Download - Proofpoint Email Continuity Administrator’s Guidecreative.att.com/seg/support/enterprise/Continuity_Admin_Guide.pdf · “Email Continuity” chapter in the Proofpoint Administration

1 of 66 Proofpoint Confidential and Proprietary © 2017 July 2017 rev J

Proofpoint Email Continuity Administrator’s Guide

Introduction

Proofpoint Email Continuity is a cloud-based email continuity solution that enables members of your Organization to continue to receive and reply to email messages when your mail servers are temporarily off-line. It provides an always-on secondary email service for cloud services such as Office 365 and Google Apps, and platform agnostic support for on-premise solutions such as Microsoft Exchange.

When Email Continuity is licensed, copies of messages to your Organization are stored in the Proofpoint Cloud Email Continuity Service for a period of 30 days or 1 GB per mail box. Users have access to their messages using a Webmail portal to the Proofpoint Cloud, authenticating with either their Proofpoint IdP credentials or your Organization's supported SAML 2.0 Identity Provider (IdP).

In the event of an outage, end users continue to send and receive emails via the Email Continuity Web Portal. Users can access the Email Continuity portal from within Outlook using the Continuity by Proofpoint folder in Exchange or with the Email Feedback for Microsoft Outlook Plug-in. Email Continuity is a no-maintenance service that mitigates the risk of email downtime and lost productivity.

Email Continuity is also supported in an optimized web mail interface for iOS (Safari browser) and Android (Android browser) for mobile devices.

Contents

Introduction.................................................................................................................................................... 1 How Email Continuity Works ......................................................................................................................... 2

External Emails ........................................................................................................................................ 2 Internal Emails ......................................................................................................................................... 2 Contact and Calendar Synchronization Service ...................................................................................... 3 Additional Documentation ........................................................................................................................ 3

About Administrators ..................................................................................................................................... 3 Admin Center Interface ............................................................................................................................ 4 Additional Email Continuity Administrators .............................................................................................. 6

Microsoft Exchange Server Setup for Email Continuity ................................................................................ 6 Pre-requisites for Internal Email Setup .................................................................................................... 6 Exchange 2013 ........................................................................................................................................ 6

Send Connector ............................................................................................................................... 7 Mail Contact ................................................................................................................................... 12 Journal............................................................................................................................................ 14 Standard Journaling ....................................................................................................................... 14 Premium Journaling ....................................................................................................................... 16

Exchange 2010 ...................................................................................................................................... 19 Send Connectors ........................................................................................................................... 20 Mail Contact ................................................................................................................................... 26 Journal............................................................................................................................................ 33 Standard Journaling ....................................................................................................................... 33 Premium Journaling ....................................................................................................................... 35

Office 365 Exchange .............................................................................................................................. 39 Send Connector ............................................................................................................................. 40 Configure Journaling Rule ............................................................................................................. 50

Proofpoint Email Continuity Contacts and Calendar Synchronizer............................................................. 52


Pre-requisites for the Contacts Synchronizer ........................................................................................ 52 Request the Contacts Synchronizer Installer ................................................................................. 52 System Requirements .................................................................................................................... 53 Exchange Impersonation User ....................................................................................................... 53 Exchange 2010/2013 – Setting up the Impersonation User .......................................................... 53 Office 365 – Setting up the Impersonation User ............................................................................ 53

Running the Synchronizer Installer ........................................................................................................ 55 Configuring Exchange 2010/2013 ......................................................................................................... 56 Configuring Office 365 ........................................................................................................................... 57 Starting the Synchronizer Service ......................................................................................................... 59 Contacts and Calendar Synchronizer Service Features ........................................................................ 60 Contacts and Calendar Synchronizer Service Operation Options ........................................................ 61

Synchronization .............................................................................................................................. 61 Credentials ..................................................................................................................................... 61 Logs................................................................................................................................................ 61 Un-installing the Service ................................................................................................................ 61

Appendix A – Configuring Exchange for Sent Messages ........................................................................... 62 PowerShell Script ................................................................................................................................... 62

Example ......................................................................................................................................... 62 Limitations to the PowerShell Script .............................................................................................. 63

Appendix B – Adding a Footer on Sent Messages ..................................................................................... 63 Adding the Footer to All Sent Messages ............................................................................................... 63 Creating Footers for Specific Groups .................................................................................................... 65 Limiting the Footer to Mail Sent Externally ............................................................................................ 66 Limiting the Footer to Mail Sent Internally ............................................................................................. 66

How Email Continuity Works

This section describes how the Email Continuity feature works.

