Exchange: Forwarding Copy of User's Email or Public Folder to Another Account Via Event Sink
Exchange offers Journaling which allows you to designate a mailbox to receive all emails sent and received from a particular store that you designate. However, Exchange does not give you the granularity to journal only one mailbox. In order to achieve this you will need to install a custom event sink provided below. Before I delve into the implementation of the event sink. I'll go over what event sinks are what they do.
Event sinks are basically a sub-routine that is fired at specific points in the message flow such as during transport. Most event sinks fire just before the message categorizer and right after. However, there are also sinks that run during message transfer. Many Exchange aware AV products register event sinks within Exchange. For example, before a message is sent to the categorizer, it is sent to the pre-submission queue where it is scanned for viruses or verified against the GAL.
Registering The Per User Journaling Event Sink. This event sink provided will forward a copy of all messages sent to your designated recipient to another mailbox such as your admin.
Download the files below (google)
1. Create a directory on your C: drive called Journal. (Or anywhere you wish)
2. You will need the SMTPReg.vbs. Although I downloaded the Exchange SDK, this file was not included. However, I was able to locate it here. In the link, you will need to copy all the code in the [smtpreg.vbs Event Management Script] and paste it into notepad. Name this file as smtpreg.vbs and paste it into your C:\Journal directory.
3. Open notepad and copy the entire contents below and name this file smtpjrnl.vbs
Sub ISMTPOnArrival_OnArrival(ByVal Msg, EventStatus ) on error resume next Dim RecpList recplist = LCase(Msg.EnvelopeFields("http://schemas.microsoft.com/cdo/smtpenvelope/recipientlist")) recplist = recplist & "SMTP:email@example.com;" Msg.EnvelopeFields("http://schemas.microsoft.com/cdo/smtpenvelope/recipientlist") = recplist Msg.EnvelopeFields.update
4. In the recplist = recplist & "SMTP:firstname.lastname@example.org;"
Enter the SMTP address in which you would like all of the forwarded emails to go to. (Include the quotes)
5. Open command prompt. Go to Start --> Run, type cmd, ok
CD CD journal
cscript smtpreg.vbs /add 1 onarrival smtpjrnl CDO.SS_SMTPOnArrivalSink "Rcpt email@example.com"
(Note: This will forward any emails sent to your internal user or public folder SMTP address here to the SMTP address you specified in step 4)
6. If you wish to customize it so that mail from a particular domain say anything from hotmail sent to internaluser@yourdomain gets forwarded to firstname.lastname@example.org, change the code in step 5 to: "Rcpt to:internaluser@yourdomain mail from:email@example.com")
Now you will need to associate smtpreg.vbs to your smtpjrnl.vbs sinkcscript. Type the following command below in your command prompt.
smtpreg.vbs /setprop 1 onarrival smtpjrnl Sink ScriptName c:\journal\smtpjrnl.vbs
Note: If you receive Binding Dispaly Name Specified: smtpjrnlFailed to find binding with dispaly name: smtpjrnl, re-enter the command below. Note the smtpjrnl.vbs in the first line. It appears that there is a bug, sometimes it registers with out the .vbs other times it doesn't.
cscript smtpreg.vbs /setprop 1 onarrival smtpjrnl.vbs Sink ScriptName c:\journal\smtpjrnl.vbs
7. Test by emailing to firstname.lastname@example.org from an outside account. It should be forwarded to email@example.com. There is a limitation to this. When sending internally, if the firstname.lastname@example.org and email@example.com exists on the same Exchange server, it will not work even with public folders. This is by design. You can circumvent this if you use a frontend server that handles all your inbound mail and forwards to your backend Exchange servers.
8. To remove the event sink. Go to your command prompt. From your C:\Journal directory type the following command:
cscript smtpreg.vbs /remove 1 onarrival smtpjrnl
1 = SMTP Virtual Service
onarrival = sink class
smtpjrnl = sink name
MCSE M+, S+, MCTS, Security+
How useful was this article? Want to see a tip not listed? Please leave a comment.