Route journal messages to Google Vault

You can use Google Vault to retain Microsoft Exchange journal messages and perform eDiscovery. You can also configure alerts, change the default rejection notice for your journal messages, and configure other controls. To forward users' journal messages to Gmail and retain them with Vault, the users must have Google Workspace accounts with Gmail turned on.

About Microsoft Exchange journaling

Exchange journaling lets you record a copy, or journal, of email communications in your organization and send them to a dedicated mailbox on an Exchange server. Journaling is different from archiving. Journaling records your users’ messages. Archiving is a way to store copies in a separate environment for regulatory compliance, data retention, or server maintenance.

An Exchange journal message contains the entire original message, including all headers and transport envelope information. The envelope information includes the sender and all recipients, including Bcc recipients and recipients in distribution lists. This data is required for compliance with most regulations.

Step 1: Create the receiving account

  1. Add the account. Specify an address that is in your domain (or subdomain) but not being used by an actual user. For example, if your domain is solarmora.com, add an account similar to exchange-journal@solarmora.com.
  2. The account must have a Google Workspace license that supports Vault. To check if your account supports Vault, go to License requirements.
  3. Put the account in its own organizational unit. For instructions, go to Add an organizational unit and Move users to an organizational unit.
  4. (Optional) To hide the account in your Directory, because this account isn’t for a real user and shouldn’t get emails, go to Hide a user from the Directory.

Step 2: Set up Gmail message retention in Vault

  1. Sign in to Vault.
  2. Follow the instructions in Retain Gmail messages with Vault to set a custom retention rule with the following parameters:
    1. Scope–Select the organizational unit that contains the email that will accept the journal message.
    2. Conditions–Use terms to specify which messages to retain. For example, to retain only messages received from external users, enter NOT from:*@your-domain. Or, to retain only messages sent to external users, enter NOT to:*@your-domain.
    3. Duration and action–Select Retention period. Enter how many days to keep messages and what to do with them when the retention rule expires. Journal messages can accumulate rapidly and aren’t deleted manually. We recommend that you purge all messages when the retention period expires. This way, you don’t keep messages you no longer need. And, you might save on eDiscovery costs.

Important: Don’t set a hold on the email that accepts journal messages. Holds prevent all messages from being deleted.

Step 3: Set up journal message acceptance in Gmail

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu ""and then"" Appsand thenGoogle Workspaceand thenGmailand thenRouting.
  3. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.

  4. Click Inbound email journal acceptance in Vault and check the Enable box.
  5. For Receive journal messages at the following address, enter an email address from your domain to accept journal messages. Specify an address that’s not being used by an actual user in your domain. 
  6. (Optional) To reject messages that are not sent from a preferred email address, for Only accept journal messages from this sender, enter the preferred email address. This address must match the exact From address that your Exchange server uses for journal messages. If you use multiple Exchange servers, we recommend leaving this field blank.
  7. For Bounce email address for failed journal deliveries, enter an email address to get an alert whenever there’s a bounce message for a journal message.
    Note: Retries for bounced journal messages can cause server queue backups.
  8. (Optional) To reject journal messages that are not DKIM/SPF authenticated, check the Reject journal messages that are not DKIM/SPF authenticated box and, optionally, for Edit the default rejection notice, enter a rejection notice.
    If a message is rejected, the rejection message includes the text that you enter as well as the default NDR message. For example, you can enter text, such as "Journal rejection," which helps you recognize the message as an Exchange journal.
  9. (Optional) To reject journal messages that don’t contain at least one recognized user, check the Reject journal messages for unrecognized recipients box.
    Important: 
    • The box is checked by default. If any of the unrecognized users are aliases or aren’t licensed for Vault, Exchange continually logs the event and retries the message. In turn, you receive repeated Exchange errors.
    • If you uncheck the box, any journal message containing unrecognized users is dropped without an alert. As a result, you can’t see which users’ messages aren’t being retained. Therefore, if there are users who aren’t licensed for Vault but should be, you have no way to identify them. To help avoid these issues, we recommend that you try to ensure that all relevant users are licensed for Vault.
  10. (Optional) To only accept journal messages from certain IP ranges (messages outside the range are rejected):
    1. Click Add.
    2. Enter the IP address ranges of your Exchange servers and click Save.
    3. If these IP ranges are not hosted IP ranges shared among multiple customers, include the journal IP ranges in the inbound mail gateway. For details, go to Set up an inbound mail gateway.
  11. Click Add setting or Save.
  12. Click Save. If you configured an organizational unit or group, you might be able to Inherit or Override a parent organizational unit, or Unset a group.

It can take up to 24 hours for changes to propagate to user accounts. You can track changes in the Admin console audit log.