External Emails

For external inbound emails, Proofpoint Enterprise Protection scans each message directed towards your primary email solution for viruses and spam. After scanning, a copy of each message is compressed, encrypted, and transmitted to the Proofpoint Email Continuity service. The administrator does not need to set up or configure anything.

For external outbound emails, in order for the sender to store a copy of their email in Continuity, Proofpoint requires Exchange journaling rules to be configured as described below.

Internal Emails

For internal emails, Proofpoint requires journaling rules to be configured on your Organization’s Exchange Servers so that a copy of the journal emails can be sent to Proofpoint Continuity. Steps to configure journaling rules are provided in this document for Exchange 2013, 2010, and Office 365 Exchange, respectively. Exchange servers allow multiple journal rules to be configured, in case you already have journal rules for other solutions.


Contact and Calendar Synchronization Service

Microsoft Exchange and Office 365 contacts and appointments can also be synchronized to Email Continuity so that users have access to their personal contact lists and calendar from within the Email Continuity Webmail portal. Instructions for setting this up are in the section “Proofpoint Email Continuity Contacts and Calendar Sync.”

See the Email Continuity User’s Guide for details on how contact and calendar synchronization is used in the Email Continuity portal. Here are the article numbers for the User’s Guide:

Proofpoint Knowledgebase – article number 3308.

Proofpoint Customer Success Center – article number 2641.

The Global Contacts list for your Organization is already available once a synchronization to the Proofpoint Cloud is completed.

Additional Documentation

Users authenticate with either their Proofpoint IdP credentials or your Organization's supported SAML 2.0 Identity Provider (IdP). The Proofpoint IdP is enabled by default and does not require further configuration. For information about setting up SAML 2.0 for Federated Authentication for Proofpoint Cloud Services, refer to these articles:

Proofpoint Knowledgebase – article number 3588

Proofpoint Customer Success Center – article number 2525

For information about setting up Email Continuity from the Proofpoint Protection server management interface, look for the PoD Admin Guide that applies to the release you are currently running.


Proofpoint Customer Success Center – on the Knowledge tab, enter PoD into the Search field.

You will need your credentials to access the Proofpoint Customer Success Center and Proofpoint Knowledgebase.

About Administrators

The podadmin role (PoD administrator) has access to the User Management > Settings > Cloud page in the PoD management interface – this is the page where you enable or disable user synchronization to the Proofpoint Cloud Services, and can control which groups to include or exclude from synchronization.

To grant access to the Admin Center to administrators, follow these steps:

1. Log in to the PoD management interface and go to the System > User Management > Groups page.

2. Create a group named ContinuityAdmin. Save your changes. 3. Go to the User Management > Users page. 4. Click the name of the user (or administrator) on the page to edit his or her settings. Add the user

to the ContinuityAdmin group and save your changes. Repeat this step for all of the users to whom you want to grant access to the Admin Center.


5. Go back to the User Management > Users page and select Sync to Cloud from the Options menu.

6. After the next synchronization to the Proofpoint Cloud, users belonging to the ContinuityAdmin group will have access to the Continuity Admin Center.

The Admin Center provides access to the following administration tasks:

Control user access to the Email Continuity web portal, where users access Continuity Mail, Contacts, and Calendar.

Control the mail retention period.

Request an immediate synchronization with the Proofpoint Cloud Services by selecting the Sync Now button in the Admin Center.

Log in to the Email Continuity portal using your podadmin credentials at:

US-based Organizations: https://continuity.proofpoint.com

EU-based Organizations: https://continuity-eu.proofpoint.com

You will see the Admin Center link in the top-right corner of the portal.

