Managing the Mail Journaling database

When setting up the Domino® Mail Journaling database, you must specify its journaling method, security management settings, and size management settings.

Specifying the journaling method

There are two methods available for journaling messages, copying messages to a local database (local journaling) and forwarding messages to a mail-in database (remote journaling). In local journaling the Router moves messages from MAIL.BOX to a Mail Journaling database on the same server. If you enable local journaling on more than one server, each server maintains its own unique Mail Journaling database. Since local journaling doesn't require messages to be transferred between servers to reach the Mail Journaling database, this is the preferred method for minimizing network traffic.

Remote journaling lets you journal messages from multiple servers to a single location, sending them to the mail-in database specified in the Mail Destination field. Domino® does not automatically create mail-in databases for journaling; you must manually create both the destination database and the necessary Mail-in database document.

Using a mail-in database to journal messages greatly increases mail traffic, since messages must travel over the network to be deposited in the Mail Journaling database.

Managing security of the Mail Journaling database

The Mail Journaling database contains private information about many people. Domino® employs two methods to restrict access to the Mail Journaling database.

First, it conceals the database from users. By default, Domino® makes the Mail Journaling database "invisible" to users; that is, the database does not appear in the Open database dialog box when a user opens a new database. To display the database, check Show in 'Open Database' dialogon the Design tab of the Database properties dialog box.

Second, when local journaling is enabled, Domino® encrypts the information in the Mail Journaling database, using the Certified public key of a specified Notes® user. To specify the ID to use when encrypting messages, enter a user name in the field Encrypt on behalf of user. By default, Domino® exempts certain summary information fields from encryption so that the information they contain can be used in database views. You can specify other fields to exempt in the field, Field encryption exclusion list.

You can also manage the Mail Journaling database security by taking these measures:

  • Setting up a Mail Journaling user – To maximize security, create and register a special user ID for the Mail Journaling database and assign multiple passwords to the ID. Distribute passwords in such a way that no one person knows them all, so that the consent of multiple parties is required to view the contents of the database.
  • Providing access to the Mail Journaling database for users who are not server administrators – Domino® encrypts journaled messages with the user ID specified on the Router/SMTP > Advanced > Journaling tab of the Configuration Settings document. The ID you specify can be the ID of an existing server administrator or another user ID. By default, the ACL of the Mail Journaling database includes only users listed in the Administrators field of the Server document's Security tab. If the ID for encrypting messages does not belong to a server administrator, you must add this user to the database ACL before the user can access the database.

    The user's name is preserved in the ACL during daily rollovers and size rollovers, but if you remove the Mail Journaling database, the next time the server starts, it automatically creates a new database using the original ACL. Add the ID used for encryption in brackets (e.g., [User.ID] ) to the ACL of the template, JOURNAL.NTF, to automatically add the user's name to the ACL of JOURNAL.NSF.

  • Enabling encryption for remotely journaled messages – By default, mail-in databases do not encrypt incoming mail. To ensure privacy when sending journaled messages to a mail-in database, enable the mail-in database to encrypt incoming mail. When enabling encryption for a mail-in database, you select a user whose Notes® certified public key Domino® uses to encrypt messages stored in the database.
  • Not encrypting previously encrypted messages – A message that Notes® has previously encrypted for its recipients is not re-encrypted with the certified public key of the specified Journal user. As a result, when depositing encrypted messages in the Mail Journaling database, Domino® preserves the original encryption, so that the message content cannot be decrypted with the ID of the designated Mail Journaling user, unless, of course, that user was included in the original recipient list. A Mail Journaling user who was not on the recipient list can view header information only.

Managing the size of the Mail Journaling database

Depending on how you set up journaling rules, the size of the Mail Journaling database may increase rapidly. Domino® provides several methods for automatically controlling the database size.

Note: These methods for controlling database size are not available if you use a mail-in database for journaling messages. If you select this method of journaling, be sure to monitor the database size and use appropriate tools to archive data to another location.
Table 1. Ways to control the Mail Journaling database size

Size management method


Periodic Rollover

(Default) Domino® creates a new Mail Journaling database at an interval specified in days. The default interval is one day. The new database takes its name from the name of the current database (for example, MAILJRN.NSF) and is created at approximately 12:00 AM of the specified day. Domino® renames the current database using the format:


where date is an 8-digit number representing the current date in a format that standardizes the database name. The name is created using the format MJMMDDYYYY.NSF


Domino® deletes documents from the database after a specified number of days and then compacts the database to eliminate deletion stubs and white space.

Size Rollover

Domino® creates a new Mail journaling database when the current database reaches a specified size, renaming the old database using the format MJXXXXXX.NSF

where XXXXXX represents a number series starting at 000001 and increasing by 1 with each successive rollover, for example, MJ000001.NSF, followed by MJ000002.NSF, and so forth. If a database with the next name in the sequence already exists on the server, Domino® uses the next number in the sequence. The new Mail journaling database uses the original database name (for example, MAILJRN.NSF). Because Domino® may be unable to determine the exact size of any message attachments before adding a message to the Mail journaling database, the database may exceed the maximum size after the addition of a new message. If this happens, the next message added to the database triggers creation of the new database.