Step 4: Configure Exchange server to forward journal messages to receiving address

 If you’re using Exchange Online, follow these steps instead.

Expand all  |  Collapse all & go to top

1. Before you begin
  • If you previously set up Exchange journaling, you might have already completed some of these steps. However, we recommend that you follow each step in this process to ensure that Exchange journaling is configured properly.  
  • Google Workspace support does not provide support for on-premise mail servers or third-party products. In the event of an Exchange issue, consult your Exchange administrator. 
  • These instructions are designed to work with common Exchange scenarios. Any changes to your Exchange configuration should be made in consultation with your Exchange administrator.
2. Create SMTP contact & configure settings

To forward journal messages in your journaling mailboxes to the receiving address, you must add a new contact or update an existing contact in Microsoft Active Directory. Microsoft refers to this contact as the custom SMTP recipient because the Exchange journaling server forwards all journal messages to your receiving address using SMTP.

Create a new SMTP contact

  1. Open Active Directory Users and Computers.
  2. Right-click the organizational unit where you want to create the contact and select Newand thenContact.
    The custom SMTP recipient must match the email address that you added in the Receive journal messages at the following address field (above on this page).
  3. Enter the following information:
    • First Name: Google
    • Last Name: Vault
    • Display Name: Google Vault
  4. Click OK.
  5. On the Mailbox server, open the Exchange Management Console.
  6. Expand Recipient Configuration, right-click Mail Contact, and select New Mail Contact.
  7. Click Existing Contact, select the Google Vault contact you just created, and click OK.
  8. Click Next.
  9. For External Email Address, click Edit and enter the same address that you created for the receiving account (above on this page), for example, exchange-journal@solarmora.com.
  10. Click OKand thenNextand thenNew.

Configure the message format settings

In Exchange 2007, journal reports are sent in S/TNEF format. In Exchange 2007 SP1 and Exchange 2010, you can send journal reports in S/TNEF or MIME. Use MIME output for journal reports. MIME is only supported with Exchange 2007 SP1 and newer versions of Exchange. Earlier versions are not supported. For more information about Exchange versions, refer to your Microsoft documentation.

  1. On the Mailbox server, open the Exchange Management console.
  2. Expand Recipient Configuration and select Mail Contact.
  3. Select the SMTP contactand thenclick Properties.
  4. Click General and for Use MAPI rich text format, click Never.
    With this setting, journal reports are sent in MIME rather than S/TNEF.
3. Set up journaling mailbox & create distribution list

You can set up several journaling mailboxes and mailbox databases on one or more Exchange servers. When setting up a journaling mailbox, you must place it in a mailbox database where you do not plan to turn on journaling.

Set up the journaling mailbox and create the distribution list for journaling

  1. On the Mailbox server, open the Exchange Management console.
  2. Expand Recipient Configuration, right-click Mailbox, and select New Mailbox.
  3. Click User Mailboxand thenNext.
  4. Select New Userand thenclick Next.
  5. Select the organizational unit where you want to create the journaling mailbox.
  6. For First Name, enter Archive.
  7. For Last Name, enter Master.
  8. For Name, enter Archive Master.
  9. For User logon name (User Principal Name), enter AMaster.
  10. Enter and confirm the password for the user.
  11. Uncheck the User must change password at next logon boxand thenclick Next.
  12. Select the appropriate mailbox database, messaging records management policy, and Exchange ActiveSync mailbox policyand thenclick Next.
  13. Review the configuration summary. If you need to make changes, click Back
  14. Click New to create the mailbox.
  15. In Active Directory, create a new distribution list (group) and name it Journal Recipient.
  16. Add the following members to the distribution list (group):
    1. SMTP contact—The same address you created in Create an SMTP contact (above on this page).
    2. Archive Master—You created this in step 8 (above on this page).
4. Turn on journaling

Depending on your version of Exchange, you can turn on standard or premium journaling. With standard journaling, you configure journaling for each relevant mailbox database. With premium journaling, you configure rules that identify the groups of senders and recipients for whom messages are journaled. For details on the type of journaling your Exchange version supports, consult your Microsoft documentation.

Depending on the size of your organization and the configuration of your rules, you may have one or many journaling mailboxes. In circumstances where you have numerous journaling mailboxes with large volumes of journal reports, you might want to dedicate specific resources to those mailbox databases.

Turn on standard journaling

  1. Open the Exchange Management Console.
  2. Expand Server Configuration and thenselect Mailbox.
  3. Select the server for the mailbox database where you want to turn on journaling.
  4. Right-click the mailbox databaseand thenclick Properties.
  5. Click Generaland thenJournal Recipient.
  6. For Send Journal reports to, click Browse, select Journal Recipient (the distribution list that you created of recipients of journaled messages), and click OK.
  7. Click OK.
    All journaled messages for users on this mailbox database are now sent to the Journal Recipient distribution list. 
  8. Repeat the steps for each mailbox database where you want journaling.

