Customers currently using the Connect Application are advised to complete their onboarding setup as soon as possible, as the Connect Application is scheduled to be discontinued on the 31st of January, 2024.
This article contains information on the steps for Mimecast implementation, including configuring outbound and inbound email, recipient validation, journaling, and firewall settings based on purchased services.
Once the commercial contracts are completed, our Connect Team will be in touch to begin your Mimecast implementation. We break the implementation down into steps to keep it as simple as possible. The steps required to connect your infrastructure to Mimecast vary depending on the service(s) you've purchased. The table below identifies which steps you must complete.
| Service | Request for Information (RFI) | Setting Up Your Outbound Email | Configuring Recipient Validation | Configuring Journaling | Setting Up Your Inbound Email | Locking Down Your Firewall |
|---|---|---|---|---|---|---|
| Archiving | Y | N | Y | Y | N | N |
| Email Security | Y | Y | Y | N | Y | Y |
| Archiving and Email Security | Y | Y | Y | Y | Y | Y |
Request for Information
Once your order is processed by Mimecast, the Connect Team will email you an introductory email. This explains the Connect Process and includes links to documentation/knowledge base articles.
A unique link is also provided to allow you to provide us with the information we require to set up your account. The link displays a form where you can provide details about your account's:
-
-
- Main points of contact.
- IP addresses.
- Domains.
- Forwarding addresses.
-
It is important to get these details correct, as our Connect Team will create your account based on these details. Read the Connect Process: Request For Information (RFI) page for further details.
Configuring Outbound Email
Email routing through Mimecast begins with configuring your outbound emails. This includes configuring your firewall to allow access to our data center IP ranges for SMTP on port 25. When this is complete, we'll accept outbound emails for delivery for the internal domains specified in the RFI. This outbound-only mode of operation is usually run for several days to build a reputation of who your users email on a regular basis. These are added as your trusted senders.
Only one SMTP connector is required to direct outbound SMTP from your email server to Mimecast by any Exchange we support. However, we provide you with two smart hosts for full resilience.
Read the Setting up Your Outbound Email for further detail.
If you are using SPF records, these must be updated to include the Mimecast data center IP ranges. See the Configuring DNS Authentication (Inbound / Outbound) Definitions for further details.
Configuring Inbound Email
Mimecast must be configured to accept and process mail before it is delivered to your network. This is done by setting Mimecast as the configured host for your MX records. This allows DNS records to be directly emailed to Mimecast as part of the delivery over the Internet. The Connect Team will provide a set of DNS hostnames so a DNS record (or zone file) update can be made with your ISP.
Within a few days of the MX record update, ask your ISP for acknowledgment that the old MX record host will no longer be able to receive on your behalf. This is particularly important for other hosted providers.
Once your MX records have been configured to direct mail to Mimecast, we deliver mail to your environment based on your configured delivery routes. Read the Setting Up Your Inbound Email for further details.
Recipient Validation
Mimecast's security model must ensure it only delivers messages to valid email addresses for your business. We do this by integrating with your Exchange. For Microsoft and Lotus Domino users, we recommend that we integrate with your native directory to synchronize user information (e.g. email address, group structure). This allows us to automatically synchronize any changes to your Directory with no manual intervention.
While this is not the best practice, you can choose not to synchronize your directory structure. If you choose this option, you'll need to manually import a list of known user addresses to Mimecast. See the Importing Users via a Spreadsheet page for further information.
Mimecast communicates with your directory to synchronize the user data required. This requires the relevant port (listed below) to be open for communication on your firewall:
-
-
- LDAP - TCP port 389 (non-secure connection)
- LDAPS - TCP port 636 (secure or encrypted connection)
-
To encrypt the data, you must install a Secure Socket Layers (SSL) Certificate. Read the Connect Process: Configuring Recipient Validation for further detail.
Journaling
Journaling allows us to capture all internal emails to be added to your archive via one of the following methods:
-
-
- SMTP: This is the recommended method for all customers, except those running Exchange 2003.
- POP.
-
To encrypt the data, you must install a Secure Socket Layers (SSL) Certificate. Read the Journaling page for further detail.
Locking Down Your Firewall
At the end of your Connect Process, we require you to lock down your firewall to only accept connections from the Mimecast data center IP ranges. You could be exposing your mail server to Denial of Service (DoS) attacks and spam email delivery if the firewall is not configured correctly. This is a common method that spammers utilize to bypass gateway security services. Ensure you cancel any contracts with your previous email cloud security provider. This prevents any disruption to your email flow before you complete your firewall lock down.
Read the Connect Process: Locking Down Your Firewall for further detail.
Implementation Considerations
Before beginning the Connect process, it is important to consider the following:
-
-
- Existing archived data: You should consider exporting historical messages that you currently archive so that they can be imported into Mimecast.
- Existing services: It may not be possible to export organization policies from your existing email management service. If so, it may be necessary to document or record the required policies and settings created in Mimecast. This ensures the same account behavior occurs when email flow is moved to Mimecast. Read the Out Of The Box Settings page for more information.
- Validation and testing: Mimecast is deployed to many customers each month. The Connect Team runs a series of tests at each process stage to ensure a smooth deployment. However, we recommend that you plan and provision your acceptance testing.
-
Support and Upgrades
Mimecast offers a 24-hour, seven-day-a-week help desk (depending on your support contract) with different levels of SLA depending on your license. Our expert staff is available, but most of the time, you will not need our help. Mimecast is designed for self-service, allowing you to configure your account as you'd like.
Once the Connect Process is complete, your need to contact us will reduce. However, we are constantly working to ensure your services operate optimally. As Mimecast provides a SaaS platform, most of what we do will go unnoticed by you and your users. We will inform you when there are significant upgrades or changes to the management interface. Unlike other platforms or LAN-based applications, you won't need to do anything or worry about another upgrade again.
Comments
Please sign in to leave a comment.