Selective journaling filter rules

Each line of the rules file takes the following format:

keyword:value

Table: List of Selective Journaling keywords for rules describes the keywords and values that you can enter in the file.

Table: List of Selective Journaling keywords for rules

Keyword

Description

Value

cont

Archive all items that have been sent to addresses that contain the specified text.

A text string. For example:

cont:flashads

The string can be part of an SMTP address.

distlist

Archive all items that have been sent to anyone who is on the specified distribution list.

The legacyExchangeDN of the distribution list. For example:

distlist:/o=acme/ou=finance/cn=recipients/cn=allfinance

ends

Archive all items that have been sent to addresses that end with the specified text.

A text string. For example:

ends:example.com

The string can be part of an SMTP address.

exact

Archive all items that have been sent to the specified email address.

The SMTP email address of the recipient. For example:

smith@example.com

recip

Archive all items that have been sent to the specified recipient. The recipient can be a user account or a distribution list.

The legacyExchangeDN of the recipient user account or distribution list. For example:

recip:/o=acme/ou=developer/cn=recipients/cn=smithj

starts

Archive all items that have been sent to addresses that start with the specified text.

A text string. For example:

starts:john

The string can be part of an SMTP address.

Note:

You can view the legacyExchangeDN property using ADSIEdit.msc or a similar Active Directory tool.

Employees and resources in an organization may have several SMTP addresses in addition to an internal, Exchange Server address. If you want to capture all email to a recipient in your organization use either the recip or distlist keyword with the address specified using the legacyExchangeDN. For example:

recip:/o=acme/ou=first administrative
group/cn=recipients/cn=John Doe

Alternatively, specify a distribution list that the recipient is a member of. For example,

distlist:/o=acme/ou=first administrative
group/cn=recipients/cn=Sales

Using the recip or distlist keyword will capture email to any of the recipient's SMTP addresses and also internal email to their Exchange Server address. In this situation, the keywords, exact, starts, ends, and cont are not appropriate, as they may not capture external inbound email to all the addresses that the recipient may have.

You can use the keywords, exact, starts, ends, and cont to capture email to and from domains or SMTP addresses that are external to your organization. For example, you could use ends:acme.com to capture all communication to and from the external domain, acme.com.