Exchange 2013 Premium Journaling

Document created by user.oxriBaJeN4 Employee on Sep 14, 2015Last modified by user.oxriBaJeN4 Employee on Mar 27, 2017
Version 3Show Document
  • View in full screen mode

This guide details the steps involved in configuring journaling for Exchange 2013 and the requirements and steps to make it work within the Mimecast ecosystem.

If your Mimecast subscription includes the Journaling feature, and your service was provisioned after the 26th March 2015 you will find a Journal Connector has already been created for you, including an internal journal domain and journal address.


  • The Journal Domain is automatically created as, where is the domain your organization provided as your primary mail domain.
  • The Journal Contact is automatically created as


Use this address as the mail attribute for the external contact you create in Exchange to send journal messages to.

If your Mimecast service was provisioned before this date, or you want to add an additional journal connector you will need to manually add a journal domain, journal address, and journal connector as detailed below.

In order to use Premium Journaling, Enterprise Cal's are needed to stay in compliance.

Create a Journal Definition In Mimecast


The first step in configuring Journaling is to create a Journal Definition within the Administration Console.To accomplish this, do the following:


  1. Sign into the Mimecast Administration Console.
  2. Navigate to Administration | Services | Journaling:

  3. Click on the New Journal Service Definition button:

  4. Under Journal Service Properties in the Description field, enter a relevant name for the definition:

  5. In Transport Type pull-down, select SMTP:

  6. Under Connection Properties enter a Service Email Address using the following format: (where is the primary SMTP domain):
    You'll be using the Service Email Address throughout the rest of the Journal configuration process.
  7. In the Additional Source IP Ranges field, provide the IP Addresses from which Mimecast will receive Journaled messages. Theses are typically the external IPs of the Transport Service in the environment:
    Authorized Outbound IP addresses are automatically allowed, therefore this field can be left blank. This also applies to hosted environments sharing IP addresses or ranges.
    This field is expecting the IP Address with a CIDR mask, so ranges can be added in a single line. The proper syntax for a single address is /32.
    Other configurable values on the page are:

    DisabledAllows journal services to be taken offline without removing the Journal Service Definition.  Using the disabled option will result in the journal service being suspended, and any error conditions related to the connection will be reset.  This is useful if a journal mailbox is going to be offline for an extended period of time. When the journal mailbox is once again available, be sure to enable activity before removing the check.
    Any changes made to this checkbox are recorded in the event log.
    Use SMTP Authentication

    Can be enabled for enhanced security features. Once checked, this produces an additional field where a password should be entered. This password, along with the journal email address will be used as the SMTP-AUTH credentials.

    In order to make use of the authentication option, an SMTP Send Connector is required on the Exchange server for SMTPJournaling.

    Initial Process DelayAdvanced configuration options that should be left as the default values (default = 0), unless working on a Journaling issue with Mimecast Support.  Determines the time to wait before attempting to match a message to the archive
    Delivery Wait AttemptsAdvanced configuration options that should be left as the default values (default = 3), unless working on a Journaling issue with Mimecast Support. Determines the number of tries the system attempts to match a message before it is archived
    Period of Inactivity AllowedDefines how long the SMTP connector is allowed to be inactive without receiving any messages, before it is reported as being "down" (default = 180 minutes). Consider the setting carefully according to your Exchange Server environment. For example, if you operate in an environment with low email volumes, the connector is likely to handle a small Exchange database.  Therefore, you can set this value to a much higher value than the default to cater for quiet periods (e.g. overnight) and/or smaller email databases
    Journal Type

    Specify the Journal type as either Exchange Envelope Journaling (EEJ) or Standard EML

    Mimecast supports Journaling of emails (EML) in standard MIME format (without the EEJ wrapper), and emails journaled in EEJ format.  Standard emails (EML) files can only be assigned to mailboxes based on the message headers (which may not be reliable, and does not include BCC recipients).  Exchange Envelope Journal emails are the preferred option in terms of accuracy when determining the recipients for an email.


    An additional feature of the Exchange Envelope Journaling service is that it “steps down” to handle incorrectly enveloped messages in an EEJ mailbox.  On occasions, journal mailboxes may receive non-envelope journaled emails. These messages would normally cause the journal service to fail. Mimecast auto-detects these malformed messages and absorbs them as normal emails, even though the journal mailbox is set to EEJ.

    EncryptedThis checkbox is selected by default, but is not required. If checked, Mimecast will only accept Journal messages over TLS. Journal messages not sent over TLS will be rejected.
    Prefer Clear Text VersionEnable this option for Active Directory Rights Management Services protected journal items.
    Journal Non Internal AddressesWhen enabled, items processed by the Journal Connector that do not hold any internal addresses will be archived.
    Journal Unknown Internal AddressesWhen enabled, items processed by the Journal Connector that are sent from or sent to unknown internal addresses will be archived.
  8. Once completed, click Save and Exit:


This concludes the steps involved in creating a Journal Definition in Mimecast.


