How Enterprise Vault handles Exchange 2000 and Exchange Server 2003 journal reports
|Article:HOWTO58368|||||Created: 2011-08-01|||||Updated: 2013-07-12|||||Article URL http://www.symantec.com/docs/HOWTO58368|
When the Enterprise Vault Journaling task receives an Exchange 2000 or Exchange Server 2003 journal report:
The complete list of recipients is extracted from the journal report contents.
This list is compared with recipients in the header of the attached message. Recipients found in the journal report but not the attached message header are classed as Undisclosed recipients.
If a BCC recipient is also in the TO or CC fields and the message arrives over SMTP, then Enterprise Vault will store the recipient in the TO or CC field but not in the Undisclosed field.
When messages are addressed to Alternate recipients and BCC recipients and sent over SMTP, these recipients will be included in the body of the journal report but not in the message header of the original message. As there is no way of discovering the original category of such recipients, Enterprise Vault will store them as Undisclosed recipients.
When a message is redirected to an Alternate recipient (that is, forwarded to the Alternate recipient without actually being delivered to the original recipient), then the message headers will show the originally intended recipient and not the final (Alternate) recipient. Both recipients will be indexed, even though the originally intended recipient never actually received the message. This is because it is not possible to determine from the journal report that the original recipient was skipped.
If an Alternate recipient also appears as an originally intended recipient (TO or CC), then the recipient will not be stored as an Undisclosed recipient.
A copy of the journal report, complete with original message attached, is passed to any external filters (including the Compliance Accelerator Journaling Connector, if configured).
The journaling task cannot archive a message from the journal mailbox if it cannot find the message body or the Message-ID, Recipients, and Sender tags in the journal report. For example, these can be stripped by antivirus applications that find suspicious messages.
The journaling task copies any journal report that it cannot process to the folder Enterprise Vault Journaling Service/Failed To Copy.
Article URL http://www.symantec.com/docs/HOWTO58368