Securing Journaling
I am trying to set up the Journaling Agent. Everything is working, but it is not as secure as Microsoft and others say it should be.
The problem I am having is setting up the Mail Delivery permissions. The cmdlet from the TechNet looks like this:
Set-Mailbox "Journaling Mailbox" -AcceptMessagesOnlyFrom "Microsoft Exchange" -RequireSenderAuthenticationEnabled $True
However, when I try to run it, I get an error saying that "Microsoft Exchange" is not a configured user.
Do I have to create the Microsoft Exchange group somehow?
Thank you in advance.
John Dombrowski
June 20th, 2008 7:41pm
Hi John,
Is SP1 installed on Exchange 2007? if not then you can not see "Microsoft Exchange" and you have to select "Administrator" account.
You can performthe same stepin GUI.
EMC -> Server Configuration -> Recipient Configuration -> Right Click & Select properties of Journal Mailbox -> Mail Flow Settings Tab -> Message Delivery Restrictions -> Properties -> Accept message from -> Only senders in the following lists -> Add Microsoft Exchange (if SP1 is installed) or Administrator (if SP1 is not installed) & select Required that all senders are authenticated.
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2008 8:12pm
I forgot to mention that SP1 is installed.
However, When I follow your directions Microsoft Exchange is not one of the options. I get a list of all the available mailboxes.
Come to think of it, when I first installed Exchange (with sp1), I think I went through and deleted all of the Mailboxes that it automatically created, and I bet that "Microsoft Exchange" was one of them. Do you know how I can get it back, or what it consist of so I can recreate it?
Thanks,
John
June 20th, 2008 9:15pm
Well, by adding Microsoft Exchange in accept message from, mailbox will accept mails only from Exchange Recipients of your organization. Microsoft Exchange is a hidden object available at below place but you can not see in Recipient Configuration -> Mailbox.
Open ADSIEdit.msc and go to below path.
Configuration -> Services -> Microsoft Exchange -> <Your Exchange Org> -> Transport Settings -> in Right Pane you can see an object with name MicrosoftExchange< GUID > with class msExchExchangeServerRecipient
If you are not able to see this object here then you can run setup /prepareAD which recreates any missing entry in Transport Settings in above path then you will be able to add in acceptmessagesonlyfrom option.
Hope this helps you...
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2008 10:01pm
Going through ADSIEdit.msc, I found the Microsoft Exchange object, and it looked like what you described. However, I still cannot add the object, through the GUI or the cmdlet. The error I get in Command Shellis: 'Object "Microsoft Exchange" could not be found'. When I go throug the GUI, after I click add, the Select Recipient window comes up and I see a list of all the mailboxes, but if I try to Find Microsoft Exchange, it says there are no objects selected.
Because of the termanology I need to use, it's been hard to do Google searches to find people who have had the same problem.
Thanks for your help.
John Dombrowski
June 23rd, 2008 3:08pm