Reseller Administrator Manual
advertisement
RESELLER
ADMINISTRATOR MANUAL
Reseller Administrator Manual
Table of Contents
Customer Onboarding .......................................................................................................................... 3
Overview ................................................................................................................................... 4
Organisation Configuration ....................................................................................................... 8
Exchange Configuration.......................................................................................................... 14
User Synchronisation .............................................................................................................. 28
Exchange Email Ingestion....................................................................................................... 30
Google Apps and Mailsphere.................................................................................................. 34
Customer Help Guides ....................................................................................................................... 36
Checking System Status ......................................................................................................... 37
Duplicate Emails in Archive..................................................................................................... 38
554 5.1.0 Sender Denied ........................................................................................................ 39
Attachment Policy Notifications ............................................................................................... 40
Reseller Administrator Manual
Page 2
Reseller Administrator Manual
Customer Onboarding
Reseller Administrator Manual
Page 3
Reseller Administrator Manual
Overview
The following article demonstrates the integration points used by a client or partner of Mailsphere.
Schedule Example
The following provides a guide to the implementation schedule that will be performed.
Steps:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Configure Mailsphere organisations and domain
Configure routing and firewalls
Synchronise users
Configure new receive connectors
Configure Mailsphere system settings
Configure new smarthost
Change MX records
Ingest old emails
Remove old receive connectors and smarthost
Steps 1, 2, 3 & 4 can take place on the same day. The Mailsphere organisations and domain
configuration takes only 30 minutes and completes the preparation in Mailsphere for receiving user
data and email communication tests. With the relevant resource available at both sides for
Mailsphere, Exchange and networking all these activities can be completed in 2 hours.
Once the users have been synchronised and the email and communication tests have been
completed. The system can be made live by completing the Mailsphere configuration, setting up a
new smarthost and updating the MX records. Mailsphere configuration is relatively simple and will
take no more than 2 hours with the right information available. Adding a new smarthost and
updating the MX records will take no more than 1 hour. Steps 5, 6 & 7 can all be performed on the
same day.
Once the MX record propagation has completed successfully and email is flowing through
Mailsphere then the old receive connector and smarthost can be removed from Exchange. This
takes no more than 1 hour. The ingestion of old email takes place at this point as it is important to
make sure Mailsphere receives everything. The Exchange ingestion method is only necessary if you
do not have an archive to ingest from currently. The ingestion will run as a background task and is
dependant on the size of the archive being ingested.
Reseller Administrator Manual
Page 4
Reseller Administrator Manual
Onboarding Integration
The first diagram shows the integration points between the Mailsphere onboarding services.
All the traffic between the local network and Mailsphere network is performed over HTTPS.
To configure the onboarding script the user will need administrator access to the server that
Exchange runs on and to run a powershell script and create a new user.
Reseller Administrator Manual
Page 5
Reseller Administrator Manual
Inbound Mail Delivery
This diagram demonstrates the flow of email being sent into the supported domain.
The email system needs to have its receive connector configured to allow SMTP traffic from:
eu1.mailsphere.mx 54.229.54.94
eu2.mailsphere.mx 54.229.40.39
Reseller Administrator Manual
Page 6
Reseller Administrator Manual
Outbound Mail Delivery
The flow of outbound mail delivery is demonstrated by the above diagram.
The email system and firewalls will need to be configured with a Smarthost using the following
details allowing SMTP traffic:
eu1.mailsphere.mx 54.229.54.94
eu2.mailsphere.mx 54.229.40.39
MX Records
The MX records will either be communicated at the time of onboarding or the default options will be
used:
Default MX records are:
Priority 10 - eu1.mailsphere.mx
Priority 20 - eu2.mailsphere.mx
Reseller Administrator Manual
Page 7
Reseller Administrator Manual
Organisation Configuration
Add an Organisation
The reseller administrator will see an additional option to Add an Organisation. This will open a
blank Organisation configuration form.
Contact Details
When you are in the add view there are two sections. The first section is contact
details and holds the following information:
1. Contact Type - this helps the support teams understand who they are
contacting if they need to contact your organisation. In some organisations this
Reseller Administrator Manual
Page 8
Reseller Administrator Manual
might be the IT administrator while in other it may be an Operations Manager or
another role responsible for looking after suppliers.