Admin Center Interface

You can control the following Email Continuity features from the Admin Center:

Continuity Mail, Contacts, and Calendar Access – the administrator can enable and disable access to the Email Continuity portal. When disabled, members of the user community will receive the message “Sorry, your access to this service is currently disabled” when they try to log in at https://continuity.proofpoint.com (US Organizations) or https://continuity-eu.proofpoint.com

https://continuity.proofpoint.com/

https://continuity-eu.proofpoint.com/


(EU Organizations). However, mail for the user community is still being collected and will be available once the administrator enables the service. Administrators can still log in to Email Continuity, but they will only have access to the Admin Center page.

Mail Retention Period – the administrator can control how long email messages remain available in Email Continuity until they are automatically deleted. The options range from one to 30 days. Thirty days is the default setting. The option for zero days (no mail retention) is not available.

Domain/User Sync – the administrator can request an immediate synchronization for the domain and user data in the Proofpoint Cloud and Email Continuity services. This sync automatically runs for all customers after midnight Pacific Time. If you need to provision new users or update administrator access sooner, you can use the Sync Now feature. Once the request is made the sync will typically initiate and complete within a few minutes. You will see a “User sync request queued” message when you use this feature.

Be sure to save your changes if you make edits to the Admin Center page.

As the podadmin administrator, you can give other users access to the Admin Center. Any user who belongs to the group ContinuityAdmin and is synchronized to the Proofpoint Cloud will see the Admin Center tab when they log in to the Email Continuity portal.

To give other users access to the Admin Center:

1. Log in to the PoD management interface as the podadmin. 2. Go to the User Management > Groups page and create a new group named ContinuityAdmin.

Save your changes. 3. Go to the User Management > Users page. For each user to whom you want to give Admin

Center access, edit the entry, go to the Membership tab, and move ContinuityAdmin to the Member Of list. Save your changes.

4. On the User Management page, select Sync to Cloud from the Options menu.


Additional Email Continuity Administrators

As the podadmin, you may want to give another administrator access to the User Management > Settings > Cloud page. To do this, you must first create a Role that includes access to the User Management page and also the Email Continuity module.

To create an Email Continuity administrator:

1. Log in to the PoD management interface as the podadmin. 2. Go to the Administrator > Roles page. 3. Click Add, and then enter an ID and description for the new Role. For example, email_continuity

and Email Continuity admin. 4. Under Managed Modules, check the boxes for User Management and Email Continuity. Click

Add to save your changes. 5. Go to the Administrator > Administrators page and then click Add. 6. Fill in the fields for the new administrator. 7. Under Management, ensure that email_continuity is selected for Role. 8. Save your changes.

Any administrator with the email_continuity Role will be able to see the User Management > Settings > Cloud page when they log in to the PoD management interface.

If you need detailed instructions on how to use the PoD management interface refer to the PoD Admin Guide for the release your cluster is currently running.

Microsoft Exchange Server Setup for Email Continuity

The following sections contain instructions for setting up Microsoft Exchange servers to support Proofpoint Email Continuity.

Pre-requisites for Internal Email Setup

For internal emails, ensure that your firewall is configured to send journaling emails to the Proofpoint Continuity service IP addresses 67.231.152.162 (US) and 62.209.51.248 (EU) at port 25. Proofpoint uses Mandatory TLS for communication between your Organization’s journaling and the continuity.proofpoint.com (US) or continuity-eu.proofpoint.com (EU) email domains.

For instructions on how to configure the Proofpoint Protection Server for Email Continuity, refer to the “Email Continuity” chapter in the Proofpoint Administration Guide for Proofpoint on Demand (PoD).

Exchange 2013

Use the Exchange Admin Center web interface for management tasks.

To access the web interface, enter this URL into a browser:

https://<your_exchange_server>/ecp.


Send Connector

Set up the journaling recipient to an external domain by first setting up a send connector for it.

1. Log in to the admin center. 2. Click mail flow. 3. Click send connectors.

4. Click + to create a new connector. 5. Enter a name for the send connector. 6. Select the Partner choice for Type, since a SSL/TLS connection is required for the journaling

report.


7. Click next. 8. Click next to continue.

Click the + icon to add the domain for Email Continuity.


1. Leave SMTP in the Type field.

2. In the Full Qualified Domain Name (FDQN) field enter:

US-based Organizations: continuity.proofpoint.com

EU-based Organizations: continuity-eu.proofpoint.com

3. Leave the default value in the Cost field.


4. Click save and verify the domain address has been added.

Click the + icon to add a source server.


