Configuring Exchange 2007 POP3 / POP3S Journaling

Document created by user.oxriBaJeN4 Employee on Sep 14, 2015Last modified by user.oxriBaJeN4 Employee on May 23, 2017
Version 8Show Document
  • View in full screen mode

This guide describes how to configure POP3 / POP3S journaling for Exchange 2007 to make it work with the Mimecast ecosystem.

This is a fall back in the event that SMTP journaling for 2007 is not an option.

Considerations

 

  • POP3 is not supported for mixed mode environments. See the Journaling in a Mixed Mode Environment page for full details.
  • Journaling must be enabled for individual mailbox stores on the Exchange Server.
  • Don't enable journaling for your entire organization at once. This might create performance issues for your Exchange Server.
  • Exchange 2007 requires Service Pack 1 to be compatible with Mimecast's journal services.
  • You can choose whether to:
    • Allowing a Journal mailbox to receive all message traffic from a mailbox database.
    • Support a number of mailbox databases.
    • Create a separate mailbox database to store the mailbox that receives the journaled messages.

 

Walkthrough

Don't enable journaling on the Exchange message store, before you've tested and confirmed that Mimecast can connect and successfully extract messages. Failure to do this may result is a build up of messages in the Journal mailbox. This in turn may lead to degradation in the performance of your Exchange Server.

Create a Journaling User Mailbox

 

You'll need to create a journaling mailbox on your Exchange server. this can be placed in an existing database, or create a new database for only this mailbox. The mailbox must have:

 

To create a user mailbox for journaling, see the How to Create a Mailbox for a New User page in the Microsoft Exchange 2007 help file.

 

Creating a Journal Definition In Mimecast

 

To create a journal definition:

  1. Log in to the Administration Console.
  2. Click on the Administration toolbar button.
  3. Click on the Services | Journaling menu item.
  4. Click on the New Journal Service Definition button:
  5. Complete the Journal Service Properties section as follows:

    Field / OptionDescription
    DescriptionEnter a description for the journaling connector (e.g. Exchange 2007 Journal Connector).
    Transport TypeSelect the "POP" option from the drop down.
    Disabled

    If selected, the journal service is suspended, and any error conditions related to the connection are reset. This is useful if a journal mailbox is going to be offline for an extended period of time. When the journal mailbox becomes available, ensure to enable activity before removing this option.

    Any changes made to this checkbox are recorded in the event log.
  6. Complete the Connection Properties section as follows:

    FieldDescription
    Service Email AddressSpecify the mailbox email address that has been configured for the journal mailbox.
    Mailbox NameSpecify the username Mimecast will use when logging on to the journal mailbox.
    PasswordSpecify the journal mailbox's password,. This will be automatically redacted when it is entered.
    Hostname / IP AddressSpecify the public address of the server where the journal mailbox is located.
    Port

    Confirm the TCP / IP port number to be used for the connection to the journal mailbox. This is either:

    • 110 for POP3
    • 995 for POP3S
    Journal TypeSpecify the journal type as either:
    • Exchange Envelope Journaling (EEJ): This is the preferred option in terms of accuracy when determining an email's recipients. It also “steps down” to handle incorrectly enveloped messages. For example, journal mailboxes may receive non-envelope journaled emails, which would normally cause the journal service to fail. Mimecast auto-detects these malformed messages, and absorbs them as normal emails, even though the journal mailbox is set to EEJ.
    • Standard EML: This is standard MIME format without the EEJ wrapper. Standard EML can only be assigned to mailboxes based on the message headers. This may not be reliable, and does not include BCC recipients.
    EncryptedThis checkbox is selected by default. Mimecast will only accept journal messages by Opportunistic TLS. Any other journal messages will be rejected. Also the "Port Number" is set to 995 by default.
    Encryption Mode

    If POP3S is specified as the Transport Type, Mimecast Support will set the encryption mode for you. This can be:

    • Strict - Trust Enforced: This is used in conjunction with trusted root certificate authorities. It is the default option.
    • Relaxed: Permits encryption with self signed certificates, as well as other valid certificates that may not have a complete trust chain.
    Remove Journal HeadersIf enabled, Mimecast removes the potentially sensitive journal headers listed below that Microsoft Exchange might have added:
    • X-MS-Exchange-Organization-BCC:
    • X-MS-Exchange-CrossPremises-BCC:
    All other journal headers are respected.
    Detailed LoggingIf enabled, detailed log files are created. These are only available to Mimecast Support, and are used to troubleshoot failed journal connections.
    Journal Non Internal AddressesIf enabled, processed items are archived, if they don't hold any internal addresses.
    Journal Unknown Internal AddressesIf enabled, processed items are archived, if they are sent from / to unknown internal addresses.
  7. The Service Status section displays the following information about the journal connection:

    Field / OptionDescription
    Service StatusDisplays the current status of the journal connector.
    Last Successful ExtractDisplays the date / time of the last succsessful extract. "Awaiting initial run" is displayed if no extract has been performed.
    Processing QueueDisplays the number of mails that has been received by Mimecast but has yet to be processed.
    POP3 Mailbox QueueDisplays the number of emails in the mailbox the last time Mimecast connected to the journal mailbox.
  8. Click on the Save and Exit button.

 

Configuring the Firewall

 

Configure your firewall to allow and forward bi-directionally. The rule must go from Mimecast to Exchange, and from Exchange to Mimecast. You'll need to open either:

  • Port 110 for POP3
  • Port 995 for POP3S: encrypted communications to the Exchange server containing the Journal mailboxes
POP3S requires an SSL certificate signed by one of the Mimecast supported root certificate authorities. See the Secure Socket Layers (SSL) Certificates page for more information.

Enabling Journaling for a Specific Mailbox Database

 

To enable journaling for a specific mailbox database, see the How to Enable Per-Mailbox Database Journaling page in the Microsoft Exchange 2007 help.

 

Enabling the POP3 Service and Virtual Server

Ensure you've created the journal connectors as described above before starting this step. Failure to do so will may encounter a mail build up in the journal mailboxes. Mimecast is unable to resolve this if it occurs.

To ensure the POP3 service is enabled:

  1. Click on the Windows Start button.
  2. Start the Run application.
  3. Type services.msc into the field.
  4. Click OK.
  5. Ensure the the Microsoft Exchange POP3 service is 
    • Set to Automatic.
    • Is Started.

 

Configuring POP3S

 

Mimecast connects to your Microsoft Exchange Journal mailbox using secure POP3 (POP3S) in order to extract the internal journaled messages. POP3S must be enabled on the domain controller. See the How to Request an SSL Certificate page in the Microsoft Exchange 2007 help file for full details.

Once the certificate has been installed on the server, you must bind it to the POP3 virtual server.

To configure the POP3 Virtual Server, see the How to Configure Authentication for POP3 help page in the Microsoft Exchange 2007 help. Ensure the virtual server has the following options:

  • Secure Logon: This ensures a TLS connection is required for the client to connect to the server.

 

Verifying Your Journaling Status

 

To verify your journaling is working as required:

  1. Log in to the Administration Console.
  2. Click on the Administration toolbar button.
  3. Click on the Services | Journaling menu item.
  4. Click on the Journaling Service you want to verify.
  5. Click on the Test Journal Extraction button. This ensures whether we are able to:
    • Connect to your Exchange POP3 service on the port specified.
    • Properly authenticate as the Journaling user.
  6. Click on the Go Back button to return to the list of journaling services.

 

You can also look at the icon in the Service Status column of the journaling services list:
journalVerify1.png

This displays one of the following icons:

 

IconService StatusDescription
Pending.gifService Awaiting Initial RunOn initial configuration, the status icons for SMTP journal connectors are orange, with a service status of "Service Awaiting Initial Run".
Successful.gifService OKOnce the first message is received, the icon changes, and the status updated to "Service Enabled".
Failed.gifService ErrorIf Mimecast cannot connect to the journal connector and retrieve emails, the status changes to "Service Error".
For Exchange Envelope Journal Format (EJF) the recipient is displayed as the sender, and the journal address as the recipient.

See Also...

 

Attachments

    Outcomes