10.5 The Exchange Mailbox Manager

 < Day Day Up > 



The Mailbox Manager tool provides an automated way for administrators to enforce a basic email retention policy for mailbox contents. First introduced in Exchange 5.5 SP3, Microsoft totally rewrote the original MAPI code to use ADO and OLE/DB and integrated the Mailbox Manager with Exchange System Manager (ESM). Microsoft was not able to complete this work before it shipped Exchange 2000 in October 2000, so the Mailbox Manager made a delayed appearance in SP1. The Mailbox Manager is now an essential part of any administrator's toolkit, and for more reasons than just keeping mailboxes clean.

10.5.1 Email and discovery

The problem of embarrassing text appearing in discovered email is not new, as Oliver North so convincingly proved when investigators recovered incriminating email from an IBM PROFS mainframe system to display at the Iran-Contra hearings in 1987. Discovery actions are increasingly common, because lawyers understand that asking to scan internal email is a great way to find evidence that people create and store themselves. For example, New York State Attorney General Eliot Spitzer showed that email sent (on an Exchange system) by Merrill Lynch analyst Henry Blodget indicated he had not been as candid as he could with investors, and Jack Grub- man's messages to WorldCom executives provided part of the case against Salomon Smith Barney. According to IDC[3] in late 2002, businesses generate 13 billion emails daily. Many of these messages end up in mailboxes waiting for users to clean them out or for lawyers to come along and peruse their contents. In addition, backup tapes hold billions of deleted messages that investigators can ask companies to recover during discovery actions.

The problem is that people do not consider emails to be business documents. The long-time rule is never to put anything into a message that you would not like the public to read, but everyone ignores this rule. Users are happy to send each other the most confidential and interesting information, including attachments that hold critical business or personal data. There is a comfortable informality about an email exchange with friends or business colleagues where users express emotions, lay out views about competitors or partners, or make statements that they would never say in public. Apart from the messages kept on servers, copies exist in offline replicas on laptops or partial replicas on hand-held devices such as Pocket PCs, smartphones, or other handheld devices—all of which are commonly stolen or lost. Most thieves only want to sell what they have stolen, but some are interested in what they find on a laptop and may even use the information for blackmail.

In the United States, statutory requirements further restrict what companies can do. For example, the Sarbanes-Oxley act makes it illegal to destroy or attempt to destroy any document relating to a federal investigation, while the SEC mandates the capture of any electronic communication relating to trading activities.

You can certainly encrypt email, but investigators can demand that you recover the personal keys of users to allow them to read the messages. It is possible that the keys are not available, as is the case when users protect messages with personal encryption tools such as PGP; but it is not feasible to ask thousands of users to install such tools and then manage the process of distributing public keys to anyone they need to communicate with.

Some companies deploy solutions such as Secure Mail from Tumbleweed (www.tumbleweed.com) to scan messages for inappropriate content, key phrases that might indicate illegal actions, and so on. Companies in the financial sector that have to comply with various laws can scan outgoing messages to ensure that traders are not giving inappropriate advice to clients. In other situations, you may simply want to ensure that users do not include references to material such as pornographic jokes, which might seem amusing to the sender but can quickly lead to a lawsuit if the recipient finds the message distasteful. It is interesting to note that in some cases companies have found that network use has declined significantly as soon as they implemented email scanners, possibly because users quickly realized that the system would detect and report any potentially undesirable activities on their part. Of course, if you do implement an email scanner, it is only fair to inform users that the scanner is active as well as the type of content it is checking. Apart from anything else, letting people know exactly where the boundaries exist may avoid a future defense of "no one told me that this was forbidden" if you have to take action against an individual.

Other products, such as the Policy Manager product from Omina Policy Systems (http://www.disappearing.com/products/policy_manager/) integrate with Outlook to stop users from forwarding messages outside the company and implement strict retention and compliance policies. Another set of products, such as those from Authentica (www.authentica.com), focus on implementing "electronic shredding" by giving messages a set lifetime, after which they will automatically disappear, or prevent unauthorized users from reading messages by removing the ability to forward or print email or cut-and-paste content from one message to another.

Microsoft is entering the field with the introduction of its rights management protection initiative, which aims to protect electronic information through policies that you define for user access, as well as which actions someone can take with information—for example, whether users can print, forward, or edit the data. Microsoft will implement this technology through its Windows 2003–based Rights Management Services (RMS), using XML and XrML (rights expression language standard) to define and manage the digital rights required to access and manipulate data. When you install and commission a rights management server, you can then install client extensions for Office applications and Web browsers to force them to comply with restrictions. For example, Figure 10.21 shows how Outlook 2003 incorporates an icon to allow users to mark messages that contain protected data. In this case, the recipient is able to read the message, but he or she cannot forward or print it or cut information out of the body and paste it into another file. Installing the rights management extensions for Office applications is only the start, since you also need to figure out how to manage the underlying infrastructure and support users who complain that they cannot access messages for one reason or another.

click to expand
Figure 10.21: A secret Outlook message.