Select a server in the top server list and then click the add -> button, then click ok.

Verify the server is added.

Click the finish button.


The send connector is created.

Mail Contact

This step is optional if you use premium journaling.

Click recipients, then contacts.


Enter values into the Display name, Name, Alias, and External email address fields. The External email address value should be the Continuity journaling report recipient. If your Organization has multiple domains, enter the primary domain:

US-based Organizations: <your_domain>@continuity.proofpoint.com

EU-based Organizations: <your_domain>@continuity-eu.proofpoint.com

Save the contact when you are done.


Journal

The next sections illustrate how to configure standard journaling and premium journaling.

Standard Journaling

Select servers, then databases.


In the next window, click maintenance.

In the Journal recipient option, click browse and select the mail contact you created for the journaling report.

Click save to finish the setup.


Premium Journaling

Click compliance management, then journal rules to create a journaling rule.


Configure the new journal rule:

1. Enter a name for the rule into the Name field. 2. Select [Apply to all messages] for If the message is sent to or received from… 3. For Email Continuity support, select All messages. 4. Enter the recipient for the journaling report into the For Send journal reports to field. 5. Save your changes when you are done.

Click save in the new journal rule page.


The new Continuity Journaling Rule:


Exchange 2010

To configure an Exchange 2010 server for an Email Continuity journaling rule, you need to access the Exchange Management Console.

1. Log in to the Exchange server with your admin credentials. 2. Click Start > All Programs > Microsoft Exchange 2010 > Exchange Management Console.


3. When you run the management console you will see an interface similar to this:

Send Connectors

In the Exchange Management Console, navigate to Microsoft Exchange On-premises > Organization Configuration > Hub Transport and click the Send Connectors tab.


Right-click and select New Send Connector

1. Enter a name for the connector – for example, “Continuity Journaling Connector.” 2. Select Partner from the list since Continuity requires an SSL/TLS connection for the journaling

report. (For example, route the report to a trusted 3rd

party server.)

1. Click the + Add icon to add a new address space. 2. In the SMTP Address Space pop-up, enter the email domain of the Proofpoint Continuity

journaling processor where the external email messages should be sent:




3. Click Ok, and then click Next. 4. Click Next on the Network settings page.


5. Click Next on the Source Server page.

6. Click New on the New Connector page.


7. Click Finish on the Completion page.


The new send connector is created for Continuity.


Mail Contact

Create a new email contact to send the journaling report to an external SMTP server.

1. In the Exchange Management Console, navigate to Recipient Configuration > Mail Contact. 2. Right-click and select New Mail Contact.

3. Select New contact and click Next.


4. Specify a name and an alias for the journal recipient. 5. Click Edit and specify the external SMTP address for the journal recipient. This must be an

SMTP address that points to the Proofpoint Continuity server. The email address local-part should be your Organization’s domain. If your Organization has multiple domains, use the primary domain.

US-based Organizations: <your_domain>@continuity.proofpoint.com

EU-based Organizations: <your_domain>@continuity-eu.proofpoint.com


6. Click Next to continue. 7. Click New to create the New Mail Contact.


8. Click Finish for Completion.


9. Right-click the Mail Contact that you just created and select Properties.


10. On the General tab, change Use MAPI rich text format to Never. 11. Select Hide from Exchange address lists. This step ensures that no Outlook user can select

the contact from the Address book and send messages to the journal address. 12. Click OK when you are done.


Journal

This section contains instructions to configure standard and premium journaling.

Standard Journaling

In the Exchange Management Console, navigate to Microsoft Exchange On-Premises > Organization Configuration > Mailbox and then select the Database Management tab.


Right-click the mailbox database for which you want to set up standard journaling and select Properties, and then select the Maintenance tab.

Select Journal Recipient and then Browse to the mail contact you created. Click OK to finish the setup.


Premium Journaling

In the Exchange Management Console, navigate to Microsoft Exchange On-Premises > Organization Configuration > Hub Transport and click the Journal Rule tab.

Select New Journal Rule.


Configure the settings on the New Journal Rule page:

Rule name – enter Continuity Journaling Rule.

