Configuring Lotus Domino Journaling

Document created by user.oxriBaJeN4 Employee on Sep 14, 2015Last modified by user.oxriBaJeN4 Employee on May 23, 2018
Version 7Show Document
  • View in full screen mode

This guide details the configuration involved in enabling Journaling for IBM's Lotus Domino, and the steps required to make it work within the Mimecast platform.

 

When the Journaling feature is enabled in Lotus Domino, messages are inspected to see if they match the rules configured on each Lotus Domino Server. If a message matches one of the rules, a copy is created and forwarded to the mail-in database, which can either be stored locally or on a remote server.

 

To minimize the overall load on the network, each server can be configured to journal a specific group/user set or specific messages. To enable Journaling, the task needs to be configured, and a Rule created to activate the task. Mimecast fully supports this configuration for journal and directory services.

 

Enabling Journaling in Lotus Domino

If your Mimecast subscription includes the Journaling feature, and your service was provisioned after the 26th March, 2015, you will find a Journal Connector has already been created for you, including an internal journal domain and journal address. The Journal Domain is automatically created as journal.domain.com, where domain.com is the domain your organization provided as your primary mail domain. The Journal Contact is automatically created as journal@journal.domain.com. Use this address as the mail attribute for the external contact to send journal messages to. If your Mimecast service was provisioned before this date, or you want to add an additional journal connector, you will need to manually add a journal domain, journal address, and journal connector.

  

To create a Journal Connector in Lotus Domino:

  1. Open the Lotus Domino Administrator.
  2. Select the Configuration tab.
  3. In the left-hand panel, expand the Messaging group.
  4. Click on Messaging Settings.
  5. Select the Advanced... tab.
    Domino Configuration Settings
  6. On the Journaling tab, edit the fields as below:
    Field Value
    JournalingEnabled
    MethodSend to mail-in database
    Mail Destination

    Type an external email address e.g. journaling@journal.domain.com

    This should match the journaling address under Directories | Internal Directories in the Mimecast Administration Console.
    Journal RecipientsEnabled
  7. Click Save & Close.

 

Configuring Journaling Rules in Lotus Domino


Domino Configuration SettingsTo configure Journaling Rules in Lotus Domino:

  1. Open the Lotus Domino Administrator.
  2. Select the Configuration tab.
  3. In the left-hand panel, expand the Messaging group.
  4. Select Configurations. The Server Mail Rule - New Rule popup box displays:
  5. Click the Add Action button.
  6. Click OK to close the dialog box.
  7. Click the Save & Close button.
For a full configuration and resource guide, visit the Domino Journaling page on IBM's site.

Configuring a Journal Definition in Mimecast

Once the server has been configured, provide Mimecast Support with the external SMTP recipient address for journaling. The Support team will add this domain to your account to ensure that emails are accepted. After this is done, you'll need to create a Journal definition in Mimecast as below.

To configure a Journal definition:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Services | Journaling menu item.
  4. Click on the New Journal Service Definition button.
  5. Enter a relevant name for the definition in the Journal Service Properties | Description field:
    Journal Service Definition
  6. Select SMTP from the Transport Type drop-down menu.
  7. Under Connection Properties enter a Service Email Address. This was created when the account was built using the following format:  journaling@journal.domain.com (where domain.com is the primary SMTP domain).
  8. In the Additional Source IP Ranges field, enter the IP addresses from which Mimecast will receive Journaled messages. These are typically the external IPs of the Transport Service in the environment:
    Authorized Outbound IP addresses are automatically allowed, therefore this field can be left blank. This also applies to hosted environments sharing IP addresses or ranges. IP addresses should be entered into this field with a CIDR mask, so ranges can be added in a single line. The proper syntax for a single address is /32.
    Journal Service Definition
  9. From the Journal Type drop-down menu, select Standard EML Format.
    Mimecast supports Journaling of emails (EML) in standard MIME format (without the EEJ wrapper), and emails journaled in EEJ format. Standard emails (EML) files can only be assigned to mailboxes based on the message headers.

Other optional configurations on the page are:

FieldDescription
Disabled
Changes made to this checkbox are recorded in the event log.

Allows journal services to be taken offline without removing the Journal Service Definition. Using the disabled option will result in the journal service being suspended, and any error conditions related to the connection will be reset. This is useful if a journal mailbox is going to be offline for an extended period of time. When the journal mailbox is once again available, be sure to enable activity before removing the check.

Use SMTP Authentication

Can be enabled for enhanced security features. Once checked, this produces an additional field where a password should be entered. This password, along with the journal email address will be used as the SMTP-AUTH credentials.