The important point is to establish a policy that clearly states what your company's stand is on the transport of confidential information inside email and how users should retain information. You can always delete some messages immediately after you read them; others you probably need to keep until the completion of a project or other activity. Implementing automated tools such as the Mailbox Manager can help keep mailboxes clean and remove messages after specific periods while leaving certain folders untouched.

10.5.2 Email retention policies

Mailbox management is only one part of an email retention policy, which may also include how to allocate and control mailbox quotas, how users deal with confidential information, virus protection, scanning for inappropriate content on outgoing messages, antispam protection, archiving, and so on. Most Exchange administrators begin with mailbox quotas, and we have seen a steady growth in the size of mailboxes from the average 25 MB or so allocated in 1996–1997 to an average of 100 MB today. You must protect every Exchange server against viruses. Servers that are unprotected by an integrated antivirus product have administrators who border on stupidity. Archiving continues to be of interest, with a lot of activity in the financial sector in order to satisfy legislative requirements. The most sophisticated archiving products implement policies that automate movement of data from user mailboxes into hierarchical storage mechanisms, together with appropriate mechanisms to inform users when data is archived, and to allow them to retrieve information as needed. At the other end of the scale, you can use Outlook's archiving feature to move items from server mailboxes into PSTs.

Every organization is different, and an email retention policy that fits all needs does not exist. The important point is to consider the type of policy that might be appropriate within an organization, integrate it with other sources of data such as network file shares and Web servers, and then work out how to implement the policy. Out-of-the-box tools such as the Mailbox Manager can help, but they are only fully effective when integrated into an overall plan for information management. However, even when an overall plan is not available, Mailbox Manager helps users to manage their mailbox quotas.

10.5.3 Defining a policy for mailbox management

You can divide a mailbox management policy into four main parts:

  • The action enforced by the policy for items that meet the criteria stated in the policy. The available choices are:

    • Generate a report and send it to the mailbox owner and take no further action.

    • Move the items to the Deleted Items folder, where the items will either remain or be deleted the next time the user exits the mailbox (the exact action depends on a client setting).

    • Move the items to a set of folders under "System Cleanup," from where users can move the items back into other folders if they wish.

    • Delete the items immediately. Note that deleted items remain in the Deleted Items cache. Users can recover these items from the cache if they wish.

  • The criteria (such as the age of items) that the Mailbox Manager uses to check items in each folder. Individual criteria are set for the set of default folders that appears in every user's mailbox (Inbox, Tasks, Calendar, and so on) and you can add additional folders. A "catch-all" setting for all other folders is also set.

  • Whether or not to send a notification message to each mailbox's owner after the Mailbox Manager completes processing all the folders in the mailbox.

  • Whether the Mailbox Manager should exclude selected message classes from processing. Typically, you only need to take this option when Outlook uses customized message forms for applications such as expense or time reporting, in which case you may wish to exclude the message class used for these forms.

Note that you can only have a single active mailbox management policy for a recipient. You can certainly define multiple policies, but the System Attendant only respects the first that it finds.

Mailbox Manager can check items based on their size (in KB), age (since created or last modified), or either value on its own. These settings are folder specific. As an example, Figure 10.22 shows the check for "All Other Mail Folders" being set to 365 days and 1,024 KB. In other words, Mailbox Manager examines the folder to find any item that is older than one year and larger than 1 MB. Being able to establish criteria for every folder enables enormous flexibility, if you want to take advantage of this capability. For example, you could allow users to have a special folder that is never checked that acts as a "dumping ground" for large documents or items that the users want to keep. If defined in the policy, the System Attendant generates and sends a notification message to the mailbox owner to inform him or her what has happened during processing. You define the text of the notification message within the recipient policy, as shown in Figure 10.23. Note that the text is completely plain and the editor does not support bolding, underlining, or other text effects.

click to expand
Figure 10.22: Mailbox Manager policy settings.

click to expand
Figure 10.23: Creating notification message text.

10.5.4 Running Mailbox Manager

After a suitable recipient policy is defined and applied, the Mailbox Manager runs according to a schedule set through the mailbox management properties of a target Exchange server (Figure 10.24), or it can be started manually (Figure 10.25). Note that you can start Mailbox Manager processing on a server, but nothing happens if you have not defined a suitable recipient policy to select the mailboxes on that server. Unlike the previous version of Mailbox Manager, which is able to process mailboxes on a remote server, the current version only processes mailboxes on the same server.

click to expand
Figure 10.24: Mailbox management server properties.

click to expand
Figure 10.25: Starting the Mailbox Manager.