Create a Journal Sub Domain in Mimecast


To accomplish this, do the following:

  1. Navigate to Administration | Directories | Internal Directories.
  2. Click the Register New Domain button from the top of the page. This displays a 3 stage wizard process:

  3. Review the information displayed, then type the name of the new Domain in the appropriate field:

  4. Click the Get Verification Code button to continue:

  5. You'll notice that step 2 is skipped because your parent domain already exists:


This concludes the steps involved in creating the Journal Sub Domain in Mimecast.


If you'd need to edit the sub domain, please see Email Domains.


Configure an External Contact in Exchange 2013


The next step is to create an External SMTP Contact using the following format:

Where is the primary SMTP domain.

To accomplish this, do the following from within your Exchange 2013 environment:


  1. In the Exchange Admin Center (EAC), navigate to Recipients, and then select Mail Contact:


  2. Click on the + icon followed by Mail Contact.
    This displays the New Mail Contact popup window.
  3. Complete the Contact Information popup fields similar to below:

    By default under Organizational Unit (OU), the path to the Users container is displayed.
    To modify this field, click Browse, and then select the required OU.

  4. To complete the configuration, click the Save button.


This concludes the steps involved in creating an External Contact in Exchange 2013.


Configure Exchange 2013 Send Connector


The next step in this process is to configure the Exchange 2013 Send Connector from within the 2013 Exchange environment. This will enable archiving internal and external emails to the External SMTP contact created above.


To accomplish this, do the following from the Exchange 2013 environment:


  1. Open the Exchange 2013 Administration Center.
  2. Navigate to Mail Flow | Connectors:

  3. Click on the + icon to create a new Send Connector.
  4. Enter a Name for the connector, for example: Journal Send Connector to Mimecast. For Type, select Custom. When completed click Next:

  5. Under Network Settings select: Route mail through smart hosts radial button. When completed, click the + icon to add a smart host:


  6. Depending on your geographical location, use the table below to enter the Primary and Secondary Smart Hosts. When entering the Smart hosts, click Save when completed:


    North America

    Europe and Australia

    South Africa


    Off Shore

  7. When both Primary and Secondary Smart Hosts have been entered, click Next:


  8. Under Smart Host Authentication, select the None radio button, then click Next:


  9. Specify the Address space for which the connector should route mail by clicking click the + icon to add a domain:

  10. Enter the following information and when completed click Save:

    • *Type: SMTP
    • *Full Qualified DOmain Name (FQDN):
      Where is the journal sub domain created in the Create a Journal Sub Domain in Mimecast section of this document.
    • *Cost: 1
  11. Click Next:


  12. Click the + icon:


  13. Select the transport server(s) that will associate with this connector. Click Add when the server(s) are selected and then click OK:
    If running an environment with Edge Transport Servers, you'll need to push the Send Connector to Edge Transport Servers. Check the Microsoft website for instructions on how to accomplish this.

  14. When the servers have been added, click Finish:



This concludes the steps involved in creating a Send Connector in Exchange 2013.


Enable Exchange 2013 Premium Journaling


You're almost there. Lastly you'll need to enable Journaling from the Exchange 2013 environment.

Premium Journaling requires Enterprise CALs from Microsoft.

To accomplish this, do the following from within Exchange 2013:

  1. Navigate to Compliance Management | Journal Rules:


  2. Click the + icon to create a new Journal Rule:

  3. Enter the following information the fields show:
    1. In the Send journal reports to: field: e.g.
    2. Provide a name for the new journal rule in the Name: field: e.g. Mimecast Journaling
    3. Set the If the message is sent to or received from... option to [Apply to all messages]
    4. Set the Journal the following messages... option to All messages
    5. Click Save to finish
  4. The page should look similar to below:


This concludes the configuration process.


Verify Exchange 2013 Journaling


Now that all the Journaling configuration is complete. It's time to verify that the connections are working.


To accomplish this, do the following from the Mimecast Administration Console:


  1. Log into the Mimecast Administration Console.
  2. Navigate to Administration Services | Journaling:

  3. Note the Service Status of the Journaling connector:


    IconService StatusDescription
    Pending.gifService Awaiting Initial RunOn initial configuration, the status icons for SMTP journal connectors will be orange, with a service status of Service Awaiting Initial Run
    Successful.gifService OKOnce the first message is received by the connector, the icon will change, and the status updated to Service Enabled
    Failed.gifService ErrorIf Mimecast cannot connect to the Journal connector and retrieve emails, the status will change to Service Error

    If the connector configuration is not successful, please see the Troubleshooting Journaling article.
  4. View the current list of Journaling items by clicking the Queue Details button:

    For Exchange Envelope Journal Format (EJF), the actual recipient is displayed as the sender and the journal address as the recipient.

Now that journaling has been configured and working for Exchange 2013, you can move on to step 5 in the connect process; Connect