2. Contact Email Address - this can be either a group email or an individuals email
address and will only be used by Mailsphere and your system management
company to contact you regards Mailsphere.
3. Contact Telephone - this can be a landline or mobile and as with the email
address it will only be used for official Mailsphere business.
Organisation Details
The organisation details will be used in the invoicing so please complete this with the
correct information so that your invoice is detailed correctly.
Reseller Administrator Manual
Page 9
Reseller Administrator Manual
Remember to save
Once you have completed updating your settings please remember to save by
selecting Update Organisation
Organisations List View
To view or edit the detail information for your organisation please click on edit.
Add a Domain - Organisation selection
If you manage multiple organisations within Mailsphere then you can select which organisation you
wish to update using the drop down list.
Reseller Administrator Manual
Page 10
Reseller Administrator Manual
Domain Name
By selecting the Add Domain menu you are asked to enter the domain name you wish
to add. Enter the valid domain name and then select 'Add Domain' to continue.
Edit your new domain
When the domain list screen is displayed you will see your new domain added. Select
Edit to continue with the set up.
Reseller Administrator Manual
Page 11
Reseller Administrator Manual
Incoming Addresses
In the incoming addresses section add either the IP addresses, in either IPv4 or IPv6
formats, or an address range or a standard domain name that you wish Mailsphere to
accept email from. For these IP addresses only Mailsphere will act as an SMTP
gateway for your domain.
If your ISP changes your public IP address that your email system sits behind, then
this is where you will need to update the address so that Mailsphere continues
supporting your system. You can add multiple so if you are expecting a change or if
you have a failover IP then all of these can be entered and will be operational at the
same time.
Reseller Administrator Manual
Page 12
Reseller Administrator Manual
Outgoing Addresses
When you are configuring the addresses to be used by Mailsphere to deliver email
into your organisation you must also define which is the primary and which are
secondary. There should only be one primary but you can configure multiple
secondary.
1. Select the priority
2. Enter the destination IP address (IPv4 and IPv6 formats accepted) or a
standard domain name
If you you like these IP addresses tested then please email
support@mailsphere.co.uk specifying the domain and the outgoing address that you
would like us to test.
Reseller Administrator Manual
Page 13
Reseller Administrator Manual
Exchange Configuration
The following article covers the configuration required for MS Exchange 2003, 2007 & 2010
MS Exchange 2003
There are three steps to this. The Smarthost and the receiving connector configuration are
mandatory while the journaling configuration is required if you wish to archive internal
communications also.
Smarthost Configuration
The following steps should only be performed once you have confirmed that the
Mailsphere configuration is complete.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
Open “Exchange System Manager”.
Disable any existing SMTP connectors.
Right click “Connectors” and select “New”, “SMTP Connector”.
Specify the “Name” as “Mailsphere”.
Select “Forward all mail through this connector to the following smart
hosts”.
Specify your smart host as "eu2.mailsphere.mx".
Click the “Add” button to add all your local bridgehead servers.
Navigate to the “Address space” tab.
Click the “Add” button.
Select “SMTP” and click “OK”.
Keep the default values for “Email domain” and “cost” (“*” and “1”).
Click “OK”.
Click “Apply”.
Click “OK”.
Receive Connector
The following steps should be performed once you have made configuration changes
to your network and firewalls to allow transport from Mailsphere IP addresses found
below on port 25.
1. Open Exchange System Manager.
Reseller Administrator Manual
Page 14
Reseller Administrator Manual
2. If Administrative Groups is displayed, expand the Administrative Groups
folder.
Otherwise proceed to step 4.
3. Expand First Administrative Group or the relevant group if it has been renamed
as.
4. If Routing Groups is displayed, expand the Routing Groups folder or proceed
to step 6
5. Expand the First Routing Group.
6. Navigate to “Connectors”.
7. Right click and select "New" followed by "SMTP Connector".
8. Enter a name for the new connector i.e. Mailsphere1.
9. Select Forward all mail through this connector.
10. Enter the eu1.maiilsphere.mx into the smart hosts field.
11. Under Local Bridgeheads, select the Add button.
12. Select the appropriate Exchange server from the list and click OK.
13. Click the Apply button to save the SMTP Connector Properties.
14. Select the Address Space tab.
15. Click the OK button.
16. Select SMTP as the Address Type.
17. Keep the default values given.
18. Click the OK button twice.
Create a second SMTP connector by repeating steps 6 - 18 using the FQDN
eu2.mailsphere.mx in step 10.