In general, Mailbox Manager processing generates a heavy load on a server, so it is unwise to start or schedule a run during peak user times. The standard options are to run the Mailbox Manager at midnight on either Saturday or Sunday, or to use a custom schedule. Anecdotal evidence suggests that the Mailbox Manager can generate an extra 20 percent load for a server when it is active, although your mileage will vary depending on server configuration, the number of mailboxes, the number of folders and items in the mailboxes, and the load generated by users during a Mailbox Manager run.

Users are likely to be surprised when you put the Mailbox Manager to use, especially if you have not made any great effort previously to control mailbox quotas. Apart from the concept that a system process can trawl through their mailboxes to (in their minds) arbitrarily select and delete items, users do not like sudden changes to their work conditions. It is, therefore, a good idea to educate users about the need for email retention policies and position Mailbox Manager as a way of helping to relieve users from the need to go through old messages themselves.

It is also a good idea to start slowly and build toward the type of email retention policy that you want to achieve. Users will probably protest if you start by deleting every item that is more than 30 days old, but they are unlikely to worry as much if you begin by looking for items that are six months old and larger than 1 MB. After running Mailbox Manager for three months, it becomes part of background system maintenance, similar to downtime due to planned server software upgrades, and you can tighten the retention criteria. Apart from anything else, starting with a loose retention policy restricts the possibility that you will make a mistake and end up deleting far more than you want. The concept of automated mailbox cleanup is not new and has existed in enterprise messaging systems since the mid-1980s. At that time, there were examples where enthusiastic system administrators deleted every message on a server. This results in very clean mailboxes and databases that are easy to maintain but also results in angry users. For this reason, you should run the Mailbox Manager first in report- only mode before progressing to a run that deletes items.

10.5.5 Mailbox Manager notification messages

The Mailbox Manager notes the number of messages that meet the set criteria as it processes each folder. The Mailbox Manager merges the complete results with the notification text from the recipient policy to create a notification message, which the System Attendant then sends to the mailbox owner. Figure 10.26 shows a sample notification message. Note that the text from the recipient policy is inserted as a header and footer for the message. If no messages meet the criteria, the text between the header and footer is blank. Users may not realize that a background process is checking their mailboxes, so it is a good idea to customize the notification text both to inform users about what is happening and to tell them what to do if they have a problem. The example text explains that the Mailbox Manager looks for messages that are larger than 1 MB and over 90 days old and performs specific checks on the Inbox and Outbox folders. The remarks that close off the message are probably inappropriate in most environments, but some users may still possess a sense of humor after they receive a note such as this.

click to expand
Figure 10.26: User notification message.

After Mailbox Manager completes processing all mailboxes on a server, it generates a summary message for the administrator, as set in the properties of the server. The summary message (Figure 10.27) states the start and finish times, the number of mailboxes processed, the number of messages that meet the set criteria for removal, and the total size of these messages.

click to expand
Figure 10.27: Summary message from the Mailbox Manager.

You can gain maximum advantage by implementing the Mailbox Manager within an overall email retention policy, but even if you choose not to do this, the tool is a quick and simple way to implement a level of control over mailbox contents on an Exchange server. Before implementing, make sure that you advise users that the Mailbox Manager will process their mailboxes, so that users are not surprised when they receive the notification messages.

10.5.6 Mailbox Manager diagnostics

As with all Exchange processes, the Mailbox Manager usually only logs important or critical events. The Mailbox Manager runs under the System Attendant process, so you have to increase the diagnostic logging level for the MSExchangeSA service if you suspect that things are not working. Figure 10.28 shows the properties of a server with the "Diagnostic Logging" page selected. The active services are listed, and you can select one of the service categories to increase logging—in this case, we want to increase logging for the Mailbox Management category, which is set to maximum. Exchange is a verbose application and logs a large number of events whenever you turn the logging level up. With maximum logging enabled, you will see the following events (with the number and meaning shown):

  • (9214) Mailbox Manager processing starts on a server

  • (9221) Start processing a mailbox (mailbox name is listed)

  • (9220) Recipient policy is applied to the mailbox

  • (9224) Total of items and their size found in the mailbox is reported

  • (9225) Start processing a folder

  • (9228) Number of items and size found in the folder is reported

  • (9303) Number of items and size to be deleted is reported (see Figure 10.28)

  • (9302) Finished cleaning a mailbox

  • (9215) Mailbox Manager completes processing and reports how many items (and their size) it has removed

click to expand
Figure 10.28: Mailbox Manager diagnostics.

You may also see event 1022 followed by event 9231, which means that the Mailbox Manager is unable to log on to a mailbox. The usual reason is that an administrator has mail-enabled a user, but the mailbox is not yet created because Exchange only creates the mailbox when a user logs on for the first time.

[3] . Quoted in Forbes.com, November 25, 2002.



 < Day Day Up > 



Microsoft Exchange Server 2003
Microsoft Exchange Server 2003 Administrators Pocket Consultant
ISBN: 0735619786
EAN: 2147483647
Year: 2003
Pages: 188

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net