Consider the following scenario:
You configure a journal rule that sends journal messages to a distribution group in a Microsoft Exchange Server 2010 environment.
You enable the Active Directory Rights Management Services (AD RMS) service to encrypt email messages.
A user in the distribution group logs on to his or her mailbox to view journal messages.
In this scenario, the user cannot view the decrypted message attachment in the journal message.
This issue occurs because Exchange Server 2010 server does not decrypt the journal message if at least one SMTP address of a distribution group member is not present in any journal rules.
To work around this issue, create journal rules for each member of the distribution group.
For example, in the Exchange Management Console, create a mail contact, such as firstname.lastname@example.org, and then hide these contact details from all address lists. Then, create a journal rule for the email@example.com contact that sends journal messages to a distribution group member. Repeat the journal rule for each member of the distribution group.
This behavior is by design.
For more information about how to create a journal rule, visit the following Microsoft website: