Re: [PEN-TEST] archiving exchange workgroup mail

[Glenn Pearl <glennp () BROOKE-STAFFING COM>]

Unfortunately not.

Additionally, you'll need to have some way to keep your journal mailbox
archived.  Otherwise, it will quickly eat up all of your disk space.  We
autoarchive through Outlook to a .pst, then .zip it to CDR.  There's an
Exchange Mailbox Manager that came with SP3 (I think) that works on the
server end, but I don't think its any more configurable than journalling.
Haven't looked at it in detail as yet.

Glenn Pearl

> -----Original Message-----
> From: Riley, Steven (Security) [SMTP:steven.riley () WCOM CO UK]
> Sent: Thursday, December 07, 2000 3:04 AM
> To:   PEN-TEST () SECURITYFOCUS COM
> Subject:      Re: [PEN-TEST] archiving exchange workgroup mail
>
> Is it possible to journal a single users Mailbox?
>
> Steve
>
> -----Original Message-----
> From: martin [mailto:m () RL206 ORG]
> Sent: 07 December 2000 00:11
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: [PEN-TEST] archiving exchange workgroup mail
>
>
>  Shamefully, I learned how to do this while
> teaching exchange courses.
>
> There is a not commonly known feature called
> message journaling, which enables
> _all_ mail on an exchange box to be logged to
> a specified mailbox. This works by modifying
> the message flow to force all messages to pass
> through the exchange MTA component, and capturing
> all of these messages (under normal circumstances,
> mail delivered between users on the same server
> does not pass through the MTA, only the information
> store).
>
> The only way to do this (on 5.5, anyway) is by adding
> registry entries, and setting a mailbox to receive.
> The following is sourced "roughly" from an exchange
> text:
>
> 1. Launch the admin program in raw mode (admin /r),
> and observe the raw properties of the target mailbox
> for archived mail. In the "Object Attributes" box, select
> Obj-Dist-Name, and record the X500 DN (distinguished name)
> of the object.
>
> 2. In regedit.. open hkey_local_machine\system\current
> controlset\services\msexchangemta\parameters.
> Add a string value named "Journal Recipient Name'.
> Set the value of the string to the DN of the object
> observed in the admin program (target mbox).
> Create a dword value (in the same key) called
> "Per-Site Journal Required". For org level journalling,
> set the value to 0, for site level , set it to 1.
>
> 3. (This is where message flow is modified)..
>  Open hkey_local_machine\system\currentcontrolset\services\
> msexchangeis\parameterssystem.
>  Add a dword value named "No Local Delivery". Set this
> value to 1.
>
> Open hkey_local_machine\system\currentcontrolset\services\
> msexchangeimc\parameters. Add a dword value named
> "ReRouteViaStore". Set this value to 1.
>
>
>
>
> This will intercept all messages on the target, including
> internet in/out (provided clients are using the exchange smtp)
> and local (between exchange connectors, MTA's, and local betweeen
>  mailboxes on the same information store).
>
> Hope this helps.
>
> -m.
> --
> This communication contains information which is confidential and
> may also be privileged.  It is for the exclusive use of the
> intended recipient(s).  If you are not the intended recipient(s),
> please note that any distribution, copying or use of this
> communication or the information in it is strictly prohibited.
> If you have received this communication in error, please notify
> the sender immediately and then destroy any copies of it.