Once the commercial contracts are completed, our Connect Team will be in touch to begin your Mimecast implementation. We break the implementation down into steps to keep it as simple as possible. The steps required to connect your infrastructure to Mimecast varies depending on the service(s) you've purchased. The table below identifies which steps you must complete.
|Service||Request for Information (RFI)||Setting Up Your Outbound Email||Configuring Recipient Validation||Configuring Journaling||Setting Up Your Inbound Email||Locking Down Your Firewall|
|Archiving and Email Security||Y||Y||Y||Y||Y||Y|
Request for Information
Once your order is processed by Mimecast, the Connect Team email you with an introductory email. This explains the Connect Process, and includes links to documentation / knowledge base articles.
A unique link is also provided to allow you to provide us with the information we require to set up your account. The link displays a form where you can provide details about your account's:
- Main points of contact
- IP addresses
- Forwarding addresses
It is important to get these details correct, as our Connect Team will create your account based on these details. Read the Request For Information (RFI) page for further detail.
Configuring Outbound Email
Email routing through Mimecast begins with configuring your outbound emails. This includes configuring your firewall to allow access to our data center IP ranges for SMTP on port 25. When this is complete, we'll accept outbound email for delivery for the internal domains specified in the RFI. This outbound only mode of operation is usually run for several days, to build a reputation of who your users email on a regular basis. These are added as your trusted senders.
Only one SMTP connector is required to direct outbound SMTP from your email server to Mimecast, by any Exchange we support. However we provide you with two smart hosts for full resilience.
Read the Configuring Outbound Email page for further detail.
If you are using SPF records, these must be updated to include the Mimecast data center IP ranges. See the Configuring DNS Authentication (Inbound / Outbound) Definitions and Policies page for further details.
Mimecast’s security model must ensure it only delivers messages to valid email addresses for your business. We do this by integrating with your Exchange. For Microsoft and Lotus Domino users, we recommend that we integrate with your native directory to synchronize user information (e.g. email address, group structure). This allows us to automatically synchronize any changes to your Directory with no manual intervention.
Whilst this is not best practice, you can choose not to synchronize your directory structure. If you choose this option, you'll need to manually import a list of known user addresses to Mimecast. See the Importing Users via a Spreadsheet page for further information.
Mimecast communicates with your directory to synchronize the user data required. This requires the relevant port (listed below) to be open for communication on your firewall:
- LDAP - TCP port 389 (non-secure connection)
- LDAPS - TCP port 636 (secure or encrypted connection)
To encrypt the data you must install an SSL certificate.
Read the Recipient Validation page for further detail.
Journaling allows us to capture all internal emails to be added to your archive via one of the following methods:
- SMTP: This is the recommended method for all customers, except those running Exchange 2003.
To encrypt the data you must install an SSL certificate
Read the Journaling page for further detail.
Configuring Inbound Email
Mimecast must be configured to accept and process mail before it is delivered to your network. This is done by setting Mimecast as the configured host for your MX records. This allows DNS records to direct email to Mimecast as part of the delivery over the Internet. The Connect Team will provide a set of DNS hostnames so a DNS record (or zone file) update can be made with your ISP.
Within a few days of the MX record update, ask your ISP for acknowledgement that the old MX record host will no longer be able to receive on your behalf. This is particularly important for other hosted providers.
Once your MX records have been configured to direct mail to Mimecast, we deliver mail to your environment based on the delivery routes you have configured.
Read the Configuring Inbound Email page for further detail.
Locking Down Your Firewall
At the end of your Connect Process, we require you to lock down your firewall to only accept connections from the Mimecast data centre IP ranges. You could be exposing your mail server to denial of service attacks and spam email delivery if the firewall is not configured correctly. This is a common method that spammers utilize to bypass gateway security services. Ensure you cancel any contracts with your previous email cloud security provider. This prevents any disruption to your email flow before you complete your firewall lock down.
Read the Locking Down Your Firewall page for further detail.