cancel
Showing results for 
Search instead for 
Did you mean: 

journal archive email format and dlp issue

patriot3w
Level 5
Partner Accredited

We exported the email from jorunal archive from DA as pst then convert to eml which will be scanned by Symantec DLP Network monitor, howerver the incident created no email address only sender name or recipent name.

The quesiton is when EV archived the email, which format it archived? Does it include the address or only name? From DA, there is an option to enable show the email address. See this KB: http://www.symantec.com/docs/TECH166289

Thanks. 

1 ACCEPTED SOLUTION

Accepted Solutions

Patti_Rodgers
Level 4
Employee Accredited Certified

I think it's the envelope journaling that is the key here.  The message itself  (P2) is actually submitted using the sender/recipient cannonical name, and the hub transport server will add the SMTP address as it puts the message in its envelope (P1).  See MS for more detail on how envelope journaling works with internal addresses: http://msdn.microsoft.com/en-us/library/office/cc842372.aspx

  When EV stores the item in the archive, the P2 is stored since it is the actual message, and the information in the P1 is written to the index and  saveset metadata, and the P1 envelope is discarded.  When you perform a PST export, you are not recreating this envelope. You are just exporting the actual message, and the SMTP address is not written on the actual message.

FWIW if you enable the API then DA gets the sender/recipient address by going through the API to read the saveset metadata  but I believe that is just for review and not for exports. 

View solution in original post

10 REPLIES 10

EV_Ajay
Level 6
Employee Accredited

Hello Pat ,

When EV archive the email it never change any information including header information. That means for example in the To field of email contain the Email address then EV archive and in shortcut it display Email address. If To field contain Display Name then EV archive and in shortcut it display Display Name.

 

patriot3w
Level 5
Partner Accredited

Hi Ajay,

 

So do you mean DA display using the display name while EV index the item using message header?

 

Thanks. 

EV_Ajay
Level 6
Employee Accredited

Yes ..... DA Display using Display Name that's why the Hotfix is mentioned in the TechNote. EV index the whole data.

Patti_Rodgers
Level 4
Employee Accredited Certified

Were the original items sourced from Exchange and collected by Envelope Journaling?

patriot3w
Level 5
Partner Accredited

enveloope journaling. The items are from journal archives.

If enable the API option, where the DA got the sender address or recipient address.?

Patti_Rodgers
Level 4
Employee Accredited Certified

I think it's the envelope journaling that is the key here.  The message itself  (P2) is actually submitted using the sender/recipient cannonical name, and the hub transport server will add the SMTP address as it puts the message in its envelope (P1).  See MS for more detail on how envelope journaling works with internal addresses: http://msdn.microsoft.com/en-us/library/office/cc842372.aspx

  When EV stores the item in the archive, the P2 is stored since it is the actual message, and the information in the P1 is written to the index and  saveset metadata, and the P1 envelope is discarded.  When you perform a PST export, you are not recreating this envelope. You are just exporting the actual message, and the SMTP address is not written on the actual message.

FWIW if you enable the API then DA gets the sender/recipient address by going through the API to read the saveset metadata  but I believe that is just for review and not for exports. 

EV_Ajay
Level 6
Employee Accredited

Hi Pat.

Any update on this issue.

 

patriot3w
Level 5
Partner Accredited

I can see the SMTP address in the email which exported as PST. Just the display name issue. Howerver is a pst file i got from POP3 mail account, the display name will show the name and email address. 

EV_Ajay
Level 6
Employee Accredited

Hi,

Do you have any updates on this thread? Do you need more assistance regarding this topic? Please mark the post that best solves your problem as the answer to this thread.

 

patriot3w
Level 5
Partner Accredited

can close this issue. thanks.