Configuring Journaling for G Suite

Document created by user.3AEuBpAOr2 Expert on Apr 27, 2017Last modified by user.oxriBaJeN4 on Jul 21, 2017
Version 8Show Document
  • View in full screen mode

Journaling is normally configured after recipient validation options are considered. See the Mimecast Connect article for further details.

If your Mimecast subscription includes the journaling feature, and was created after the 26th March 2015, a journal connector has already been created for you. This includes a:
    • Journal domain of journal.domain.com (where domain.com is the domain your organization provided as your primary mail domain).
    • Journal contact of journaling@journal.domain.com.

Creating a Journal Definition In Mimecast

 

To create a journal definition:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Services | Journaling menu item.
  4. Click on the New Journal Service Definition button:

    journalDef2.png
  5. Complete the Journal Service Properties section as follows:

    Field / OptionDescription
    DescriptionEnter a name for the definition.
    Transport TypeSelect the SMTP option in the drop down.
    DisabledLeave this option unchecked. If it is checked, the definition is not active.
  6. Complete the Connection Properties section as follows:

    Field / OptionDescription
    Service Email Address

    Enter a Service Email Address using the format  journaling@domain.com (where domain.com is the primary SMTP domain).

    This is used throughout the rest of the journal configuration process.
    Additional Source IP RangesAuthorized Outbound IP addresses are automatically allowed, therefore this field can be left blank.
    Disabled

    Allows journal services to be taken offline without removing the journal service definition. If selected, the journal service is suspended, and any error conditions related to the connection are reset. This is useful if a journal mailbox is going to be offline for an extended period of time. When the journal mailbox is once again available, ensure to enable activity before removing the check.

    Any changes made to this option are recorded in the event log.
    Use SMTP Authentication

    SMTP Authentication cannot be configured when journaling messages to Mimecast. This is becauseG-Suite does not offer this feature when journaling messages.

    Initial Process DelayAdvanced configuration options that should be left as the default values (default = 0) unless working on a journaling issue with Mimecast Support. Determines the time to wait before attempting to match a message to the archive.
    Delivery Wait AttemptsAdvanced configuration options that should be left as the default values (default = 3), unless working on a Journaling issue with Mimecast Support. Determines the number of tries the system attempts to match a message before it is archived.
    Period of Inactivity AllowedDefines how long the SMTP connector is allowed to be inactive without receiving any messages, before it is reported as being "down" (default = 180 minutes). For example, if you operate in an environment with low email volumes, the Mimecast journal connector will be receive low volume of messages. Therefore you can set this value to a much higher value than the default to cater for quiet periods (e.g. overnight).
    Journal Type

    Specify either Exchange Envelope Journaling (EEJ) or Standard EML. Mimecast supports journaling in either Exchange Envelope Journaling (EEJ) or Standard EML format (in standard MIME format without the EEJ wrapper). Standard email (EML) files can only be assigned to mailboxes based on the message headers (which may not be reliable and don't include BCC recipients).

    As G-Suite only sends a copy of a message to Mimecast, it is recommended to the EML journal type.
    EncryptedThis option is selected by default, but is not required. If checked, Mimecast will only accept journal messages over TLS. Journal messages not sent over TLS will be rejected.
    Prefer Clear Text VersionEnable this option for Active Directory Rights Management Services protected journal items.
    Journal Non Internal AddressesIf selected, items processed by the journal connector, that do not hold any internal addresses, are archived.
    Journal Unknown Internal AddressesIf selected, items processed by the journal connector, that are sent from or sent to unknown internal addresses, are archived.
  7. Click the Save and Exit button. The journal definition is created.

 

Configuring Journaling Recipient in Mimecast

 

To configure the journal recipient in your primary domain:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on to Directories | Internal Directories menu item.
  4. Select the Internal Domain you wish to create the journal recipient within.
  5. Click on the New Address button.
  6. Complete the following mandatory fields:

    Field / OptionDescription
    Email AddressThis must be the same as the journal recipient created in the "Create a Journal Definition In Mimecast" step above.
    Global NameProvide an appropriate value to help in identifying it's use.  

5. Click on the Save and Exit button.

 

Configuring G-Suite Hosts Entries (Journal Customers Only)

 

Once your Mimecast account has all of the required journaling configuration set, you can configure your G-Suite account to send journal messages to Mimecast for archiving. This requires you to create "Hosts" entries that point to Mimecast's journaling hostnames, so that G-Suite knows to send journal messages externally.

  1. Log into the G-Suite Administration Console.
  2. Click on the Apps button and select G Suite.
  3. Click on Gmail and select Advanced Settings.
  4. Click on the Hosts tab.
  5. Click on the Add Route button.

    Filed / OptionDescription
    NameSpecify an appropriate name (e.g. Mimecast Journal Route).
    Specify Email ServerSelect the Multiple Hosts option and enter the Mimecast journal hostnames for your region.
    TLSSpecify whether or not you wish to use TLS.

 

Configuring a G-Suite Routing Policy

 

The final step is to configure a routing policy, to send copies of messages sent or received by an internal user to Mimecast for archiving. This is achieved by appending an additional recipient to messages, which in turn are routed to Mimecast.

 

To configure a routing policy:

  1. Log in to the G-Suite Administration Console
  2. Click on the Apps button.
  3. Select G Suite.
  4. Click on the Show Options link.
  5. Click on Gmail.
  6. G Suite Policy OptionsClick on the Advanced Settings link.
  7. Select the Users, Groups, and Unrecognized / Catch-All options in the "Account Types to Affect" section.
    If these options aren't enabled, Google Group messages won’t use this rule.
  8. Click on the Save button.
  9. Click on the General Settings tab.
  10. Locate the Routing Policy in the "Routing Section"
  11. Click on Configure.
    1. Specify a routing policy Name.
    2. Select the following options in the Message to Effect section:
      • Inbound
      • Outbound
      • Internal - Sending
      • Internal - Receiving
    3. Complete the For the Above Types of Messages, do the Following section by configuring the following:
      1. In the Also Deliver To field click on the Add More Recipients button.
      2. Click on the Advanced menu item from the drop down.
      3. Click on the Add menu item.
      4. Configure the following: 

        Field / OptionDescription
        Route: Change RouteSelect the Route Name created in step 5 of the "Preparing Your Outbound Hostname" section on the Connecting G Suite with Mimecast page or the Route Name created in the step "Configuring G-Suite Hosts Entries (Journal Customers Only)"
        Envelope RecipientClick Change Envelope Recipient | Replace Recipient, and specify the journaling recipient specified in the Mimecast journal definition.
      5. Click on the Save button to return to the Routing Policy dialog.
      6. Click on the Save button to return to the General Settings dialog.
    4. Click on the Save button.

 

Verify G-Suite Journaling

 

Once your journaling configuration is complete, you can verify that the connections are working. To do this:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Services | Journaling menu item.
  4. Note the Service Status of the Journaling connector:

    journalVerify1.png

    IconService StatusDescription
    Pending.gifService Awaiting Initial RunOn initial configuration, the status icons for SMTP journal connectors will be orange, with a service status of Service Awaiting Initial Run
    Successful.gifService OKOnce the first message is received by the connector, the icon will change, and the status updated to Service Enabled
    Failed.gifService ErrorIf Mimecast cannot connect to the Journal connector and retrieve emails, the status will change to Service Error
    If the connector configuration is not successful, see the Troubleshooting Journaling article.
  5. View the current list of Journaling items by clicking the Queue Details button:

    journalVerify2.png

Attachments

    Outcomes