Email Security Setup Wizard - Outbound Mail (Jersey)

Updated

This article contains information on updating your SPF record to authorize Mimecast as an email sender, configuring outbound mail routing, and setting up connectors in Microsoft 365 and Google Workspace for secure email delivery.

This article is relevant to the Jersey region only.

Verifying your SPF Record

You must update your SPF record to ensure Mimecast can send emails from your domain. This verifies Mimecast as an approved sender of emails from your domain. We recommend configuring this if you don't have an SPF record.
You can use the provided Record value to update or replace your SPF record. This update is completed outside of the Email Security Setup Wizard. The process depends on your DNS provider, and therefore the following steps are a general guide:

Verify SPF record

  1. First, log on to your Domain Registrar.
  2. Next, update or replace the existing SPF record.
  • Remove all previous SPF records if all emails for your domain will be routed via Mimecast.
  • If you have other outbound sources for your domain, you will need a combined SPF record. In this instance, we recommend that Mimecast is the first entry of the SPF record. 
  1. Once updated, navigate back to the Email Security Setup Wizard.
  2. Click Verify SPF Record.
  3. A green tick confirms that the SPF record is valid. Should there be an error, select Previous to go back to the previous screen.
  4. If all details are correct, click Next.

If you are onboarding multiple domains, use the drop-down to select your other domains and repeat the above process to verify the SPF record of each domain.

Configuring your Outbound Mail Routing 

If you have validated all your domains with Mimecast, you can use a wildcard (*) to route all outbound mail via your Mimecast account. If you only validated some domains, you must ensure that only outbound mail from validated domains will be routed via your Mimecast account. This functionality is only available on Microsoft 365.

You will see one of the following based on your Mail Infrastructure options chosen.

Microsoft 365 

The Microsoft 365 Account Hostnames are displayed and need to be used in a connector within your Microsoft account, by using the following steps:

  1. Log on to the Microsoft 365 Administration Console.
  2. Navigate to Mail Flow | Connectors.
  3. Click Add a Connector.
  4. Set the Connection From option to Office 365.
  5. Set the Connection To option to Partner Organization.
  6. Enter a Name and Description for the connector.
  7. Leave the Turn it on option enabled.
  8. Click Next.

  9. Select Only when email messages are sent to these domains if you have validated all domains.

    If you have only validated some of your domains, you must create a Transport Rule and select Only when I have a transport rule set up that redirects messages to this connector option.

  10. Enter a wildcard (*) and click the button.
  11. Click Next.
  12. Select Route email through these Smart Hosts.
  13. Individually enter both of the provided Smart Hosts and click the button. 
  14. Click Next.
  15. Select the following options:
  • Always use Transport Layer Security (TLS) to secure the Connection.
  • Issued by a trusted certificate authority (CA).
  1. Click Next.
  2. Enter an email inside your domain and click the button. 
  3. Click Validate.
  4. Click Next.
  5. Review the connector summary. 
  6. Click Create connector.
  7. Navigate back to the Email Security Setup Wizard and click Next.

Google Workspace 

The Standard Account Hostnames are displayed and need to be used in a connector within your Google Workspace account, by using the following steps:

  1. First, log on to the Google Workspace Administration Console.
  2. Navigate to Apps | Google Workspace | Gmail | Hosts.
  3. Click Add Route.
  4. Complete the following fields:
Field / Option Description
Name Specify an appropriate name (e.g., Mimecast Outbound Gateway).
Specify Email Server

Use the dropdown to select the Multiple Hosts option and enter the hostnames for your region:

  • xx-smtp-outbound-1.mimecast.com
  • xx-smtp-outbound-1.mimecast.com

    Replace 'xx' within the hostname with your region code. For a complete list of regional hostnames, see the Mimecast Gateway page.

  • Set the Ports at 25.
  • Each Host set should be set to 50%
TLS Specify whether you wish to use TLS.
  1. Click Save.

  2. Navigate back to the Email Security Setup Wizard and click Next.

    If you have only validated some domains, you must configure your routing to affect an address list containing the domains you have validated.

You can configure your routing, by using the following steps:

  1. Navigate to Apps | Google Workspace | Gmail | Routing.
  2. Click Configure / Add Another Rule next to the Routing section. 
  3. Enter a name for the route.
  4. Configure the Route as below: 
Field / Option Description
Email messages to affect Select Outbound.
For the above types of messages, do the following:
  • Use the dropdown to select Modify Message.
  • Select the Route | Change Route.
  • Use the route dropdown to select the hostname route previously created.
  1. Scroll down and select Show Options.
Field / Option Description
Envelope filter

Select Only affect specific envelope senders:

  • Use the dropdown to select Pattern Match.
  • In the Regexp field, enter "@yourdomain.com".
  1. Click Save.
  2. Navigate back to the Email Security Setup Wizard application and click Next.

