Configuring Journaling for G Suite

Document created by user.3AEuBpAOr2 Employee on Apr 27, 2017Last modified by user.3AEuBpAOr2 Employee on Apr 2, 2019
Version 14Show Document
  • View in full screen mode

Journaling is normally configured after recipient validation options are considered. See the Mimecast Connect article for further details.

If your Mimecast subscription includes the journaling feature, and was created after the 26th March 2015, a journal connector has already been created for you. This includes a:
    • Journal domain of (where is the domain your organization provided as your primary mail domain).
    • Journal contact of

Creating a Journal Definition In Mimecast


To create a Journal definition:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Services | Journaling menu item.
  4. Click on the New Journal Service Definition button:

  5. Complete the Journal Service Properties section as follows:

    Field / OptionDescription
    DescriptionEnter a name for the definition.
    Transport TypeSelect the SMTP option in the drop down.
    DisabledLeave this option unchecked. If it is checked, the definition is not active.
  6. Complete the Connection Properties section as follows:

    Field / OptionDescription
    Service Email Address

    Enter a Service Email Address using the format (where is the primary SMTP domain).

    This is used throughout the rest of the journal configuration process.
    Additional Source IP RangesAuthorized Outbound IP addresses are automatically allowed, therefore this field can be left blank.

    Allows journal services to be taken offline without removing the journal service definition. If selected, the journal service is suspended, and any error conditions related to the connection are reset. This is useful if a journal mailbox is going to be offline for an extended period of time. When the journal mailbox is once again available, ensure to enable activity before removing the check.

    Any changes made to this option are recorded in the event log.
    Use SMTP Authentication

    SMTP Authentication cannot be configured when journaling messages to Mimecast. This is because G-Suite does not offer this feature when journaling messages.

    Initial Process DelayAdvanced configuration options that should be left as the default values (default = 0) unless working on a journaling issue with Mimecast Support. Determines the time to wait before attempting to match a message to the archive.
    Delivery Wait AttemptsAdvanced configuration options that should be left as the default values (default = 3), unless working on a Journaling issue with Mimecast Support. Determines the number of tries the system attempts to match a message before it is archived.
    Period of Inactivity AllowedDefines how long the SMTP connector is allowed to be inactive without receiving any messages, before it is reported as being "down" (default = 180 minutes). For example, if you operate in an environment with low email volumes, the Mimecast journal connector will receive a low volume of messages. Therefore you can set this value to a much higher value than the default to cater for quiet periods (e.g. overnight).
    Journal Type

    Specify either Exchange Envelope Journaling (EEJ) or Standard EML. Mimecast supports journaling in either Exchange Envelope Journaling (EEJ) or Standard EML format (in standard MIME format without the EEJ wrapper). Standard email (EML) files can only be assigned to mailboxes based on the message headers (which may not be reliable and don't include BCC recipients).

    As G-Suite only sends a copy of a message to Mimecast, it is recommended to the EML journal type.
    EncryptedThis option is selected by default, but is not required. If checked, Mimecast will only accept journal messages over TLS. Journal messages not sent over TLS will be rejected.
    Prefer Clear Text VersionEnable this option for Active Directory Rights Management Services protected journal items.
    Journal Non Internal AddressesIf selected, items processed by the journal connector, that do not hold any internal addresses, are archived.
    Journal Unknown Internal AddressesIf selected, items processed by the journal connector, that are sent from or sent to unknown internal addresses, are archived.
  7. Click the Save and Exit button. The journal definition is created.


Configuring Journaling Recipient in Mimecast


To configure the journal recipient in your primary domain:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on to Directories | Internal Directories menu item.
  4. Select the Internal Domain you wish to create the journal recipient within.
  5. Click on the New Address button.
  6. Complete the following mandatory fields:

    Field / OptionDescription
    Email AddressThis must be the same as the journal recipient created in the "Create a Journal Definition In Mimecast" step above.
    Global NameProvide an appropriate value to help in identifying its use.  

5. Click on the Save and Exit button.


Configuring G-Suite Hosts Entries (Journal Customers Only)


Once your Mimecast account has all of the required journaling configuration set, you can configure your G-Suite account to send journal messages to Mimecast for archiving. This requires you to create "Hosts" entries that point to Mimecast's journaling hostnames, so that G-Suite knows to send journal messages externally.

  1. Log on to the G-Suite Administration Console.
  2. Click on the Apps button and select G Suite.
  3. Click on Gmail and select Advanced Settings.
  4. Click on the Hosts tab.
  5. Click on the Add Route button.

    Filed / OptionDescription
    NameSpecify an appropriate name (e.g. Mimecast Journal Route).
    Specify Email ServerSelect the Multiple Hosts option and enter the Mimecast journal hostnames for your region.
    TLSSpecify whether or not you wish to use TLS.


Configuring a G-Suite Routing Policy


The final step is to configure a routing policy, to send copies of messages sent or received by an internal user to Mimecast for archiving. This is achieved by appending an additional recipient to messages, which in turn are routed to Mimecast.


To configure a routing policy:

  1. Log on to the G-Suite Administration Console
  2. Click on the Apps button.
  3. Select G Suite.
  4. Click on Gmail.
  5. Click on the Advanced Settings link.
  6. Click on the General Settings tab.
  7. Locate the Routing Policy in the "Routing Section"
  8. Click on Configure.
    If you're using G Suite and Mimecast for routing as well as archiving, you may have already configured Outbound mail routing. If these routes are already defined then the “Configure” button will not appear. Instead, hover over a defined route and click Add Another
    1. Specify a routing policy Name.
    2. Select the following options in the Message to Effect section:
      • Inbound
      • Outbound
      • Internal - Sending
      • Internal - Receiving
    3. Complete the For the Above Types of Messages, do the Following section by configuring the following:
      1. In the Also Deliver To field click on the Add More Recipients button. 
      2. Click on the Advanced menu item from the drop down.
      3. Click on the Add menu item.
      4. Configure the following: 
        Field / OptionDescription
        Route: Change RouteSelect the Route Name created in step 5 of the "G Suite Environments" section on the Connect Process: Setting up Your Outbound Email page.
        Envelope RecipientClick Change Envelope Recipient | Replace Recipient, and specify the journaling recipient specified in the Mimecast journal definition.
      5. Click on the Save button to return to the Routing Policy dialog.
      6. Click on the Save button to return to the General Settings dialog.
    4. Click on the Save button.


Verify G-Suite Journaling


Once your journaling configuration is complete, you can verify that the connections are working. To do this:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Services | Journaling menu item.
  4. Note the Service Status of the Journaling connector:


    IconService StatusDescription
    Pending.gifService Awaiting Initial RunOn initial configuration, the status icons for SMTP journal connectors will be orange, with a service status of Service Awaiting Initial Run
    Successful.gifService OKOnce the first message is received by the connector, the icon will change, and the status updated to Service Enabled
    Failed.gifService ErrorIf Mimecast cannot connect to the Journal connector and retrieve emails, the status will change to Service Error
    If the connector configuration is not successful, see the Troubleshooting Journaling article.
  5. View the current list of Journaling items by clicking the Queue Details button: