 uses Hub Transport to journal messages, so it is valid for the whole organization because all the information on Hub transport server is kept and replicated on Active Directory. The process of message journaling has three main components:

• Journal agent: This is an agent that can be configured to journal e-mail messages that are sent or received by recipients in an Exchange 2007 organization.
• Journaling Mailboxes: This is a mailbox that is only used for collecting journal reports (messages).
• Journal Reports: This is the message that Microsoft Exchange generates when a message matches an existent journal rule and then is submitted to the journaling mailbox.

The journaling process is very simple. All the messages that pass through the Hub transport are inspected, and if they match the defined criteria that was configured in the journal rule, a journal report will be created and delivered to the Journaling Mailbox as shown in Figure 07.

                                Figure 07: Process of journaling in Exchange Server 2007

Now... Using the new Exchange Server 2007 feature

In this section, we will start using the new Exchange Server 2007 feature: the Journaling Rules. Consider the following scenario: we will record all messages sent and received from user Jose Rodas in the mailbox Journal.

To create a journal rule, follow these steps:

1. Open the Exchange Management Console, expand Organization Configuration, click Hub Transport, and select New Journaling Rule on the Toolbox Actions (Figure 08).

                                           Figure 08: Creating the new journaling rule

2. On the New Journaling Rule page, type a name on the Rule name field. This name can have up to 245 characters.
3. In the Journal e-mail address field, select the recipient that will get all the message traffic for this rule.
4. In Scope we can choose one of these options:
• Global: All messages (Internal and External)
• External: Only external messages
• Internal: Only internal messages
5. In the Journal e-mail for recipient field select the user who you want a record of his/her messages. For the purpose of our example, we have made a journal rule for all messages sent and received for the user jose@apex07.beta.

                                               Figure 09: Creating the journal rule

6. On the Completion page, the result of the rule creation will appear on the screen with the cmdlet used to create the rule. Click Finish to exit (Figure 09).

                                                      Figure 10: Finishing the rule creation

Testing the Journaling Rule…

We will send a test message from the user Anderson Patricio to the user Jose Rodas. The expected result is to get the message in our recently configured Journal Mailbox (Figure 11).

Figure 11: User Anderson Patricio sends a test message to Jose Rodas to test a recently created Journaling Rule

Now, we can access the Journal mailbox and check if the journal rule is working correctly (Figure 12). 

             Figure 12: Viewing the message recorded in Microsoft Outlook Web Access

At this point, we see that the journaling rule is working as expected. It was completed with just a rule in the Hub Transport role at Organizational level.

How can I make a journaling rule for the whole organization?

In many cases, the journaling feature is required for all the members of an organization because of legal requirements, as we described in the beginning of this article. Using Journaling Rules makes this process easier, storing all the users' messages in the same, or another, mailbox database than the one that actually stores the mailboxes by just creating a rule.

The creation process is just the same, the only difference is that we do not need to choose anything on Journal e-mail for recipient so all the organization's mail traffic will be stored in the Journal mailbox (Figure 13). 

                                        Figure 13: Creating a Journaling Rule for all users

Problem Resolution: Journaling vs. Transport Rules

In some cases, we could get a conflict between Transport Rules and Journal Rules.

In order to better understand this difference, we will use the following example. There is a transport rule that blocks all the messages between users Anderson Patricio and Jose Rodas (Ethical Wall), but the administrator is required to record all the messages before they are dropped.

By default, the Transport Agent rules are executed first then Journaling Rules. So, in this situation, it will not be possible to journal when you have a transport rule that deletes some messages. The order of agent transport in Exchange 2007 is shown in the figure below (Figure 14). 

Figure 14: Some of Hub Transport Architecture. The full version can be found here (image courtesy of Microsoft)

So, as discussed earlier, the default order does not let us record blocked messages on Transport Rules, so let’s check the order through a cmdlet called Get-TransportAgent in the Exchange Management Shell (Figure 15).