On-Premises 

You can set up for On-Premises, by using the following steps:

  1. In the Outbound IP Addresses text box, enter the IP addresses for your organization. These IP addresses must be:
  • Unique and owned by your organization. 
  • Used for email. 
  • Entered on a separate line.
  • Written in CIDR notation (n.n.n.n/x).
  1. Click Add Addresses.
  2. Click Next.

Routing your outbound mail to Mimecast in Exchange is accomplished by creating a send connector. Again, this must be completed outside of the Email Security Setup Wizard

Use the hostnames provided in the Email Security Setup Wizard to create a send connector.
For more information on how to configure SMTP connectors, see Setting up an SMTP Connector - Exchange.

Once complete, navigate back to the Email Security Setup Wizard and click Next.

Hybrid

You can set up for Hybrid, by using the following steps:

  1. In the Outbound IP Addresses text box, enter the IP addresses for your organization. These IP addresses must be:
  • Unique and owned by your organization.
  • Used for email.
  • Entered on a separate line.
  • Written in CIDR notation (n.n.n.n/x).
  1. Click Add Addresses.
  2. Click Next.

Complete the outbound routing for Microsoft 365 or Google Workspace and On-Premises Exchange as detailed above. 

Once complete, navigate back to the Email Security Setup Wizard and click Next.

Configuring Journaling

Journaling transfers copies of all internal emails from your email servers to Mimecast. This ensures that a complete archive of all the organization's emails is stored in a searchable, secure off-site environment. You can configure the rules that allow internal email communications to be captured. This allows inbound, outbound, and internal emails to be added to the archive and processed through security policies.

To configure your Journaling while using Email Security Setup Wizard, you must:

  1. Select your primary domain in the Domain drop-down.

    If you have validated only one domain, then it will be auto-populated in the domain field.

  2. Click Create Address button, and it should create a service address and Journaling Smart Hosts information for you.

    Journaling
    Verify Journaling

    The Email Security Setup Wizard journal connector step creates a default (Journal Service Definition) on your Mimecast account, including the following internal journal domain and journal address: Journal Domain: journal.domain.com (where domain.com is the domain you selected in the Domain drop-down menu )Journal Address: journaling@journal.domain.com.

  3. Configure Journaling on your email server or hosted email service. The process for configuring Journaling on your email server or hosted email service depends on the type of exchange you use. Please follow the below instructions based on your choice of infrastructure.

Microsoft 365

To enable you to set up Microsoft 365 Journaling to work with Mimecast, follow the instructions in the Configuring Microsoft 365 Journaling page.

On-Premises Exchanges

The process for configuring Journaling on an On-Premises Exchange depends on the type of exchange you use. See Journaling - Exchange Appliance Journaling for complete details.

Hosted Exchanges (HEX)

As Journaling is a standard Exchange feature, all Hosted Exchange (HEX) environments should support Journaling. This typically requires a separate Organization Unit (OU) to be created for each tenant. Once this is done, each tenant could configure their organization settings. The tenant administrator logs into the web console to configure a journal rule. Provide your hosting provider with the instructions relevant to your version of Exchange. See the links above for further details.

Google Workspace

To enable you to set up Google Workspace Journaling to work with Mimecast, follow the instructions on the Configuring Journaling for Google Workspace page.

Mimecast does not provide Journaling services for Domino, Send Mail, MAC Mail Server, and Squirrel Mail.

Configuring your Mail Forwarding Addresses

To ensure delivery of emails forwarded outside your company via a'relay' (e.g., an email sent to user@yourdomain.com forwards to user@freemail.com), you must add these addresses as Forwarding Addresses. These should include external members of distribution lists.

You can configure your Mail Forwarding Addresses, by using the following steps:

Outbound Mail Forwarding Address

  1. Enter up to 50 addresses in the Forwarding Addresses text box.

    More addresses can be added in the Mimecast Administration Console, once completed onboarding.

  2. Click Next to proceed to configure the Email Security Setup Wizard - Inbound Mail, or, if this has already been completed, click Next to review your summary.

Summary 

Review the summary of your onboarding information. If correct, click Finish. You must contact Professional Services to continue onboarding if the summary contains incorrect information. Either reply to your initial implementation email or access your implementation case at the Mimecast Support Center.

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.