Turn on premium journaling

  1. Ensure that the Journaling agent is enabled on the Hub Transport server:
    • Issue the Get-TransportAgent command. If an agent name is not returned, the agent is not enabled.
    • If needed, to enable the Journaling agent, issue the Enable-TransportAgent -Identity “Journaling agent” command.
  2. On the Hub Transport Server, open the Exchange Management Console.
  3. Expand Organization Configuration and select Hub Transport.
  4. Click Journalingand thenNew Journal Rule and enter a name for the journal rule.
  5. For Send Journal reports to, click Browse and select Journal Recipient (the distribution list that you created of recipients of journaled messages).
  6. For Scope, select the scope of the journal rule.
    • To apply the rule to a single recipient (for Journal Messages for Recipient), click Browse and select the appropriate recipient.
    • To apply the rule to multiple recipients (for Journal Messages for Recipient), click Browse and select the appropriate distribution list.
  7. Click Newand thenFinish.
    All journaled messages for users on this Hub Transport server are now sent to AMaster.
  8. Repeat the steps for each Hub Transport server where you want journaling.
5. Create policy to delete messages from journaling mailbox

To ensure sufficient storage space for journal reports, you must create a Managed Content Setting rule to automatically delete all messages from the Inbox folder, at an interval you specify.

We suggest that you initially set this interval to every 7 days. Then, monitor the journaling mailbox size during the first few weeks after you turn on journaling and adjust the interval as needed. If you want to include all journal reports in your scheduled backups, set an appropriate interval to ensure that journal reports are not deleted before the backup runs.

Step 1: Create a managed content setting for the Inbox folder

  1. In the Exchange Management Console, expand Organization Configuration and select Mailbox.
  2. Click Managed Default Folders and select Inbox.
  3. In the action pane, click New Managed Content Settings to open the New Managed Content Settings wizard.
  4. For Name, enter Google Vault Content Setting.
  5. For Message Type, select All Mailbox Content.
  6. Check the Length of retention period day(s) box.
  7. Enter the number of days that you want to retain messages.
  8. For Retention period starts, select When delivered, end date for calendar and recurring tasks.
  9. For Action to take at the end of retention period, select Permanently delete.
  10. Click Next and thenNext to bypass the Journal page.
  11. Click New and thenFinish.

Step 2: Create a managed folder mailbox policy

  1. In the Exchange Management Console, expand Organization Configuration and select Mailbox.
  2. In the action pane, click New Managed Folder Mailbox Policy to open the New Managed Folder Mailbox Policy wizard.
  3. For Managed folder mailbox policy name, enter Google Vault Policy.
  4. For Specify the managed folders to link with this policy, click Add to open the Select Managed Folder dialog box.
  5. Select Inboxand thenclick OK.
  6. Click New and thenFinish.

Step 3: Apply the managed folder mailbox policy to the journaling mailbox

  1. In the Exchange Management Console, expand Recipient Configuration and select Mailbox.
  2. Right-click Archive Master and select Properties.
  3. Click Mailbox Settingsand thenMessaging Records Management and select Properties.
  4. Check the Managed folder mailbox policy box and click Browse.
  5. Select Google Vault Policy and click OK.
  6. Click OK to confirm.

Step 4: Configure the Managed Folder Assistant to run the policy

  1. In the Exchange Management console, expand Server Configuration and select Mailbox.
  2. Right-click the Mailbox server that hosts the Archive Master journaling mailbox and click Properties.
  3. Click Messaging Records Management and for Schedule the Managed Folder Assistant, select Use Custom Schedule and click Custom.
  4. For Schedule, select the times and days for the managed folder assistant to run.
    We suggest running the assistant during off-peak hours.
  5. Click OK.
6. Remove journaling mailbox from Global Address List

Now, you need to remove the journaling mailbox from your Exchange Global Address List to prevent users from sending email messages directly to the archive.

  1. Use the Set-Mailbox cmdlet to modify the settings for the journaling mailbox so that it's removed from the Global Address List. 
  2. Issue the Set-Mailbox AMaster -HiddenFromAddressListsEnabled $true command.
7. Prevent email from going directly to journaling mailbox

Finally, set up a delivery restriction for the AMaster user to prevent anyone from sending email messages directly to the journaling mailbox.

  1. Use the Set-Mailbox cmdlet to modify the settings for the journaling mailbox. 
  2. Issue the Set-Mailbox AMaster -AcceptMessagesOnlyFrom AMaster command.


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Search
Clear search
Close search
Google apps
Main menu
Search Help Center
false
false
true
73010
false
false