To check the orders that are assigned, type the following in an MSH Console:

Get-TransportAgent

                                    Figure 15: Checking the TransportAgent order priority

In this example, our scenario will not work as expected, in other words, the blocked message will not be recorded in the mailbox Journal.

To solve this, we will have to change the transport agents order with the Set-TransportAgent cmdlet.

The full syntax to solve this is:

Set-TransportAgent <Transport-Agent-Name> -Priority:<Number> (Figure 16).

               Figure 16: Changing Agents priority and visualizing them after changes

With this change, our scenario works as expected. The Journaling Agent has a higher priority than the Transport Rule Agent. So even blocked messages will be recorded in the Journal mailbox.

Creating a new E-mail Address Policy

Creating a new E-mail address policy is a straightforward task, although much different from Exchange 2000 and 2003. In order to do so, click New E-mail Address Policy in the Action pane. On the Introduction page of the New E-Mail Address Policy wizard, enter a name for the new policy, and then specify what type of recipients should be included (Figure 4) and then click Next.

                                             Figure 4: The New E-Mail Address Policy Page

You can now be a bit more selective when defining your target group by using the filter and selecting one or more conditions as shown in Figure 5. When you have configured any conditions you want applied to the policy, click Next.

                                Figure 5: The New E-Mail Address Wizard Conditions Page

Now click Add and select the E-mail address local part to be used to create the username portion of the e-mail address, then choose an e-mail domain from the E-mail address domain in the drop-down box as shown in Figure 6. When ready click OK and Next.

Figure 6: Specifying the Local Part of the E-Mail Addresses and the E-Mail Address Domain

As you can see in Figure 6, you can choose between 7 local E-mail address parts. The local part of an e-mail address is the name format appearing before the “at sign (@)”. If none of the default 7 local parts fit what you need to use for your E-mail address Policy, you can use the variables listed in Table 1 below.

Variable	Description
%g	Used for given name (first name)
%i	Used for middle initial
%s	Used for surname (last name)
%d	Used for display name
%m	Used for Exchange alias
%xs	Uses the x number of letters of the surname. For example if x=2, then the first two letters of the surname are used.
%xg	Uses the x number of letters of the given name. For example, if x=2, then the first two letters of the given name are used.

Table 1: Available E-Mail Address Parameters

On the Schedule page, specify when the e-mail address policy should be applied and the maximum length of time it is permitted to run (Figure 7). Then click Next.

                                     Figure 7: New E-Mail Address Wizard Schedule Page

On the Configuration Summary page click New. If you selected to apply the policy immediately, the proxy address will now be applied to all recipients matching the filter. When this task has completed, click Finish on the Completion page.

Tip:To create a new e-mail address policy via the Exchange Management Shell, you need to use the New-EmailAddressPolicy cmdlet. For example, to create a policy similar to the one we created using the GUI wizard; you would need to run the following command:

New-EmailAddressPolicy -Name “Exchangedogfood.dk” -IncludedRecipients “MailboxUsers” -ConditionalCompany “Exchange Dogfood Corporation” -Priority “Lowest” -EnabledEmailAddressTemplates “SMTP:%g.%s@exchangedogfood.dk”

When a new E-mail address policy has been created and applied to the recipients, you can verify the proxy address has been stamped on the respective user objects under the E-Mail Addresses tab on the property page of a recipient object, as shown below Figure 8.

                            Figure 8: E-Mail Address Tab on the User Mailbox Property Page

When a recipient has “Automatically update e-mail addresses based on email address policy” enabled, all primary e-mail addresses (default reply addresses) of e-mail address types will always be set from the e-mail address policy. This means that if you edit the primary address to be a different e-mail address, it will always revert back to the one specified in the e-mail address policy.