Once the new connectors has been added and you are confident that the Mailsphere
configuration is complete you can remove any other receive connectors that may have
been used to receive email from the internet or via another service.
Journaling Setup
Unfortunately Journaling is not supported in Exchange 2003 because the
configuration cannot be restricted to internal email only. This is a limitation of MS
Exchange 2003 and if used can result in duplicate emails being recorded in the
archive.
Reseller Administrator Manual
Page 15
Reseller Administrator Manual
MS Exchange 2007
There are three steps to this. The Smarthost and the receiving connector configuration are
mandatory while the journaling configuration is required if you wish to archive internal
communications also.
Smarthost Configuration
The following steps should only be performed once you have confirmed that the
Mailsphere configuration is complete.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
Open “Exchange Management Manager”.
Navigate to “Organization Configuration”, “Hub Transport”.
Navigate to the “Send Connectors” tab.
Disable any existing SMTP connectors.
Create a new send connector.
Specify the “Name” as “Mailsphere”.
Click “Next”.
Click the “Add” button to add a new address space.
Specify “*” as the “Address” value and check “Include all subdomains”
Specify “1” as the “Cost” value.
Click “OK”.
Click “Next”.
Select “Route mail through the following smart hosts”.
Click “Add”.
Specify your smart host as the “eu2.mailsphere.mx”.
Click “OK”.
Click “Next”.
Click “Next”.
Ensure that all your bridgehead servers are added in the “Source Server” list.
Click “Next”.
Click “New”.
Click “Finish”.
Receive Connector
The following steps should be performed once you have made configuration changes
to your network and firewalls to allow transport from Mailsphere IP on port 25.
Reseller Administrator Manual
Page 16
Reseller Administrator Manual
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
Open “Exchange Management Console”.
Navigate to “Server Configuration”, “Hub Transport”.
Navigate to the “Receive Connectors” tab.
Select to Add a new receive connector.
Specify the “Name” as “Mailsphere” and the “Use” as “Custom”.
Click “Next”.
Leave the internal network settings as they are and click "Next"
Click the “Add” button to add new Remote Network Settings.
Enter the IP as 54.229.40.39
Click “OK”.
Click the “Add” button to add new Remote Network Settings.
Enter the IP as 54.229.54.94
Click “OK”.
If a record exists for 0.0.0.0-255.255.255.255 this should be deleted.
Click “Next”.
Click "New"
Once the new connector has been added and you are confident that the Mailsphere
configuration is complete you can remove any other receive connectors that may have
been used to receive email from the internet or via another service.
Journaling Setup
Review the following Microsoft article for SMTP journaling in Exchange 2003:
http://technet.microsoft.com/en-us/library/bb124642(EXCHG.65).aspx
Using the Microsoft article above create an SMTP contact for
"journal@mailsphere.mx".
1.
2.
3.
4.
5.
6.
7.
8.
9.
Open “Exchange Management Console”.
Ensure that the “msexjournal” user has mailbox (WebDAV retrieval only).
Navigate to “Organization Configuration”, “Hub Transport”.
In the “Journaling” tab found in the middle pane, right click and select "New
Journal Rule".
Right click “Mailbox Store” and select “Properties”.
Type a name for this rule and click the “Browse” button to bring up the “Select
Recipient” dialog.
Choose the "journal@mailsphere.mx" contact, click "OK".
Next, you need to specify the scope of the messages you want to journal.
Set the scope to “Internal internal messages only”.
Reseller Administrator Manual
Page 17
Reseller Administrator Manual
10. Click “New” to create your rule, after which you can click “Finish” to complete
the process.
MS Exchange 2010
There are three steps to this. The Smarthost and the receiving connector configuration are
mandatory while the journaling configuration is required if you wish to archive internal
communications also.
Smarthost Configuration
The following steps should only be performed once you have confirmed that the
Mailsphere configuration is complete.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
Open “Exchange Management Console”.
