I'm modifying the 'Default Filter Rules.xml' file to filter out unncessary email from being arching in the journal. This is an Exchange 2010 SP2 environment. The manual says the following
<DL> distribution list name </DL> Use this form when you want to match messages that have been sent to any member of the specified distribution group. For example, if the rule contains the following line: <DL>ALL SALES</DL> Then messages sent to any member of the distibution list or group called ALL SALES will match, irrespective of whether the member's name is shown as the Display Name or SMTP address on the message.
I'm afraid that if for example I added the distro list named EVERYONE I'm going to in essence filter out all email from being archived which isn't what I'm trying to accomplish. I simply want to ignore the email blasts from management. Thoughts? The last line is key as it says it shouldn't matter if the display name is shown as long as the the DL matches but it seems when I add a distro list from the global outlook will auto populate all the SMTP addresses of that list.
i believe you are correct. the form you reference above is for filtering based on recipient whereas you're asking about filtering based on sender. not sure off the top of my head if you can do it that way. have a look at this article for a good overview. https://www-secure.symantec.com/connect/articles/selective-journaling-enterprise-vault