Goodbye LDAP! Hello OPATH

Instead of LDAP which was the recipient filter used in Exchange 2000 and 2003, Exchange now uses OPATH for filtering recipients, address lists etc. The syntax used in OPATH is much less complex that LDAP filters, which means that it’s easier to create filters in Exchange 2007 than was the case in previous versions of Exchange Server. Delving into the intricacies of OPATH filtering is outside the scope of this article, instead I can recommend you read this blog entry on the MS Exchange Team blog as it does a very good job of describing how to get started with OPATH filtering.

How the Pickup Directory Processes Messages

A correctly formatted .eml message file that is copied into the Pickup directory is processed for submission in the following steps:

1. The Pickup directory is checked for new message files every 5 seconds. You can't modify this polling interval. You can adjust the rate of message file processing by using the PickupDirectoryMaxMessagesPerMinute parameter on the Set-TransportServer cmdlet. The default value is 100 messages per minute. Files that cannot be opened are left in the Pickup directory and are reevaluated at the next poll.
2. Limits that are put on message files in the Pickup directory, such as the maximum header size and the maximum number of recipients, are checked. By default, the maximum header size is 64 KB, and the maximum number of recipients is 100 recipients. You change these limits by using the Set-TransportServer cmdlet.
3. The file is renamed from <filename>.eml to <filename>.tmp. If the <filename>.tmp file already exists, the file is renamed as <filename><datetime>.tmp. If the file renaming fails, an event log error is generated, and the pickup process proceeds to the next file.
4. After the .tmp file is successfully converted into an e-mail message, a "delete on close" command is issued to the .tmp file. The .tmp file appears to remain in the Pickup directory, but the file cannot be opened by anyone else.
5. After the message is successfully queued for delivery, a "close" command is issued, and the .tmp file is deleted from the Pickup directory. If the deletion fails, an event log error is generated. If the Microsoft Exchange Transport service is restarted when there are .tmp files in the Pickup directory; all .tmp files are renamed as .eml files and are reprocessed. This could lead to duplicate message transmission.

How to Configure the Pickup Directory

By default, the Pickup directory is located at C:\Program Files\Microsoft\Exchange Server\TransportRoles\Pickup. The directory must be local to the Exchange 2007 computer.

 To use the Exchange Management Shell to configure the location of the Pickup directory

• Run the following command:

Set-TransportServer <Identity> -PickupDirectoryPath <LocalFilePath>

For example, to set the Pickup directory to C:\Pickup Directory on an Exchange 2007 computer named Exchange01, run the following command:

Set-TransportServer Exchange01 -PickupDirectoryPath "C:\Pickup Directory"

Setting the value of the PickupDirectoryPath parameter to $null disables the Pickup directory. The directory that is specified by the PickupDirectoryPath parameter and the ReplayDirectoryPath parameter can't be the same.

Changing the location of the Pickup directory does not copy any existing message files from the old Pickup directory to the new Pickup directory. The new Pickup directory location is active almost immediately after the configuration change, but any existing message files are left in the old Pickup directory.

 To use the Exchange Management Shell to configure the maximum size for message headers that are accepted by the Pickup directory

• Run the following command:

Set-TransportServer <Identity> -PickupDirectoryMaxHeaderSize <HeaderSize>

 To use the Exchange Management Shell to configure the maximum number of recipients in a message that is accepted by the Pickup directory

• Run the following command:

Set-TransportServer <Identity> -PickupDirectoryMaxRecipientsPerMessage <NumberOfRecipients>

 To use the Exchange Management Shell to configure the maximum rate of message processing by the Pickup directory

• Run the following command:

Set-TransportServer <Identity> -PickupDirectoryMaxMessagesPerMinute <MessagesPerMinute>

How to Configure the Replay Directory

By default, the Replay directory exists on every Microsoft Exchange Server 2007 computer that has the Hub Transport server role or the Edge Transport server role installed. Correctly formatted e-mail message files that you copy to the Replay directory are submitted for delivery. The Replay directory receives messages from non-SMTP foreign gateway servers and resubmits messages that administrators export from the queues of Exchange 2007 servers.