Navigate to “Organization Configuration”, “Hub Transport”.
Navigate to the “Send Connectors” tab.
Disable any existing SMTP connectors.
Create a new send connector.
Specify the “Name” as “Mailsphere” and the “Use” as “Internet”.
Click “Next”.
Click the “Add” button to add a new address space.
Specify “*” as the “Address” value and check “Include all subdomains”
Specify “1” as the “Cost” value.
Click “OK”.
Click “Next”.
Select “Route mail through the following smart hosts”.
Click “Add”.
Specify your smart host as the fully qualified domain name
"eu1.mailsphere.mx"
Click "OK"
Click “Add”.
Specify your smart host as the fully qualified domain name
"eu2.mailsphere.mx"
Click “OK”.
Click “Next”.
Click “Next”.
Ensure that all your bridgehead servers are added in the “Source Server” list.
Click “Next”.
Reseller Administrator Manual
Page 18
Reseller Administrator Manual
24. Click “New”.
Click “Finish”.
Receive Connector
The following steps should be performed once you have made configuration changes
to your network and firewalls to allow transport from Mailsphere IP on port 25.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
Open “Exchange Management Console”.
Navigate to “Server Configuration”, “Hub Transport”.
Navigate to the “Receive Connectors” tab.
Select to Add a new receive connector.
Specify the “Name” as “Mailsphere” and the “Use” as “Custom”.
Click “Next”.
Leave the internal network settings as they are and click "Next"
Click the “Add” button to add new Remote Network Settings.
Enter the IP as 54.229.40.39
Click “OK”.
Click the “Add” button to add new Remote Network Settings.
Enter the IP as 54.229.54.94
Click “OK”.
If a record exists for 0.0.0.0-255.255.255.255 this should be deleted.
Click “Next”.
Click "New"
Once the new connector has been added and you are confident that the Mailsphere
configuration is complete you can remove any other receive connectors that may have
been used to receive email from the internet or via another service.
Journaling Setup
Journaling allows internal email to be archived. This is important if any regulations
need to be met by archiving electronic communication.
The following section details the configuration of Journaling in Exchange 2010.
To support this method of Journaling it is necessary to create a custom SMTP
recipient for Exchange server with the email address journal@mailsphere.mx
Open “Exchange Management Console”.
Reseller Administrator Manual
Page 19
Reseller Administrator Manual
1. Navigate to “Organization Configuration”, “Hub Transport”.
2. In the “Journal Rules” tab found in the middle pane, right click and select "New
Journal Rule".
3. Enter the Rules Name as "Mailsphere"
4. Enter the mailbox the following email address to send journal reports to
"journal@mailsphere.mx"
5. Select "Internal - internal messages only"
6. Click “New” to create your rule, after which you can click “Finish” to complete
the process.
Office 365
There are three steps to this. The receiving connector and the outbound connector configuration are
mandatory and the journaling configuration is required if you wish to archive internal communications
also.
Exchange Administration Steps
Go to the Exchange administration console
Reseller Administrator Manual
Page 20
Reseller Administrator Manual
Access the Mailflow - Connectors management screen
To access the desired administration screen select:
1. 'Mail Flow' followed by
2. 'Connectors'
Reseller Administrator Manual
Page 21
Reseller Administrator Manual
Inbound Connector Configuration
Specify the connector name as "Mailsphere Inbound" and ensure that Partner is
selected as the connector type.
Inbound Connector Security
If you have a valid certificate then we recommend using "Force TLS". Mailsphere
supports TLS but a valid certificate for your own domain is required to work throughout
the mail flow.
If you do not have a certificate then leave this setting on "Opportunistic TLS".
Reseller Administrator Manual
Page 22
Reseller Administrator Manual
Inbound Connector Scope
Under Domains enter an asterisk (*) to signify that this connector will be active for all
email.
Under IP addresses add the following for Mailsphere:
54.229.40.39
54.229.54.94
The final configuration option can be left blank and the connecter saved.
Reseller Administrator Manual
Page 23
Reseller Administrator Manual
Outbound Connector Configuration
Set the outbound connecter name as "Mailsphere Outbound" and ensure that the
connector type is set to Partner.
