The article describes how Mimecast can be implemented together with ZorgMail Safe Relay. When this is implemented, all ZorgMail-related emails will be routed via Mimecast to and from ZorgMail based on a trusted and secure connection. The trust is based on the Mimecast Certificate that is know with ZorgMail.
This article contains information that can be used as guidance during the implementation. Be aware that every customer environment can be different, and therefore, settings should always be checked and tested.
The Email Flow Process
The email flow from the user via Mimecast to ZorgMail Safe Relay.
The Mimecast certificate is known with ZorgMail and will be added to the customer account. ZorgMail will check the validation of the Mimecast certificate to establish a secure (TLS) connection. Every customer needs to contact the ZorgMail support desk to have the Mimecast Certificate added to their ZorgMail setup. The Mimecast certificate will be recycled every year.
Mimecast and ZorgMail will update this certificate on time to make sure there is no downtime. However, it is the customer's responsibility to monitor if emails flow between Mimecast and ZorgMail.
Contact ZorgMail support to get the Mimecast Certificate added to the customer’s support@enovationgroup.com
General Configuration
In this section, we guide you through the general configuration within Mimecast. We expect that you understand Mimecast as a product and have knowledge of how to configure settings within Mimecast.
We also expect that you are familiar with the ZorgMail setup and that you understand how to configure (change) the ZorgMail connections and rules within Exchange (On-Premises and Microsoft
365).
Inbound Connector
To receive emails from ZorgMail, a secure connector is needed. With this connector, TLS is enforced based on the ZorgMail Safe Relay IP address.
-
Navigate to Mimecast Policies | Gateway Policies | Secure Receipt.
-
Click New Policy.
-
Give the Policy a name – “ZorgMail - Inbound”.
-
Select Enforce TLS.
-
On the Applies from option, select External Addresses.
-
On the Applies to option, select Internal Addresses.
-
Enter the IP Address into the Source IP Ranges field. The IP address of ZorgMail is 94.42.235.126/31
-
Click on Save and Exit.
Outbound Connector
For the outgoing connection from Mimecast to ZorgMail, a Delivery Route and Secure Delivery definition are needed.
Delivery Routing
The Delivery Route ensures that messages that need to be delivered via ZorgMail are sent to the Hostname of ZorgMail.
-
Navigate to Policies | Gateway Policies | Delivery Routing | Definition.
-
Click New Route Definition.
-
Give the description: ZorgMail - Outbound.
-
Give the Hostname: relay.zorgmail.nl
An alternative could be the IP Address 92.42.235.126
-
Click Save and Exit.
Secure Delivery Definition
The Secure Delivery definition ensures that the messages that go to ZorgMail are always delivered via a TLS connection.
-
Navigate to Policies | Gateway Policies | Secure Delivery | Definition.
-
Click on Add Secure Delivery Definition.
-
Give the Secure Delivery Definition the name – “ZorgMail – Secure Outbound”.
-
Select Enforce TLS and Strict as the Encryption mode.
-
Set SSL Mode to Very Strong.
-
Click Save and Exit.
Content Folder
A content folder is a good place to group the ZorgMail rules. The rules will be created in the following chapters.
-
Navigate to Policies | Gateway Policies | Content Examination |Definition.
-
Click on [+] in front of Root to create a new subfolder.
-
Click on New Folder.
-
Change the name to ZorgMail – Content Definitions.
-
Press Enter on your keyboard.
The general configuration is ready. In the next chapters, specific configuration will be explained for Exchange on-premises and Microsoft 365.
Comments
Please sign in to leave a comment.