 To use the Exchange Management Shell to configure the maximum rate of message processing by the Replay directory

• Run the following command:

Set-TransportServer <Identity> -PickupDirectoryMaxMessagesPerMinute <MessagesPerMinute>

Managing Transport Agents

Transport agents let you install custom software on a server running Microsoft Exchange Server 2007 that will process e-mail messages that pass through the categorizer on a Hub Transport server role or Edge Transport server role. Custom transport agents enable additional functionality in Exchange 2007, such as anti-spam or antivirus programs from third-party vendors.

Transport agents are typically installed automatically as part of applications that are designed to function together with Exchange 2007. However, there may be instances where organizations want develop their own transport agents to manage mail that flows through their Exchange 2007 organization.

 To use the Exchange Management Shell to enable pipeline tracing

Pipeline tracing is a very handy feature for Email Administrators introduced in MS-Exchange 2007. After enabling it you can get a detailed log of message routing through Hub Transport or Edge Transport Servers, this helps me many times to isolate transport issues.

Pipeline tracing generates log files only for e-mail messages that are sent from the Simple Mail Transfer Protocol (SMTP) e-mail address that you specify by using the PipelineTracingSenderAddress parameter on the Set-TransportServer cmdlet. Pipeline tracing does not generate log files for messages that are sent from any other e-mail address. The SMTP e-mail address that you specify can be internal or external to your Exchange organization.

To enable it run the following command in EMS:

Set-TransportServer <Identity> -PipelineTracingSenderAddress <SMTPAddress>

For example, to configure the SMTP address, abc@contoso.com, as the pipeline tracing sender address on the Server1 computer, run the following command in EMS:

Set-TransportServer Server1 –Pipe

lineTracingSenderAddress abc@contoso.com

Once enabled then try sending email using the above email address it will generate the whole transport log in C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\PipelineTracing by default, you can find this folder on Exchange Server. You can change the default path using this command in EMS:

Set-TransportServer <Identity> -PipelineTracingPath <LocalFilePath>

For example, to set the location of the pipeline tracing log directory to C:\Pipeline Tracing Logs, run the following command in EMS:

Set-TransportServer Server1 -PipelineTracingPath "C:\Pipeline Tracing Logs"

 Transport Logs

The transport logs that are available on a Hub Transport server or an Edge Transport server are described in the following list:

• Connectivity log   A connectivity log is a record of the Simple Mail Transfer Protocol (SMTP) connection activity of the outbound message delivery queues to the destination Mailbox server, smart host, or domain. Connectivity logging is available on Hub Transport servers and Edge Transport servers. By default, connectivity logging is disabled.
• Protocol log   A protocol log is a record of the SMTP activity between messaging servers as part of message delivery. This SMTP activity occurs on Send connectors and Receive connectors that are configured on Hub Transport servers and Edge Transport servers. By default, protocol logging is disabled.
• Message tracking log   A message tracking log is a detailed log of all message activity as messages are transferred to and from a computer that is running Exchange. Message tracking is available on Hub Transport servers, Edge Transport servers, and Mailbox servers. By default, message tracking is enabled.
• Agent log   An agent log is a record of the actions that are performed on a message by the Exchange 2007 anti-spam and antivirus agents. Typically, these agents are enabled on Edge Transport servers. However, you can also enable them on Hub Transport servers. By default, agent logging is enabled.
• Routing table log   A routing table log periodically records a snapshot of the routing table that is used by Hub Transport servers and Edge Transport servers to deliver messages. By default, routing table logging is enabled.

How to Configure a Hub Site

This topic explains how to use the Exchange Management Shell to configure an Active Directory service site as a hub site for message routing in Microsoft Exchange Server 2007. In your Exchange organization, you may want to force relay of all message delivery through a particular Active Directory site. In this scenario, connectivity may prevent direct Simple Mail Transfer Protocol (SMTP) relay between sites and require that messages be relayed through an interim site before they are sent to their destination. You may also want to relay all messages through a particular site because of your organization's internal policies.

