smarsh archive journaling for ibm lotus domino setup... · smarsh archive journaling for ibm lotus...
TRANSCRIPT
Smarsh Archive Journaling for IBM Lotus Domino
Document Updated: July 9, 2014
Confidential | Copyright © 2014 Smarsh, Inc. All rights reserved.
Smarsh, Inc.
921 SW Washington Street, Suite 540
Portland, OR 97205
1-866-SMARSH-1 | www.smarsh.com
Smarsh Archive Journaling For IBM Lotus Domino
Overview
In order to capture all the necessary information needed by Smarsh Email Archiving an
additional database needs to be created on the Domino server that is used in conjunction
with the standard Domino mail journaling feature.
The standard Domino mail journaling is configured to send email to two destinations: one
goes directly to the Smarsh archiving email address that has been provided by Smarsh for
your organization, and a second gets sent to the Smarsh Archive Journaling database that
will reside on the Domino server. This database contains an agent processes the message
and forwards the additional information to Smarsh. Once the additional information is
received, Smarsh combines that with the record of the matching archived message.
The Domino administrator for your organization will use the template (SmarshArchive.ntf)
to create a Smarsh Archive Journaling database on one Domino server. The database’s
“About This Application” document details how the administrator needs to configure the
database and the standard Domino mail journaling feature. This configuration information
is also included in this document.
We will refer to the Domino server that contains the Smarsh Archive database as the
“Journaling Server”. In a multi-server environment, it will typically reside on only one
server. Optionally, in a very large or widely distributed environment it can be set up on
additional servers. For Domino mail servers to make use of Smarsh Archiving they will need
to have a Server Configuration document set to use mail journaling and a respective mail
rule enabled to forward messages to the Journaling Server.
(Documentation last updated July 9, 2014 for V1.2.20140709 )
Installation Steps: Summary
1. Create The Databases On The Journaling Server
2. Sign And Configure The Databases
a. Sign the both databases
b. Configure the Access Control Lists
c. Edit the Application Properties
3. Configure Domino Mail Journaling
a. Create a Mail-In Database document for the Smarsh Archive database
b. Create a group named "SmarshJournalGroup
c. Modify settings in the Server Configuration document
i. Enable Mail Journaling
ii. Create a new mail Rule in the Server Configuration document
iii. Modify MIME settings in the Server Configuration document
4. Configure Options: Monitoring, Notifications, Clean Up
1. Create The Databases On The Journaling Server
Use IBM Lotus Notes to create two new databases on the Domino server that is to be used
as the “Journaling Server”. First, copy the SmarshArchive.ntf and openlogSA.ntf templates
to the local Lotus Notes data folder.
a. Create the Smarsh Archive Journaling database Use the SmarshArchive.ntf template to create a new database in the data folder of your Domino server with the title “Smarsh Archive Journaling” and file name: “SmarshArchive.nsf”.
b. Create the Open Log Smarsh Archive database
Use the openlogSA.ntf template to create a new database in the data folder of your
Domino server with the title “Open Log Smarsh Archive” and file name: “openlogSA.nsf”.
* For more detailed instructions, see Appendix B Domino Administration Tips
2. Sign And Configure The Databases
a. Sign both databases with the Server ID (or a Notes ID with sufficient access to run agents on the server).
* For more detailed instructions, see Appendix B Domino Administration Tips
b. Configure the Access Control List (ACL) for both databases
Ensure that the organization’s admin group (e.g. LocalDomainAdmins) and the
Domino server have Manager rights to the database.
Set Anonymous, and all other users, servers, and groups to No Access.
Set -Default- to No Access in the Smarsh Archive Journaling.
Set -Default- to Depositor in the Open Log Smarsh Archive.
* For more detailed instructions, see Appendix B Domino Administration Tips
c. Edit the Application Properties in the Smarsh Archive Journaling database using
the button on the lower left.
Specify:
- The Smarsh Archive Email Address (provided to you by Smarsh) - The Domino Domain name of your organization (as specified in the Server
document) - The Internet Mail Domain used by email addresses in your organization
- (optional) The ID Tag and Domain to append to internal mailbox names for
identification in the Smarsh website. Ex. With the settings in the screen shot
below, a mailbox named “Tech Support” will be converted to
“[email protected]” in the trailer emails.