Send Journal reports to e-mail address – click Browse and select to the mail contact you created. Journaling reports will be sent to that recipient.

Scope – premium journaling requires an Enterprise Client Access License. Select Global – all messages for Continuity.

Journal messages for recipient – clear this check box for Continuity.

Enable Rule – select the check box to enable the rule.

Click New when you are done.


Click Finish to create the journal rule.


The Hub Transport page will look similar to this:


Office 365 Exchange

Login your Office 365 account from https://login.microsoftonline.com/.

In your admin console, click Exchange in left navigation bar.

The Exchange admin center is opened in a new tab.

https://login.microsoftonline.com/


Send Connector

Since Proofpoint only supports secure SSL/TLS connection for continuity journaling report, you need to

create a send connector.

Click mail flow, then click connectors, and then click the + icon to add a connector.


1. Select Office 365 in the From drop-down menu. 2. Select Partner organization in the To drop-down menu. 3. Click Next.

On the New Connector page, enter the connection name and description. Verify that the Turn it on checkbox is checked and click Next.


Choose Only when email messages are sent to these domains, then click the + button to add the Proofpoint Continuity journaling processor email domain:



Then click Next.


Select Use the MX record associated with the partner's domain. This is required to send messages to

the MX record destination for the targeted recipients. Click Next to go to the next page.


Check Always use Transport Layer Security (TLS) to secure the connection (recommended). TLS is a security protocol that encrypts and delivers email messages securely so that no one except the sender and recipient can access or tamper with the message. Select this option so that messages will be rejected if the TLS connection is not successful.

Select Issued by a trusted certificate authority (CA).

Click Next.


Click Next on the New connector page to confirm your settings.


Click the + button and enter your journaling email address.

Click the Validate button to validate the connector.

Office 365 will send a test mail to verify the email address.


The validation will fail, since the journaling report mail server only accepts messages in Exchange journaling format. The test mail Office 365 sends for validation is not in this format, so the failure message is the expected behavior.

Click the Pencil icon to view the validation details. In a future release a 550 error will prevent the MTAs from re-attempting delivery of invalid journal reports.

Click Save to save the new connector (ignore the connection validation failed message).


The Exchange admin center page displays the new connector.


Configure Journaling Rule

Click compliance management > journal rules on the Exchange admin center page.

If you have not set up any journal rules before, the first step is to set up an email address to receive undeliverable journal reports. Click the Select address link to display the non-delivery reports pop-up.

Click Browse, select a recipient, and click the Save button.

We can now create a new journal rule by clicking the + button.


A new wizard window pops up. Configure the following parameters:

1. Send journal reports to: This field specifies the target recipient of the journaling report. Enter your journaling recipient here.

2. Name: Enter a name for the journaling rule. 3. If the message is sent to or received from...: this option allows you to limit the journal rule to

specified users or groups. For Email Continuity, this option should be Apply to all messages. 4. Journal the following messages: for Email Continuity, select All messages.


Click Save to create the journaling rule. The Exchange admin center page will look similar to this:

Proofpoint Email Continuity Contacts and Calendar Synchronizer

Microsoft Exchange and Office 365 (O365) personal contacts and calendars can be synchronized to the Proofpoint Email Continuity service via the Exchange Web Service (EWS) and Email Continuity WebDAV APIs. The Email Continuity Synchronizer runs as a Windows service using an Exchange impersonation user. Users have access to their contacts list and appointments from within the Email Continuity Webmail portal – however, they are read-only – users cannot add, delete, or modify contacts or appointments while in the Email Continuity Webmail portal.

Pre-requisites for the Contacts Synchronizer

This section describes the pre-requisites and system requirements for the Contacts Synchronizer.

Request the Contacts Synchronizer Installer

Request the Email Continuity Synchronizer installer from Proofpoint by opening a CTS ticket. Please include if you want personal contacts synced, calendars synced, or both. The installer will include custom


configuration files for your specific service, including a one-time password for the Proofpoint Email Continuity WebDAV integration. Once installed, the sync service runs every 24 hours.