You can use Exchange Management Shell tasks to designate an Active Directory site as a hub site. By designating an Active Directory site as a hub site, you cause additional overall overhead because more servers are involved in message delivery. Be aware that routing only recognizes and stops at a hub site if the hub site is somewhere along the least cost routing path. When an Active Directory site is configured as a hub site, routing paths that include that site are always relayed through the hub site.

After the least cost routing path is chosen, routing determines whether there is a hub site along that path. If a hub site is configured, messages stop at a Hub Transport server in the hub site before they are relayed to the target destination. If there is more than one hub site along the least cost routing path, messages stop at each hub site along the path.

To use the Exchange Management Shell to configure an Active Directory site as a hub site

1. Run the following command:

Set-AdSite -Identity "Site A" -HubSiteEnabled $true

To use the Exchange Management Shell set an Exchange cost on an Active Directory IP site link

1. Run the following command to set an Exchange cost on an Active Directory IP site link:

Set-AdSiteLink -Identity IPSITELINKAB -ExchangeCost 10

To use the Exchange Management Shell to configure a maximum message size limit on an Active Directory site link

• Run the following command to configure a maximum message size limit on a single Active Directory site link:

Set-AdSiteLink -Identity DEFAULTIPSITELINK -MaxMessageSize 10MB

Run the following command to configure the same maximum message size limit on all Active Directory site links:

Get-AdSiteLink | Set-AdSiteLink -MaxMessageSize 10MB

Exchange Server 2007 Email Routing

The main Exchange Server 2007 routing topology features are:

• No more routing groups
• No more routing group connectors
• Uses AD site links instead
• Uses least cost routing based on network layer’s OSPF capabilities
• Queues close to point of failure
• Improved bifurcation algorithm

This means no link state routing like in Exchange Server 2003 anymore.

Role Based Setup

Before you begin setting up your Exchange Server 2007 environment you should make sure that your Active Directory Site structure is clear and does not contain any configuration errors. This means you should probably rethink your configuration and update it if necessary.

While setting up your Exchange Server 2007 machine, you have to choose which server role you want to implement. Exchange Server Hub Transport role is the basis of your routing structure. If you are running a one site Active Directory infrastructure, your design will be quite simple, but if you are hosting Active Directory within multiple sites, your Active Directory Site Links are the basis for your Exchange Routing Topology. This means your site link costs are based on calculating the best way to route messages between sites.

If you are installing Exchange Server 2007 in an existing forest, you will be prompted to choose which of your existing routing groups you will connect with. This is because all of your Exchange 2007 servers will exist in a special routing group that should only house Exchange 2007 servers. In an ideal world, your first Exchange 2007 server will be near one of your existing hub routing groups.

Understanding Intra-Organizational Mail Routing

Routing between two sites with only one Exchange Server 2007 in each site is quite easy.

                                              Figure 1: Routing between two Sites

In an environment with at least three sites in one chain we can see new behavior when an email is sent from the first to the third site. Compared to earlier versions of Exchange Server, Exchange 2007 will now try to route the message directly.

                                                Figure 2: Routing between three Sites

Exchange will now directly route the message to the third site, because use of the second site is only an extra cost and does not have any further advantages. The amount of WAN-Link would not decrease, but the site in between would have to use CPU and other resources for receiving and sending the message. In addition this mail would take more time.

                                      Figure 3: Routing between three Sites in case of failure

Now Exchange will queue the mail to site C at the server nearest to its destination server.

                            Figure 4: Routing between three Sites in case of redundancy

In case of redundancy of site links, we always have the topology of routing with least costs.

After having understood how to configure intra-organizational email routing, we will now have a look at how to connect Exchange Server 2007 to the internet.