Outbound Connector Security
Set the connection security as "Trusted certification authority (CA)" so that TLS is
always used. Mailsphere uses 256bit certificates to ensure optimum security is
available.
Reseller Administrator Manual
Page 24
Reseller Administrator Manual
Outbound Delivery
Change the outbound delivery to "Route mail through smart hosts" and then add the
following as the available SMART HOST:
eu1.mailsphere.mx
eu2.mailsphere.mx
Outbound Domains
Leave criteria based routing disabled and add a record in the Domains with a wildcard
for all outbound domains by entering an asterisk (*).
Reseller Administrator Manual
Page 25
Reseller Administrator Manual
Once this has been entered you may now save your outbound connector
configuration.
Journal Internal Email
To access the relevant administration screen select:
1. Compliance Management
2. Journal Rules
Journal Rule
Add a new journal rule using the + sign.
Send journal reports to:
Reseller Administrator Manual
Page 26
Reseller Administrator Manual
journal@mailsphere.mx
Set the rule name to:
Mailsphere Internal
1. Select "Apply to all message" from the first drop down list.
2. Select "Internal messages only" from the second drop down list.
You may now save the new journal rule and all internal email will be archived in
Mailsphere.
You may be warned that no NDR recipient is set up. If you wish to set up an NDR
recipient please follow the Microsoft guidelines
Reseller Administrator Manual
Page 27
Reseller Administrator Manual
User Synchronisation
Instructions for Mailsphere on how to run the script.
Prerequisites
• PowerShell 3.0
• .Net Framework 4.0 (required to install Powershell 3.0)
• Access to exchange server (script must be run locally on exchange)
Steps to run user sync script
Please use this one as I realised the previous was for the UAT system.
Ignore the other document, that was mainly guidance for synchronisation existing email in Exchange
which isn't necessary as we will be moving your current archive from Evaden.
When you open the script copy this on to your Exchange server and open the Exchange Power
Shell.
In the Exchange Power shell go to the folder where you stored the script and run the script by simply
typing the following where [ENTER] is pressing the enter key to complete the command:
getAllMailboxes.ps1
[ENTER]
{username supplied by your Mailsphere representative}
[ENTER]
{password supplied by your Mailsphere representative}
[ENTER]
This will synchronise the users with Mailsphere. If you experience any errors then please report
back to Mailsphere.
Powershell 2.0 Workaround
Workarounds
If the HTTP post fails (e.g. because an older powershell), there is a workaround:
Reseller Administrator Manual
Page 28
Reseller Administrator Manual
The script will have created a file “mailboxes.xml” in the local directory.
Use the following command in Terminal to uploade the XML output to Mailsphere.
curl -X POST -d @mailboxes.xml https://portal.mailsphere.co.uk/customers/exchangemailboxes?user=USER\&password=PASSWORD --header "Content-Type:text/xml"
Reseller Administrator Manual
Page 29
Reseller Administrator Manual
Exchange Email Ingestion
This article describes how to use the onboarding tool (OT) for exchange server.
Introduction
The onboarding process consists of following steps:
• Retrieve a list of users to ingest from Mailsphere.
• Iterate through all users and their messages
• Process the messages by sending to Mailsphere
Prerequisites
•
•
•
•
•
Java 7 installed
A copy of the onboarding tool supplied by Mailsphere
Enable Exchange web services on Exchange server
Open ports to Mailsphere on port 443
Credentials of ingest user in Exchange who can read messages in all mailboxes (see
'Settings Permissions' below)
• Credentials of a Mailsphere RestAPI account
• Run the Exchange User Sync script first
Reseller Administrator Manual
Page 30
Reseller Administrator Manual
Setting Permissions - Exchange 2010
To facilitate the email ingestion from Exchange 2010 we need to ensure that
Exchange Web Services are running on the target exchange server and that a user is
set up with access to all mailboxes.
