This guide describes how to create/recreate Journaling for your Mimecast account.
If your Mimecast subscription includes the journaling feature and was created after the 26th of March 2015, a journal connector has already been created for you. This includes:
- Journal domain of journal.domain.com (where domain.com is the domain your organization provided as your primary mail domain).
- Journal contact: journaling@journal.domain.com.
Add Google Workspace IP Ranges as Authorized Outbounds
Ensure that the Google Workspace IP Ranges are added as authorized outbounds on your Mimecast account.
To view your authorized outbounds:
- Log in to the Mimecast Administration Console.
- Navigate to Email Delivery | Authorized Outbounds. A list of all configured IP addresses is displayed.
-
If you send emails from a shared hosting provider (i.e., Google Workspace), a message will show at the top of the Authorized Outbounds page as follows: "Your account is configured to process traffic from G Suite." If you are using another 3rd party hosting service, these IPs will not be listed on your account. You'll need to contact Mimecast Support to ensure your account is provisioned appropriately for this traffic.
Authorized outbound IPs can only be added by Mimecast support. An Administrator cannot add authorized outbound IPs on any Mimecast account. If you need to request authorized outbounds to be added, this request needs to be raised through a support case.
Configuring Google Workspace Host entries for Journaling
- Log in to your Google workspace Admin Console
- Navigate to Apps | Google Workspace | Gmail | Host
- Click on the Add route button.
- Complete the following fields:
| Field / Option | Description |
|---|---|
| Name | Specify an appropriate name (e.g., Journal to Mimecast). |
| Specify Email Server |
Select the Multiple Hosts option, and under Primary, enter both the hostnames for your region:
Use the Journal routing gateways relative to your region where your Mimecast account is hosted. For example, if you have a Mimecast account, please refer to the Mimecast Gateway page.
|
| TLS | Specify whether or not you wish to use TLS. |
- Click Save.
Create the Journaling Subdomain
Once an internal domain has been validated, you can add one or more subdomains. You don't have to register or validate subdomains.
To add one or more subdomains:
- Log in to the Mimecast Administration Console.
- Navigate to Users & Groups | Internal Directories.
- Click on the Add Subdomain button.
- Complete the dialog as shown below. If creating a journaling subdomain, enter the value in the Journaling column:
| Field / Option | Description | Journaling |
|---|---|---|
| Domain Name(s) | Enter up to 100 subdomains, with each subdomain on a separate line. | journal.<yourdomain>.com |
| Inbound Checks | Select the inbound checks to be performed on all external messages directed to the subdomain(s). | Accept all Inbounds for this Domain |
| Add Anti-Spoofing Policy | If selected, Anti-Spoofing Policies are applied to all messages directed to the subdomains. This prevents them from being spoofed from outside sources. | Unselected |
- Click Save and Exit.
Create the Journal Address/Contact
To create the journal address/contact in your journaling subdomain:
- Log in to the Mimecast Administration Console.
- Navigate to Users & Groups | Internal Directories.
- Click on the Journaling Subdomain you have just created.
- Click on New Address.
- Complete the following mandatory fields:
| Field / Option | Description |
|---|---|
| Email Address | This must be the same as the journal recipient created in the "Create a Journal Definition In Mimecast" step above. |
| Global Name | Provide an appropriate value to help in identifying its use. |
- Click Save and Exit.
Create the Journal Service Definition
To create the Journal Service Definition:
- Log in to the Mimecast Administration Console.
- Navigate to Archive | Journaling.
- Click on the New Journal Service Definition button:
- Complete the Journal Service Properties section as follows:
| Field / Option | Description |
|---|---|
| Description | Enter a name for the definition. |
| Transport Type | Select the SMTP option in the drop-down. |
| Disabled | Leave this option unchecked. If it is checked, the definition is not active. |
- Complete the Connection Properties section as follows:
| Field / Option | Description |
|---|---|
| Service Email Address |
Enter a Service Email Address using the format journaling@journal.domain.com (where domain.com is the primary SMTP domain). This is used throughout the rest of the journal configuration process. |
| Period of Inactivity Allowed | Defines how long the SMTP connector is allowed to be inactive without receiving any messages before it is reported as being "down" (default = 180 minutes). For example, if you operate in an environment with low email volumes, the Mimecast journal connector will receive a low volume of messages. Therefore, you can set this value to a much higher value than the default to cater for quiet periods (e.g., overnight). |
| Journal Type |
Specify either Exchange Envelope Journaling (EEJ) or Standard EML. Mimecast supports journaling in either Exchange Envelope Journaling (EEJ) or Standard EML format (in standard MIME format without the EEJ wrapper). Standard email (EML) files can only be assigned to mailboxes based on the message headers (which may not be reliable and don't include BCC recipients). As Google Workspace only sends a copy of a message to Mimecast, it is recommended for the EML journal type. |
| Encrypted | This option is selected by default but is not required. If checked, Mimecast will only accept journal messages over TLS. Journal messages not sent over TLS will be rejected. |
- Click Save and Exit. The journal definition is created.
Configure Google Workspace Routing for Internal and Journaling
- Log in to your Google Workspace Admin Console.
- Navigate to Apps | Google Workspace | Gmail | Routing
-
Locate the Internal Route rule and click Edit.
Internal Routing is not required for Journaling only. If the customer is configuring an Internal Route for journaling purposes, they do not need to add additional recipients.
- Complete the fields as below:
| Field / Option | Description |
| Routing | Specify an Appropriate name ( e.g., Internal plus Journaling) |
| Message to Affect | Select Internal - sending |
| Also deliver to |
|
Should you need to journal internal emails for certain domain(s) and exclude others, specify the journaled domain(s) by following the below screenshot:
Verify Google Workspace Journaling
Once your journaling configuration is complete, you can verify that the connections are working. To do this:
- Log in to the Mimecast Administration Console.
- Navigate to Archive | Journaling.
- Note the Service Status of the Journaling connector:
| Icon | Service Status | Description |
|---|---|---|
| Service Awaiting Initial Run | On initial configuration, the status icons for SMTP journal connectors will be orange, with a service status of Service Awaiting Initial Run. | |
| Service OK | Once the first message is received by the connector, the icon will change and the status will be updated to Service Enabled. | |
| Service Error | If Mimecast cannot connect to the Journal connector and retrieve emails, the status will change to Service Error. |
4. If the connector configuration is not successful, see the Troubleshooting Journaling article.
5. View the current list of Journaling items by clicking the Queue Details button.
Comments
Please sign in to leave a comment.