Lotus Domino Journaling

Document created by user.oxriBaJeN4 Employee on Sep 14, 2015Last modified by user.oxriBaJeN4 Employee on Mar 27, 2017
Version 5Show Document
  • View in full screen mode

Mimecast Mail Services are achieved by leveraging the Journaling feature available in Lotus Domino Server.

 

When Journaling is enabled, each message is inspected to see whether it matches the rules configured on each Lotus Domino Server.  Should the message match one of the rules, a copy of the message is created and forwarded to the mail-in database, which can either be stored locally or on a remote server.

 

Lotus Domino Server utilizes Rules to fine tune which messages get marked for the journal.  One may confirm each server to journal a specific group / user set or specific messages, in order to minimize the overall load on the network.  Mimecast fully supports this configuration for journal(s) and directory service(s).

 

In order to enable Journaling, the task needs to be configured, and a Rule created to activate the task.

 

This guide details the steps involved in configuring  Journaling for Lotus Domino and the requirements and steps to make it work within the Mimecast ecosystem.

If your Mimecast subscription includes the Journaling feature, and your service was provisioned after the 26th March 2015 you will find a Journal Connector has already been created for you, including an internal journal domain and journal address.

 

  • The Journal Domain is automatically created as journal.domain.com, where domain.com is the domain your organization provided as your primary mail domain.
  • The Journal Contact is automatically created as journaling@journal.domain.com.

 

Use this address as the mail attribute for the external contact you create to send journal messages to.

 

If your Mimecast service was provisioned before this date, or you want to add an additional journal connector you will need to manually add a journal domain, journal address, and journal connector as detailed below.

The steps listed in this guide are as follows:

  1. Configure Lotus Domino Journal Connector.
  2. Configure Lotus Domino Journaling Rules.
  3. Create Journal Definition in Mimecast.
  4. Create Journal Sub Domain in Mimecast.
  5. Verify Lotus Domino Journaling.

 

Lotus Domino Journal Configuration

 

  1. Load the Lotus Domino Administrator.
  2. Select the Configuration tab.
  3. In the left-hand panel tree view, expand the Messaging group.
  4. Click on Messaging Settings.
  5. In the right-hand pane, select the Advanced... tab.

Type an external email address e.g. journaling@journal.domain.com. This address should match the journaling address under Directories > Internal Directories in the Mimecast Administration Console.

  1. On the Journaling tab, and edit the fields as per the table below:
    domino_configuration_settings.png

    Field NameValue
    JournalingEnabled
    MethodSend to mail-in database
    Mail Destination

    Type an external email address e.g. journaling@journal.domain.com

    This address should match the journaling address under Directories > Internal in the Mimecast Administration Console

    Journal RecipientsEnabled
  2. Select Save & Close.

 

This concludes the steps involved in creating a Journal Connector in Lotus Domino.

 

Configure Lotus Domino Journaling Rules

 

  1. Load the Lotus Domino Administrator.
  2. Select the Configuration tab.
  3. In the left-hand panel tree view, expand the Messaging group.
  4. Click on Configurations:

    domino_server_mail_rule.png

  5. Select the Add Action button.
  6. Select OK to dismiss the new rule dialog box.
  7. Select the Save & Close button.

 

This concludes the steps involved in configuring Lotus Domino Journaling Rules.  For a full configuration and resource guide please see the IBM website on Domino Journaling.

 

Create a Journal Definition in Mimecast

Once the server has been configured, provide Mimecast Support with the external SMTP recipient address for journaling.  The Support team will add this domain to your account, which will ensure that emails will be accepted.

Once Mimecast Support adds the domain to your account, you'll need to create a Journal Definition in Mimecast.

 

To accomplish this, do the following:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Services | Journaling menu item.
  4. Click on the New Journal Service Definition button:
    journalDef2.png
  5. Under Journal Service Properties in the Description field, enter a relevant name for the definition:
    domJournDef1.png
  6. In Transport Type pull-down, select SMTP:

    journalDef2.png

  7. Under Connection Properties enter a Service Email Address. This was created when the account was built using the following format:  journaling@journal.domain.com (where domain.com is the primary SMTP domain):

    doJournDef3.png
  8. In the "Additional Source IP Ranges" field, provide the IP Addresses from which Mimecast will receive Journaled messages. Theses are typically the external IPs of the Transport Service in the environment:
    Authorized Outbound IP addresses are automatically allowed, therefore this field can be left blank. This also applies to hosted environments sharing IP addresses or ranges.
    domJournDef4.png
    This field is expecting the IP Address with a CIDR mask, so ranges can be added in a single line. The proper syntax for a single address is /32.
  9. From the Journal Type pull-down, select Standard EML Format:

    domJournDef5.png

    Mimecast supports Journaling of emails (EML) in standard MIME format (without the EEJ wrapper), and emails journaled in EEJ format.  Standard emails (EML) files can only be assigned to mailboxes based on the message headers.