System Requirements

To run the Proofpoint Email Continuity Sync Service, you will need the following hardware and software:

Exchange 2010/2013 or O365

Windows Server 2008/2008 R2/2012/2012 R2

1 GHz x64 CPU

1 GB of RAM free

4 GB HD available

Microsoft.NET framework 4.5+

Exchange Impersonation User

An Exchange impersonation user is required to run the Email Continuity sync service. The Email Continuity sync client must run as this impersonation user.

Exchange 2010/2013 – Setting up the Impersonation User

1. Log onto the Windows server as an Administrator of the Organization Management group. 2. In the Exchange Management Shell, run the following command:

>New-ManagementRoleAssignment -Role:ApplicationImpersonation -Name:exchangeImpersonator -User:continuitySyncUser

Where continuitySyncUser is the account selected which will run the sync service.

Office 365 – Setting up the Impersonation User

1. Log into the O365 Admin Center.


2. In the left navigation pane, click Exchange under ADMIN to open the Exchange admin center page.

3. In the left navigation pane, click permissions and then click admin roles at the top. 4. Click the + at the top to add a new role. 5. After entering the Name and Description, click the + under Roles and select

ApplicationImpersonation in the list.

6. Click the + in the Members section and add the account which will have the Impersonation role to run the sync service and then click Save.


Running the Synchronizer Installer

The installation steps are identical for on-premise Exchange 2010/2013 and O365.

1. Log on as a local Administrator on the Windows server where the Continuity Sync Service will run. If you are using Exchange on-premise, the sync client must be installed and run on a server within the Exchange Windows domain.

2. Add the impersonation user that will run the sync service as a member of the local Administrators group.


3. Copy the provided ProofpointContinuitySync.zip package to the server and extract the

files.

4. Double-click the ProofpointContinuitySync.msi file and start the installation steps.

5. Click Run in the Open File - Security Warning dialog box if it appears. 6. Enter the path to the folder for the sync client:

7. Click Yes in the User Account Control dialog box if it appears. 8. When the Set Service Login dialog box appears, enter the credentials for the impersonation user

that will run the sync service:

Where user is the impersonation account preceded by the Windows domain.

9. Complete the remaining installation steps.

Configuring Exchange 2010/2013

1. Log on as a local Administrator on the Windows server where the Synchronizer service will run. 2. Click the Windows Start Menu and select All Programs > Proofpoint > Sync >

SyncConfigTool to open the Email Continuity Sync Configuration Tool. 3. Select Exchange Server On-Premises and then click Next:


4. Specify the URL for your on-premise Exchange Web Services (EWS) API:

Typically the EWS path is at https://<EXCHANGE_URL>/ews/exchange.asmx. If you do not know the location of your Exchange server, you can try using auto-discovery to find the EWS API when running the sync service.

Configuring Office 365

1. Log on as the impersonation user on the Windows server where the Continuity Sync Service will run.

2. Click the Windows Start Menu and then select All Programs > Proofpoint > Sync > SyncConfigTool to run the Continuity Sync Configuration Tool.

3. Select Exchange Server Online (Office 365) and then click Next:


4. Specify the URL for your O365 Exchange Web Services (EWS) API:

Typically the EWS path for O365 is https://outlook.office365.com/ews/exchange.asmx.

5. Enter the credentials for your impersonation account. The user is specified as an email address.


All credentials stored locally during the installation process are encrypted using the Windows Data Protection API (DPAPI).

Starting the Synchronizer Service

1. Open the Windows Services console. 2. Find the Proofpoint Continuity Sync Service and then click Start.

3. You can configure the service properties to automatically start when the server reboots by selecting Automatic from the Startup type menu.


4. If you want to restart the Synchronizer Service, you may need to go to the Windows Task

Manager and stop the SyncService.exe process first.

Contacts and Calendar Synchronizer Service Features

The Proofpoint Synchronizer Service automatically syncs contacts and calendars once every 24 hours. For contacts, only personal contact items (VCards) within the top-level Exchange/O365 folders of type Contact are included in the sync of each Exchange account. For calendars, only the appointment items in the Exchange/O365 Calendar folder at the Top of Information Store are included in the sync of each Exchange account.

For contacts, their folders and contents are read-only in the Continuity Webmail portal under the Contacts section.

Contacts are searchable in the Webmail portal under each contact folder and the All Contacts folder, which includes all the user’s personal contacts as well as all other synchronized users within the same organization.

