This guide covers the process of creating a journal definition. This is the first step in configuring journaling to work with the Mimecast gateway, and is required if your subscription has journaling enabled. See the Journaling page for further details of the steps involved.
To create a journal definition:
- Log on to the Administration Console.
- Click on the Administrator menu item. A menu drop down is displayed.
- Click on the Services | Journaling menu item.
- Click on the New Journal Service Definition button:
- Complete the Journal Service Properties section as follows:
Field / Option Description Description Specify a name for the journaling definition (e.g. Exchange Journal Connector). Transport Type Select the method to be used to retrieve journaled email. To pull email, select "POP3". To push email, select "SMTP". The option selected effects the options available in the Connection Properties (see below). Disabled
Leave unselected. If selected, the journal service being suspended, and any error conditions related to the connection are reset. This is useful if a journal mailbox is going to be offline for an extended period of time. When the journal mailbox is once again available, be sure to enable activity before unselecting this option. Changes to this option are recorded in the event log.
- Complete the Connection Properties section as follows:
Field / Option Description Service Email Address
Specify the email address of your journaling mailbox using the following format: email@example.com (where domain.com is the primary SMTP domain). You'll be using this throughout the rest of the journaling configuration process.
Specify a journal mailbox name. This is the username we use when logging in to the journal mailbox.
Password Specify a journal mailbox password. Hostname / IP Address
Specify the hostname or public IP address where the journal mailbox is housed. This is typically the external IP addresses of the transport service in your environment:Your firewall must be configured to allow inbound POP3 / POP3S traffic from us to this address.
Port Specify the TCP/IP port to be used for the communication. For POP3 this is 110. For POP3S this is 995. Additional Source IP Ranges (n.n.n.n/x)
Specify the IP Addresses from which we will receive journaled messages. These are typically the external IPs of the transport service in the environment. Authorized Outbound IP addresses are automatically allowed, therefore this field can be left blank. This also applies to hosted environments sharing IP addresses or ranges.
Enter IP addresses with a CIDR mask, so ranges can be added in a single line. The proper syntax for a single address is /32.
Use SMTP Authentication If selected, enhanced security features are enabled. Once selected, an additional field is displayed where a password must be entered. This password, along with the journal email address will be used as the SMTP-AUTH credentials.In order to make use of the authentication option, an SMTP Send Connector is required on the Exchange server for SMTP Journaling. Initial Process Delay Leave the default value of 0, unless working on a journaling issue with Mimecast Support. The option determines the time to wait before attempting to match a message to the archive. Delivery Wait Attempts Leave the default value of 3, unless working on a journaling issue with Mimecast Support. The option determines the number of tries the system attempts to match a message before it is archived. Period of Inactivity Allowed (Mins) Defines how long the SMTP connector is allowed to be inactive without receiving any messages, before it is reported as being "down" (default = 180 minutes). Consider the setting carefully according to your Exchange Server environment. For example, if you operate in an environment with low email volumes, the connector is likely to handle a small Exchange database. Therefore you can set this value to a much higher value than the default to cater for quiet periods (e.g. overnight) and/or smaller email databases. Journal Type
Mimecast supports journaling of emails in:
- Standard MIME EML format (without the EEJ wrapper) files can only be assigned to mailboxes based on the message headers. This may not be reliable, and does not include BCC recipients.
- Exchange Envelope Journaling EEJ format is the preferred option in terms of accuracy when determining the recipients for an email. Additionally it “steps down” to handle incorrectly enveloped messages in an EEJ mailbox. Journal mailboxes may receive non-envelope journaled emails, causing the journal service to fail. We automatically detect these malformed messages and absorb them as normal emails, even though the journal mailbox is set to EEJ.
Select this if the connection should be encrypted, and journal emails are only pulled using POP3S.
Encryption Mode Strict mode is recommended. Relaxed mode permits encryption with self-signed certificates and other valid certificates, which may not have a complete trust chain. This option can only be set by Mimecast Support. Remove Journal Headers
If selected, potentially sensitive journal headers Microsoft Exchange might have added are removed. Headers that are removed are "X-MS-Exchange-Organization-BCC:" and "X-MS-Exchange-CrossPremises-BCC:". All other headers are respected.
Detailed Logging If selected, detailed logging files are created. This can be useful to allow us to troubleshoot failed journal mailboxes. Prefer Clear Text Version Enable this option for Active Directory Rights Management Services protected journal items. Extended De-Duplication Only select this option if internal messages are journaled via a remote / local infrastructure as well as delivered via the Mimecast Gateway. If selected Mimecast waits 10 minutes for the Gateway item after having received the Internal message via the Journal Connector for de-duplication purposes. This option is not required during a Continuity Event. Remove Journal Headers Select this option to instruct Mimecast to remove potentially sensitive Journal Headers Microsoft Exchange might have added. Headers that will be removed are "X-MS-Exchange-Organization-BCC" and "X-MS-Exchange-CrossPremises-BCC". All other Headers will be respected. Journal Non Internal Addresses If selected, items processed by the journal connector that do not hold any internal addresses are archived. Journal Unknown Internal Addresses If selected, items processed by the journal connector that are sent from or to unknown internal addresses are archived.
- The Service Status section displays details about your journaling connection:
Field / Option Description Service Status Displays the current status of the journaling service. Last Successful Extract Displays the date and time of the last successful extract. If there hasn't been a successful extract, "Awaiting Initial Run" is displayed. Processing Queue Displays the amount of journaled mail received by us, but is currently being processed. POP3 Mailbox Queue Displays the number of emails in the mailbox the last time we connected to the journal mailbox.
- Click on the Save and Exit button.