Other configurable values on the page are:

 

FieldDescription
Disabled

Allows journal services to be taken offline without removing the Journal Service Definition.  Using the disabled option will result in the journal service being suspended, and any error conditions related to the connection will be reset.  This is useful if a journal mailbox is going to be offline for an extended period of time. When the journal mailbox is once again available, be sure to enable activity before removing the check.

Any changes made to this checkbox are recorded in the event log.

Use SMTP Authentication

Can be enabled for enhanced security features. Once checked, this produces an additional field where a password should be entered. This password, along with the journal email address will be used as the SMTP-AUTH credentials.

In order to make use of the authentication option, an SMTP Send Connector is required on the Exchange server for SMTP Journaling.

Initial Process DelayAdvanced configuration options that should be left as the default values (default = 0), unless working on a Journaling issue with Mimecast Support.  Determines the time to wait before attempting to match a message to the archive
Delivery Wait AttemptsAdvanced configuration options that should be left as the default values (default = 3), unless working on a Journaling issue with Mimecast Support. Determines the number of tries the system attempts to match a message before it is archived
Period of Inactivity AllowedDefines how long the SMTP connector is allowed to be inactive without receiving any messages, before it is reported as being "down" (default = 180 minutes). Consider the setting carefully according to your Exchange Server environment. For example, if you operate in an environment with low email volumes, the connector is likely to handle a small Exchange database.  Therefore, you can set this value to a much higher value than the default to cater for quiet periods (e.g. overnight) and/or smaller email databases
EncryptedThis checkbox is selected by default, but is not required. If checked, Mimecast will only accept Journal messages over TLS. Journal messages not sent over TLS will be rejected.
Prefer Clear Text VersionEnable this option for Active Directory Rights Management Services protected journal items.
Extended de-duplication

Only enable this option if Internal messages are journaled via remote/local infrastructure as well as delivered via the Mimecast Gateway

 

When enabled, Mimecast will wait 10 minutes for the Gateway item after having received the Internal message via the Journal Connector for de-duplication purposes

 

Not required during a Continuity event

Remove Journal Headers

Enable this option to instruct Mimecast to remove potentially sensitive Journal Headers Microsoft Exchange might have added

 

Headers that will be removed are:

  • X-MS-Exchange-Organization-BCC:
  • X-MS-Exchange-CrossPremises-BCC:

 

All other headers will be respected

Journal Non Internal AddressesWhen enabled, items processed by the Journal Connector that do not hold any internal addresses will be archived.
Journal Unknown Internal AddressesWhen enabled, items processed by the Journal Connector that are sent from or sent to unknown internal addresses will be archived.

 

9.  Once completed, click Save and Exit:

       journalDef7.png

This concludes the steps involved in creating a Journal Definition in Mimecast.

 

Create Journal Sub Domain in Mimecast

 

Now that the journal.domain.com email address is set in Mimecast, you'll need to add the journal sub domain to Mimecast.

 

To accomplish this, do the following:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Directories | Internal Directories menu item.
  4. Click the Register New Domain button from the top of the page. This displays a 3 stage wizard process:
  5. Review the information displayed, then type the name of the new Domain in the appropriate field:

    addDomain1.png
  6. Click the Get Verification Code button to continue:
    addDomain2.png
  7. You'll notice that step 2 is skipped because your parent domain already exists:

    addDomain3.png

This concludes the steps involved in creating the Journal Sub Domain in Mimecast.

If you'd need to edit the sub domain, see Email Domains

 

Verify Domino Journaling

 

Now that all the Journaling configuration is complete. It's time to verify that the connections are working.

 

To accomplish this, do the following from the Mimecast Administration Console:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Services | Journaling menu item.
  4. Note the Service Status of the Journaling connector:
    journalVerify1.png
    IconService StatusDescription
    Pending.gifService Awaiting Initial RunOn initial configuration, the status icons for SMTP journal connectors will be orange, with a service status of Service Awaiting Initial Run
    Successful.gifService OKOnce the first message is received by the connector, the icon will change, and the status updated to Service Enabled
    Failed.gifService ErrorIf Mimecast cannot connect to the Journal connector and retrieve emails, the status will change to Service Error
    If the connector configuration is not successful, view the Troubleshooting Journaling article.
  5. View the current list of Journaling items by clicking the Queue Details button:
    journalVerify2.png

Now that journaling has been configured and working for Lotus Domino, you can move on to step 5 in the connect process; Connect

1 person found this helpful

Attachments

    Outcomes