See the Email Continuity User’s Guide for details on how the calendar and contacts appear to users in the Email Continuity portal after synchronization.


Proofpoint Customer Success Center – article number 2641.


Contacts and Calendar Synchronizer Service Operation Options

This section describes various options available to the administrator.

Synchronization

The Proofpoint Synchronizer Service automatically synchronizes contacts and calendar appointments once every 24 hours. The process starts with a full synchronization and then synchronizes incremental changes since the full synchronization. If the contact or calendar data becomes out-of-sync, administrators can request a data reset on the Email Continuity server by contacting Proofpoint via a support ticket. This process will initiate a full sync on the next run to reset all data. Administrators can also request if they wish to only sync contacts or only calendars via a support ticket.

Credentials

Administrators can request that credentials shared between the Email Continuity synchronization client and the WebDAV API be reset by issuing a CTS ticket. Proofpoint will provide a new one-time password (OTP) file via secure communication. The default location for the password is:

C:\Program Files\Proofpoint\Continuity\Sync\continuityWebDAV.config

Once the sync service is restarted, the new Email Continuity WebDAV password will be securely shared and stored on the Windows sync server using the Data Protection API (DPAPI).

Logs

The default location for the Continuity Synchronizer Service logs is:

C:\Users\impersonationUser\AppData\Roaming\Proofpoint\Continuity\log

Where impersonationUser is the account under which the sync service is running.

Un-installing the Service

To uninstall the service open the Run command prompt window from the Start menu or by pressing the

Windows Logo and R keys together (Win+R). At the Run prompt type appwiz.cpl and click Enter to

open the Programs and Features window. In the list of programs, right-click the Proofpoint Continuity Sync Service and select Uninstall.


Appendix A – Configuring Exchange for Sent Messages

This appendix covers examples for how to configure your Exchange servers to place messages sent by Email Continuity in user’s Sent folder when the Exchange servers are back online.

PowerShell Script

The following script places the Email Continuity Sent messages in user’s Sent folders when the Exchange server is back online. You can run the script periodically to provision the rule for new users, since it will skip mailboxes that already have the rule configured.

You should save the commands in the example below as a PowerShell script file (for example, continuityRule.ps1) and run it as an administrator who has full access rights to all of the mailboxes.

To add full access rights to an administrator, run the following command in the PowerShell window –

replace <AccountName> with the account name for the administrator:

Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User <AccountName>

-AccessRights fullaccess

Example

$mailboxes=Get-Mailbox -ResultSize unlimited $curUserName=(Get-PSSession | Select-Object -first 1).Runspace.OriginalConnectionInfo.Credential.UserName if (!$curUserName) { $curUserName=[System.Security.Principal.WindowsIdentity]::GetCurrent().Name } $mailboxes | foreach { $inboxRules = Get-InboxRule -Mailbox $_.Identity $found = 0 $inboxRules | foreach { if (("continuity" -eq $_.Name) -and ` ("X-Proofpoint-Continuity: sent" -eq $_.HeaderContainsWords)) { $found = 1 } } if (!$found) { $sentFolder = Get-MailboxFolderStatistics -Identity $_.Identity -

FolderScope SentItems | Select-Object -first 1 if ($sentFolder) { New-InboxRule -Mailbox $_.Identity -Name Continuity -

HeaderContainsWords "X-Proofpoint-Continuity: sent" -MoveToFolder "$($_.Identity):$($sentFolder.FolderId.ToString())" -StopProcessingRules $true -Confirm:$False -force } else { echo "Sent folder not found, skip user $($_.Name)" } } }


On-premise Exchange Server – run the script under an Exchange Management Shell window.

Office 365 – refer to the following document to connect to Exchange Online PowerShell, and then run the script in a PowerShell window:

https://technet.microsoft.com/library/jj984289(v=exchg.160.aspx

Limitations to the PowerShell Script

The script has the following limitations:

If a recently-created user has not yet logged in to their Exchange account, the Sent folder will not have been provisioned yet, so the rule for the new user will not be created when you run the script.

New users added after you run the script will not have their rules automatically created. You must run the PowerShell script again to create the rules for new users.

Appendix B – Adding a Footer on Sent Messages

This appendix provides instructions on how to add a footer to messages sent from the Email Continuity web portal using the Proofpoint on Demand (PoD) Email Firewall Rules. You must have the podadmin role (PoD administrator) to configure the footer.

Please note the footer will not appear in the sender’s saved copy of the message in the Continuity web portal Sent folder, nor will it appear in the Bcc copy the Continuity server sends to the sender’s Exchange mailbox. It will only be appended to the copies of the message the recipients receive.

Adding the Footer to All Sent Messages

To add the footer to all sent messages (internal + external), please follow these steps:

1. Log in to the PoD management interface and go to the Email Protection > Email Firewall > Rules page.

2. Click Add Rule to configure a new rule. 3. Under Rule Settings, set Enable to On and enter a unique ID and Description. 4. Under Conditions, click Add Condition to display the configuration window. 5. Select Envelope Sender for the Condition, is in Domain Set for the Operator, and

default_inbound for the Domain Set as shown:

Then click the Add and New Condition button.

https://technet.microsoft.com/library/jj984289(v=exchg.160.aspx


6. In the new page, select And for Add Condition as, select Message Headers for Condition, select User Defined for the Header and enter X-Proofpoint-Continuity-Sent. Select Equals for the Operator, and enter true for the Value as shown:

7. Then click Add Condition to close the window. Your rule condition should appear as:

8. On the rule page, leave the Delivery Method as Continue, check Annotate message based on detected language, select Add message, and select Bottom of the message as the Annotate Location as shown:

9. In the Message text area, enter your footer message in either plain text or an HTML block. If you

choose to use HTML, include <body> tags around your block as shown above.

10. Click Add Rule at the top of the page to save and enable your rule.

Note that when sending mail from the Continuity web portal to yourself (including through distribution lists and alternate email addresses), there are two copies of the message sent to your Exchange mailbox: the sent message (with the footer), and the additional Bcc copy to the sender (no footer). Due to Exchange’s de-duping by the Message-ID, only the first copy received will be retained. In this case it may appear that the footer intermittently does not appear, but this is a result of the Bcc copy sometimes arriving first.


Creating Footers for Specific Groups

To create a footer that applies only to all mail sent from specific PoD User Management Groups, first follow the steps above for creating a new Email Firewall Rule to add a footer to all sent mail. Then follow these steps:

1. In the Email Firewall Rules list, click Edit Rule for the new rule you have just created. 2. Under Conditions, click Add Condition to open the configuration window. 3. In the new page, select And for Add condition as and select Envelope Sender Belongs to

Group from the Condition list. 4. Select Equals for the Operator.

5. Click Select Group to open the Select Groups window. Select the Groups to which you want to apply the rule from the Available Groups list and then click the arrow button to move them to the Selected Groups list.

Click Done to save your changes.

6. On the Add Condition page, your groups should be listed in the Groups field. Click Add Condition to save and return to the Rule page.

7. Your Rule will be updated with the new group condition as shown:


8. Click Save Changes at the top of the page to save the rule.

Limiting the Footer to Mail Sent Externally

Follow these steps to edit the Email Firewall rule if you only want to add the footer to Continuity messages sent to external users.

1. In the Email Firewall Rules list, click Edit Rule for the footer rule. 2. Under Conditions, check the Disable processing for selected policy routes check box. 3. Select default_inbound in the Available list and use the arrow button to move it to the Disable

For Any Of list.

4. Click Save Changes at the top of the page to save the rule. In the rules list the rule will display Deny: default_inbound in the Routes column.

Limiting the Footer to Mail Sent Internally

Follow these steps to edit the Email Firewall rule if you only want to add the footer to Continuity messages sent to internal users.

1. In the Email Firewall Rules list, click Edit Rule for the footer rule. 2. Under Conditions, check the Restrict processing to selected policy routes check box. 3. Select default_inbound in the Available list and use the arrow button to move it to the Require

Any Of list.

4. Click Save Changes at the top of the page to save the rule. In the rules list the rule will display Allow: default_inbound in the Routes column.

Download - Proofpoint Email Continuity Administrator’s Guidecreative.att.com/seg/support/enterprise/Continuity_Admin_Guide.pdf · “Email Continuity” chapter in the Proofpoint Administration

Top Related