Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Custom filtering for journaling issue

Created: 17 Apr 2014 | 2 comments


I've opened a ticket with Symantec Support.  When I get a solution I will post.

Separate topic but I do custom filtering for journaling with EV as well.  I'm trying to customize the 'Default Filter Rules.xml' to do two things.  First, I want to strip 'TIF' attachments (we get a ton) as well as filter email sent to particular email addresses.  Every time I add rule 4 below the journaling task fails with event ID 2276.  I've added the required registry dword for this option.  

Second, the example xml file has a variety of rules including a rule to exclude email if it originates from an email address but not 'sent to'.  How would I filter for email 'Sent to' said email?  Would it be similar to the distro group example below?  Also, thought maybe the Rule 3 would apply here but that desciption also says 'if it originates' not sent to like I'm looking for.  Would it be as simple as changing author to recipient(s)?

<!--Rule 2: This rule will exclude any email from archiving
        if it is sent to distribution list.-->

<!--Rule 3: This rule will exclude any email from archiving
        if it originates from the email address below.-->
        <RULE NAME="Confirmation" ACTION="HARD_DELETE">

<!--Rule 4: (Available for Exchange Server archiving only)
  Delete TIF attachments before archiving-->
            <FILE FILENAME="*.TIF"/>

Comments 2 CommentsJump to latest comment

Rob.Wilcox's picture

Did you look at the information in the guide:

Setting up Exchange Server Archiving

ChrisATS's picture

Yes, I have been reviewing the Setting_up_Exchange Server Archiving doc.  I discovered a syntax error in rules 1 & 2 that was causing journaling to fail.  However, I still can't get Rule 4 into the xml without the journaling task failing.  I guess I'm not all that concerned.  We have a Faxpress server that forwards all efax's as TIF files from  I simply added a line to exclude archiving from that email addresss.  

It would be nice to sovle this as I'm implementing custom filtering for mailbox archiving as well.