To make use of the authentication option, an SMTP Send Connector is required on the Exchange server for SMTP Journaling.
Initial Process DelayAdvanced configuration options that should be left as the default values (default = 0), unless working on a Journaling issue with Mimecast Support. Determines the time to wait before attempting to match a message to the archive.
Delivery Wait AttemptsAdvanced configuration options that should be left as the default values (default = 3), unless working on a Journaling issue with Mimecast Support. Determines the number of tries the system attempts to match a message before it is archived.
Period of Inactivity AllowedDefines how long the SMTP connector is allowed to be inactive without receiving any messages, before it is reported as being "down" (default = 180 minutes). Consider the setting carefully according to your Exchange Server environment. For example, if you operate in an environment with low email volumes, the connector is likely to handle a small Exchange database. Therefore, you can set this value to a much higher value than the default to cater for quiet periods (e.g. overnight) and/or smaller email databases.
EncryptedThis checkbox is selected by default, but it is not required. If checked, Mimecast will only accept Journal messages over TLS. Journal messages not sent over TLS will be rejected.
Prefer Clear Text VersionEnable this option for Active Directory Rights Management Services protected journal items.
Extended de-duplication

Only enable this option if Internal messages are journaled via remote/local infrastructure as well as delivered via the Mimecast Gateway. When enabled, Mimecast will wait 10 minutes for the Gateway item after having received the Internal message via the Journal Connector for de-duplication purposes. This is not required during a Continuity event.

Remove Journal Headers

Enable this option to instruct Mimecast to remove potentially sensitive Journal Headers Microsoft Exchange might have added. Headers that will be removed are:

  • X-MS-Exchange-Organization-BCC:
  • X-MS-Exchange-CrossPremises-BCC:

All other headers will be respected.

Journal Non Internal AddressesWhen enabled, items processed by the Journal Connector that do not hold any internal addresses will be archived.
Journal Unknown Internal AddressesWhen enabled, items processed by the Journal Connector that are sent from or sent to unknown internal addresses will be archived.

10.  Once completed, click the Save and Exit button.

 

Configuring a Journal Sub Domain in Mimecast

 

Journal Sub DomainNow that the journal.domain.com email address is set, you'll need to add the journal sub domain to Mimecast.

 

To accomplish this:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Directories | Internal Directories menu item.
  4. Click on the Register New Domain button. This displays a 3 stage wizard process.
  5. Review the information, then type the name of the new domain in the Domain Name field:
  6. Click the Get Verification Code button to continue.
  7. The Domain Verified page displays. Step 2 (Add DNS Record) is skipped because your parent domain already exists. Click the Finish button to close the wizard.
    Verify Domains
If you need to edit the sub domain, see the Email Domains section for more information.

Configuring a Foreign SMTP Domain

 

Lotus Domino Foreign SMTP ConnectorDepending on the configuration of the Domino server, it may be necessary to create a “Foreign SMTP domain” for the journal sub domain. This will tell Domino how to deliver journaled emails to this domain.

 

To configure the Foreign SMTP domain:

  1. Open the Lotus Domino Administrator.
  2. Click on the Configuration tab.
  3. In the left-hand pane, expand the Messaging section, and click on Domains.
  4. Click on the Add Domain button.
  5. Click on the Basics tab.
  6. Change the Domain type: field to Foreign Domain | Foreign SMTP Domain from the popup menu.
  7. Click OK
  8. Select the Routing tab.
  9. In the Internet Domain: field, enter the journal.yourdomain.com domain address.
  10. In the Internet Host: field, enter the Mimecast smarthost for your region:
    RegionHostname
    Europe (Excluding Germany)

    eu-smtp-journal-1.mimecast.com

    eu-smtp-journal-2.mimecast.com
    Germany

    de-smtp-journal-1.mimecast.com

    de-smtp-journal-2.mimecast.com

    America

    us-smtp-journal-1.mimecast.com

    us-smtp-journal-2.mimecast.com
    South Africa

    za-smtp-journal-1.mimecast.co.za

    za-smtp-journal-2.mimecast.co.za
    Australia

    au-smtp-journal-1.mimecast.com

    au-smtp-journal-2.mimecast.com

    Offshore

    je-smtp-journal-1.mimecast-offshore.com

    je-smtp-journal-2.mimecast-offshore.com

    Lotus Domino Foreign SMTP Smarthost
  11. Click Save & Close. The next step is to restart the router on your domain server. 

 

Restarting your Lotus Domino Server

 

You'll now need to restart the router on your Lotus Domino domain server and send a test email to verify the connection.

 

Tell Router QuitTo restart your server:

  1. In the Lotus Domino Administrator, click on the Server tab.
  2. In the left-hand pane, select Server Console.
  3. Click on Live.
  4. In the Domino Command field, type "tell router quit".
  5. Wait until "Router: mail router shutdown" displays, then type the command "load router".
  6. When the message "Router: mail router started for domain" displays, send a test message, internal to internal.
  7. View the test message in the Mimecast Administration Console under Gateway | Accepted Emails.

 

Verifying Lotus Domino Journaling

 

With all the Journaling configuration complete, it's time to test that the connections are working.

 

To verify Lotus Domino journaling:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Services | Journaling menu item.
  4. Note the Service Status of the Journaling connector:
    journalVerify1.png
    IconService StatusDescription
    Pending.gifService Awaiting Initial RunOn initial configuration, the status icons for SMTP journal connectors will be orange, with a service status of Service Awaiting Initial Run
    Successful.gifService OKOnce the first message is received by the connector, the icon will change, and the status updated to Service Enabled
    Failed.gifService ErrorIf Mimecast cannot connect to the Journal connector and retrieve emails, the status will change to Service Error
    If the connector configuration is not successful, view the Troubleshooting Journaling article.
  5. View the current list of Journaling items by clicking the Queue Details button:
    journalVerify2.png


Now that journaling is configured and working for Lotus Domino, you can move on to step 5 in the Connect process.

2 people found this helpful

Attachments

    Outcomes