1. Configure a new ingest user in the AD and Exchange and record the username
and password
2. Add the username to the onboarding tool configuration file - the password will
be asked when you run the script
3. Run the following Exchange shell script to give the necessary permissions to
the new ingest user
New-ManagementRoleAssignment -Name:exchangeImpersonation -Role:ApplicationImpersonation User:IngestExchangeUser
Get-Mailbox | Add-MailboxPermission -User “IngestExchangeUser” -AccessRights FullAccess InheritanceType All
Note: where it states IngestExchangeUser please use the new user name that you
just created in AD and Exchange
Setting Permissions - Exchange 2007
To facilitate the email ingestion from Exchange 2007 we need to ensure that
Exchange Web Services are running on the target exchange server and that a user is
set up with access to all mailboxes through impersonation.
1. Configure a new ingest user in the AD and Exchange and record the username
and password
2. Add the username to the onboarding tool configuration file - the password will
be asked when you run the script
3. Run the following Exchange shell scripts to give the necessary permissions to
the new ingest user
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object {AddADPermission -Identity $_.distinguishedname -User (Get-User -Identity IngestExchangeUser |
select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.DistinguishedName -User
IngestExchangeUser -ExtendedRights ms-Exch-EPI-May-Impersonate}
Reseller Administrator Manual
Page 31
Reseller Administrator Manual
Get-Mailbox | Add-MailboxPermission -User “IngestExchangeUser” -AccessRights FullAccess InheritanceType All
Note: where it states IngestExchangeUser please use the new user name that you
just created in AD and Exchange
For more information on setting up EWS impersonation on Exchange 2007 please
follow this link:
http://msdn.microsoft.com/en-us/library/bb204095(v=exchg.80).aspx
Running the tool
The onboarding script is run using following command where 'mail-sync.jar' is the
name of the ingest tool jar file and path/to/config/file is the path and name of the
properties file.
java -jar mail-sync.jar ingest path/to/config/file
If the supplied jar is called 'mailsphere-mail-sync.jar' and both it and the properties file
is called 'mailsync.properties' and both are stored in the same folder then use the
command prompt to access the folder holding these files and run the following:
java -jar mailsphere-mail-sync.jar ingest mailsync.properties
Example configuration file
Contents of an example configuration file:
# Example configuration of MailSync ingestion tool
# host and port of MailsphereUI server
mailsync.mailsphere.host=https://portal.mailsphere.co.uk
mailsync.mailsphere.port=443
# User with privileges to access Mailsphere REST interface
mailsync.mailsphere.user=api
# Password for mailsphere, if left commented out or empty it will be requested
mailsync.mailsphere.password=password
# Exchange server EWS endpointUrl
exchange.endpoint.url=https://localhost/EWS/Exchange.asmx
# Credentials for test user accessing mailboxes
# This user must have permission to access exchange.userName
exchange.credentials.username=admin.user
Reseller Administrator Manual
Page 32
Reseller Administrator Manual
# Password for exchange, if left commented out or empty it will be requested
exchange.credentials.password=admin/user/password
# Ignored folders
# System - users don't have access to this folder
# Deletions - contains permanently deleted messages
exchange.folders.ignored=Drafts,Deletions,System
# Used if you want to limit which accounts to ingest from
#exchange.mailbox.use-whitelist=false
#exchange.mailbox.whitelist=test.user1@demolab.co.uk,test.user2@demolab.co.uk,test.
user3@demolab.co.uk
# Set how many items to retrieve in one query when listings folders' contents
exchange.items-per-request=100
# Set delay in ms between two queries to Exchange servers, set to 0 to turn off delay
exchange.query-interval=0
If you wish to limit the ingest to specific mailboxes then the whitelist configuration can
be used by changing the following lines:
# Used if you want to limit which accounts to ingest from
exchange.mailbox.use-whitelist=true
exchange.mailbox.whitelist=ingest.mailbox1@demo.com,ingest.mailbox2@demo.com
Reseller Administrator Manual
Page 33
Reseller Administrator Manual
Google Apps and Mailsphere
You can use Google Apps for business (Gmail) with Mailsphere.
Setting Up Mailsphere
After the organisation has been configured the following set up should be performed in Domains for
that Organisation.
Domain - Incoming Configuration
The incoming IP addresses actually have to be any of Googles mail servers.
Currently the following IP addresses need to be added as the Incoming servers:
216.239.32.0/19
64.233.160.0/19
66.249.80.0/20
72.14.192.0/18
209.85.128.0/17
66.102.0.0/20
74.125.0.0/16
64.18.0.0/20
207.126.144.0/20
173.194.0.0/16
Domain - Outgoing Configuration
The outgoing IP addresses are defined here: http://support.google.com/a/bin/
answer.py?hl=en&answer=174125
Mailsphere supports DNS names as well as IP addresses so these are fine to put
straight in.
Reseller Administrator Manual
Page 34
Reseller Administrator Manual
Currently the values are:
ASPMX.L.GOOGLE.COM
ALT1.ASPMX.L.GOOGLE.COM
ALT2.ASPMX.L.GOOGLE.COM
ASPMX2.GOOGLEMAIL.COM
ASPMX3.GOOGLEMAIL.COM
Setting up Google Apps
1) Setup Google apps to use mailsphere as a “outbound mail gateway” http://support.google.com/a/
bin/answer.py?hl=en&answer=178333
Use the standard Mailsphere IP address/addresses/load balancer as the destination.
2) Ensure that Google apps forwards all internal email via this gateway too.
Reseller Administrator Manual
Page 35
Reseller Administrator Manual
Customer Help Guides
Reseller Administrator Manual
Page 36
Reseller Administrator Manual
Checking System Status
To confirm that the Mailsphere system is running the following link can be used:
https://portal.mailsphere.co.uk/service-status
This link will show the last time that an email was successfully processed through the Mailsphere
cloud.
Mailsphere Service Status
The above message is accurate to the last 60 seconds and can be checked 24 hours a day.
Reseller Administrator Manual
Page 37
Reseller Administrator Manual
Duplicate Emails in Archive
If you find that duplicate emails are appearing in the archive then this is most likely related to
journaling being incorrectly configured.
The correct configuration of journaling will be configured for internal email only. If it is configured for
all email then any email that is inbound from an external sender or outbound to external recipients
will result in a duplicated entry being added to the archive.
The happens because the Unique ID (UID) associated with the email is overridden when a journaling
envelope is created. The envelope contains additional data added by the email system. Because
the UID is different from the original email UID the Mailsphere archive treats it as a unique email
even though it is actually a duplicate.
Resolution: If you are experiencing duplicate emails in the archive please check the Exchange
Configuration article and ensure that your journaling rules for your version of MS Exchange are
correctly set up.
Reseller Administrator Manual
Page 38
Reseller Administrator Manual
554 5.1.0 Sender Denied
When an email sender reports a delivery failure message 554 5.1.0 Sender Denied it will be related
to the filtering features available in Microsoft Exchange.
Example delivery failure notification received by sender
Depending on the version of Exchange this can simply be a denied sender list or it may be related to
the Safelist Aggregator that is available in Exchange 2010 and Exchange 2013.
http://technet.microsoft.com/en-us/library/bb125168(v=exchg.150).aspx
Reseller Administrator Manual
Page 39
Reseller Administrator Manual
Attachment Policy Notifications
The attachment policies applied to all incoming email. When an incoming email violates the
attachment policy it is processed in a similar way to a virus. The email is destroyed, the sender
notified that delivery was not possible and a notification is sent based on the Virus Settings
System - Virus Settings
The Virus settings allow you to define whether all recipients receive a notification of a destroyed
email or whether only an administrator or nobody receives these notifications.
We recommend that someone receives a notification so that internal enquiries can be better
handled. For administrators routing to a single mailbox could be a good option if your users don't
Reseller Administrator Manual
Page 40
Reseller Administrator Manual
wish to receive these notifications. That way you can monitor the occurrence and supply informed
support when required.
Blocked Attachment Types
The following attachment types are blocked by Mailsphere:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
*.ade
*.adp
*.bat
*.chm
*.cmd
*.com
*.cpl
*.exe
*.hta
*.ins
*.isp
*.jse
*.lib
*.mde
*.msc
*.msp
*.mst
*.pif
*.scr
*.sct
*.shb
*.sys
*.vb
*.vbe
*.vbs
*.vxd
*.wsc
*.wsf
*.wsh
If a user wishes to receive one of the above attachment types they should use an
encrypted compressed file to receive or, preferably use an FTP site or cloud storage
solution to transfer.
Reseller Administrator Manual
Page 41
