Configuring Office 365 Journaling

Document created by user.oxriBaJeN4 Employee on Sep 14, 2015Last modified by user.oxriBaJeN4 Employee on May 9, 2019
Version 50Show Document
  • View in full screen mode


For information on Office 365 plans that support journaling, read this Microsoft Technet article: Exchange Online Service Description | Office 365 Service Descriptions. It describes the Exchange Online Protection (EOP) security feature set most commonly provided with Office 365, which has replaced legacy FOPE services. Microsoft doesn't support self email journaling (journaling from yourself to yourself).

Journaling is normally configured after recipient validation options are considered. See the Mimecast Connect article for further details.


If your Mimecast subscription includes journaling, and it started after 26th March 2015, you'll find a journal connector has automatically been created for you. This includes a journal:

  • Sub-domain called journal.<> (where <> is the domain you provided as your primary mail domain).
  • Contact called Use this address as the mail attribute for the external contact you create in Exchange to send journal messages to.


If your Mimecast subscription started before 26th March 2015, or you want to add an additional journal connector, you must manually add a journal domain, journal address, and journal connector as detailed below. This is likely if you're configuring journaling in a hybrid Office 365 or On-Premise environment, as you require two journal connectors or journal sub-domains.


Configuring a Journal Definition


To configure a Journal definition:

  1. Log on to the Administration Console.
  2. Select the Administration toolbar menu item.
  3. Select theServices | Journaling menu item.
  4. Select the New Journal Service Definition button:
  5. Complete the Journal Service Properties section:
    Field / OptionDescription
    DescriptionEnter a name for the definition.
    Transport TypeSelect the "SMTP" option.
    DisabledLeave this option unchecked. If checked, the definition isn't active.
  6. Complete the Connection Properties section as follows:
    Field / OptionDescription
    Service Email Address

    Enter a Service Email Address using the format (where is the primary SMTP domain).

    This is used throughout the rest of the journal configuration process.
    Additional Source IP Ranges

    Enter the IP Addresses from which we'll receive journaled messages. These are typically the external IPs of the Transport Service in the environment. IP Addresses are expected with a CIDR mask, so ranges can be added in a single line. The proper syntax for a single address is /32. For journaling from Office 365 accounts, customers must contact Mimecast Support to add the Office 365 IP ranges to your account.

    Authorized Outbound IP addresses are automatically allowed, therefore this field can be left blank. This also applies to hosted environments sharing IP addresses or ranges.

    If selected, the journal service is suspended, and any error conditions related to the connection are reset. This is useful if a journal mailbox is going to be offline for an extended period of time. Once the journal mailbox is available again, ensure this option is deselected. Changes to this option are recorded in the event log.

    Use SMTP Authentication

    If selected, an additional field is displayed to allow a password to be entered. This password, along with the journal email address is used as the SMTP-AUTH credentials.

    To make use of the authentication option, an SMTP Send Connector is required on the Exchange server for SMTP Journaling.
    Initial Process DelayLeave the default value (0) unless you're working on a journaling issue with Mimecast Support. Determines the time to wait before attempting to match a message to the archive.
    Delivery Wait AttemptsLeave the default value (3) unless you're working on a journaling issue with Mimecast Support.  Determines the number of tries the system attempts to match a message before it is archived.
    Period of Inactivity AllowedDefines how long the SMTP connector is allowed to be inactive without receiving any messages before it is reported as being "down" (default = 180 minutes). Consider the setting carefully according to your Exchange Server environment. For example, if you operate in an environment with low email volumes, the connector is likely to handle a small Exchange database. Therefore, you can set this to a much higher value than the default to cater for quiet periods (e.g. overnight) and/or smaller email databases.
    Journal Type

    Specify either Exchange Envelope Journaling (EEJ) or Standard EML.

    We support journaling in standard EML (without the EEJ wrapper) and EEJ formats. EML files can only be assigned to mailboxes based on the message headers. This may not be reliable, and doesn't include BCC recipients. EEJ messages are the preferred option in terms of accuracy when determining the recipients for an message. EEJ also “steps down” to handle incorrectly enveloped messages in an EEJ mailbox. On occasions, journal mailboxes may receive non-envelope journaled emails. These messages would normally cause the journal service to fail. We auto-detect these malformed messages and absorb them as normal emails, even though the journal mailbox is set to EEJ.
    EncryptedThis option is selected by default but isn't required. If selected, we'll only accept journal messages over TLS. Journal messages not sent over TLS are rejected.
    Prefer Clear Text VersionEnable this for Active Directory Rights Management Services protected journal items.
    Extended De-DuplicationIf selected, we wait ten minutes for the gateway item after having received the internal message via the Journal Connector for deduplication purposes. Only enable this option if internal messages are journaled via remote / local infrastructure, as well as delivered via the Mimecast gateway. 
    Remove Journal Headers

    Enable this option to instruct us to remove potentially sensitive journal headers that Microsoft Exchange might have added. 

    Headers that will be removed are X-MS-Exchange-Organization-BCC and X-MS-Exchange-CrossPremises-BCC. All other headers will be respected.

    Journal Non Internal AddressesIf selected, messages processed that don't hold any internal addresses are archived.
    Journal Unknown Internal AddressesIf selected, messages processed that are sent from or to unknown internal addresses are archived.
  7. Select the Save and Exit button.


Configuring a Journaling Sub Domain

This step isn't required when setting up Office 365 in a hybrid environment and you've previously set up a journal sub-domain and journal connector. Only one journal connector is required on the Mimecast side, and both the On Premises server and O365 can be configured to send journal messages to the same email address ( where is the primary SMTP domain).

With the email address configured, you must add the journal subdomain. To accomplish this:

  1. Log on to the Administration Console.
  2. Select the Administration toolbar menu item.
  3. Select the Directories | Internal Directories menu item.
  4. Select the Add Subdomain button. 
  5. Complete the dialog entering the value in the Journaling Value column:

    Field / OptionDescriptionJournaling Value
    Domain Name(s)Enter up to 100 subdomains, with each on a separate line.journal.<yourdomain>.com
    Inbound ChecksSelect the inbound checks to be performed on all external messages directed to the subdomain(s).Accept all Inbounds for this Domain
    Add Anti-Spoofing PolicyIf selected, Anti-Spoofing Policies are applied to all messages directed to the subdomains, preventing them from being spoofed from outside sources.Unselected
    For editing a subdomain, see the Email Domains page.


Exchange_Admin_Center_Contacts.pngConfiguring an External Contact in Office 365


  1. Log on to the Exchange Admin Center.
  2. Select the Recipients | Contacts menu item.
  3. Click the + icon to create a new contact.
  4. Complete the values on the form.
  5. Select Save.
    Ensure that the External Email Address for your contact matches the address used in the journal connection.

Configuring the Office 365 Send Connector

We recommend performing this process in Internet Explorer, due to an issue with the controls used in the final validation step.
  1. Log on to the Exchange Admin Center.
  2. Select the Mail Flow | Connectors menu item.
  3. Create a Connector, by completing the dialog as follows:
    Field / OptionDescription
    FromSelect "Office 365" option.
    ToSelect "Partner Organization" option.
  4. Select the Next button.
  5. Complete the New Connector dialog as follows:
    Field / OptionDescription
    NameProvide a name for the connector (e.g. Office 365 to Mimecast).
    DescriptionProvide a description for the connector.
    Turn It OnIf selected, the connector is enabled.
  6. Select the Next button.
  7. Select the Only When Email Messages are Sent to These Domains option.
  8. Select the + Icon to add the recipient domains that should use this connector.
  9. Enter the Domain of the external contact you created for this journal connection (e.g. journal.<>).
  10. Select the OK button.
  11. Select the Route Email Through These Smart Hosts option.
  12. Select the + Icon to add the smart hosts that should use this connector.
  13. Add the Smart Hosts from the table below for the region:

    Europe (Excluding Germany)



    South Africa


    Off Shore

  14. Select the Save button.
  15. Select the Next button.
  16. Ensure the following options are checked:
    • Always use Transport Layer Security (TLS) to Secure the Connection
    • Issued by a Trusted Certificate Authority (CA)
  17. Select the Next button. The connector's details are displayed.
  18. Select the + Icon.
  19. Enter the Journal Email Address created in the journaling profile of your Mimecast account.
  20. Select the Validate button.
  21. Disregard any errors in the validation and select the Save button.


Creating an Office 365 Journal Rule


Before you can create a journal rule in Exchange Online, you must specify the alternate journaling recipient for undeliverable journal reports. If a journal report can’t be delivered to the journaling mailbox specified in a journal rule, it is queued in Exchange Online for some time. If the condition persists for a longer period and queued journal reports can’t be delivered to the Journaling mailbox, they’re delivered to the alternate journaling recipient.

Journal Rule

To specify an alternate journaling recipient for undeliverable journal reports:

  1. Select the Compliance Management menu item in the Exchange Admin Center.
  2. Select the Journal Rules link in the toolbar.
  3. Select the Select Address link.
  4. Select the Browse button to display your list of users.
  5. Select a User.
    Microsoft recommends you specify a dedicated email address, because the specified email address won't have its own mail journaled. The specified email address is also used as the From address when O365 journals the messages to us. Therefore it needs to be an email address in the customer's domain. Failure to do this, results in a rejection.
  6. Select the OK button.
  7. Select the Save button.


To create a journal rule:

  1. Select the + Icon.
  2. Complete the dialog as follows:
    Field / OptionDescription
    *Send Journal ReportsEnter the email address of your journal contact. This receives the journal reports.
    NameEnter a name for the journal rule.
    *If the Message is Sent to or Received FromSelect the "Apply to all Messages" option.
    *Journal the Following MessagesSelect the "All Messages" option.
  3. Select the Save button.


Verifying Office 365 Premium Journaling


Once your journaling configuration is complete, verify that the connections are working:

  1. Log on to the Administration Console.
  2. Select the Administration toolbar menu item.
  3. Select the Services | Journaling menu item.
  4. Note the Service Status of the Journaling connector:


    IconService StatusDescription
    Pending.gifService Awaiting Initial RunOn initial configuration, the status icons for SMTP journal connectors are orange, with a status of "Service Awaiting Initial Run".
    Successful.gifService OKWhen the first message is received by the connector, the icon changes, and the status updated to "Service Enabled".
    Failed.gifService ErrorIf we cannot connect to the journal connector and retrieve messages, the status changes to "Service Error".

    If the connector configuration isn't successful, see the Troubleshooting Journaling article.
  5. journalVerify2.pngView the list of journaling items by selecting the Queue Details button:
For Exchange Envelope Journal Format (EJF), the recipient is displayed as the sender, and the journal address as the recipient.
4 people found this helpful