Enable the Processing Agent by clicking the ON/OFF button.
Note: Optionally, DEBUG mode can be enabled when directed to provide additional information for Smarsh for troubleshooting purposes. Generally, keep this set to “No”.
3. Configure Domino Mail Journaling
a. Create a Mail-In Database document for the Smarsh Archive database in the Domino
Directory with the following settings:
- Mail-in name: "SmarshArchiveDatabase"
- Internet message storage: Prefers Notes Rich Text
- Encrypt incoming mail: No
- Domain: <your Domino domain>
- Server: <the Domino server name which has SmarshArchive.nsf >
- File name: SmarshArchive.nsf
b. Create a group named "SmarshJournalGroup" in the Domino Directory.
Specify 2 members: SmarshArchiveDatabase and [email protected]
c. Modify settings in the Server Configuration document
IMPORTANT: Use the following steps to configure Mail Journaling in the
Server Configuration documents for each of the Domino mail servers that
will be using Smarsh Archiving.
i. Enable Mail Journaling
In the Domino Directory, enable the Mail Journaling feature in the Server
Configuration document for the Domino mail server, under Router/SMTP
>> Advanced... >> Journaling.
- Field Encryption Exclusion List:
Form; From; PostedDate; CopyTo; BlindCopyTo; SendTo
- Method : "Send to mail-in database"
- Mail Destination: SmarshJournalGroup
- Journal Recipients: Disable
ii. Create a new mail Rule in the Server Configuration document under Router/SMTP >> Restrictions and Controls >> Rules
IMPORTANT: To prevent creating a mail loop the rule must exclude the email address that is used to send to Smarsh Email Archiving.
Set up the rule with the following:
Condition: All Documents
Exception: To contains <[email protected]>
For example:
Note: Large organizations may have more than one Smarsh email address. Each Smarsh email
address should have a “To” Exception rule seperated by an “OR”.
iii. Modify MIME settings in the Server Configuration document, under Advanced >>
Advanced Outbound Message Options.
Add this field name to “Always send the following Notes items in headers”:
- Smarsh-Domino
iv. Modify MIME settings in the Server Configuration document, under Advanced >>
Advanced Inbound Message Options.
Set “If each recipient's address does not appear in any address header, then add their address
to the BCC list:” to “Yes”.
v. Modify MIME settings in the Server Configuration document, under Conversion
Options >> Outbound to increase the “Outbound line length” to 125.
Plus, set “Lookup Internet address for all7” to “Enabled”
4. Configure Additional Options
Monitoring
To ensure that the processJournalMessages agent is running, optionally, the Monitoring Agent can be
enabled. This works together with the “Open Log Smarsh Archive” (openlogSA.nsf) database to provide
notification to administrators if the email processing agent is not enabled or has not run for a
reasonable amount of time.
To turn on the Monitoring Agent, edit the application properties to use the ON/OFF button in the Agents
section.
This will create logs in the Open Log Smarsh Archive database if the Processing Agent is not enabled or
has not run in the past 30 minutes. To view any of the log reports, open one of the Events views.
Notifications
To enable notifications when alerts have been logged in the Open Log Smarsh Archive, go to the
Notifications \ Profiles section. Edit the General Errors profile to enable it and specify the email
recipient(s). Next click on the “Notification Agent” button to “Toggle Status” which will enable or
disable the agent which sends the notifications.
Clean Up
Since the Smarsh Archive Journaling database acts as a work queue for the agent, it will be
accumulating messages continuously. After running the agent for a sufficient amount of
time to verify that everything is working properly, the Domino Administrator will want to
turn on the Cleanup Agent which will delete processed messages daily at 1:00 AM.
To turn on the Cleanup Agent, edit the application properties to use the ON/OFF button in the Agents
section. Set “Delete messages after days” to the desired number of days worth of messages to
maintain. NOTE: Once enabled , the Cleanup Agent will completely delete any messages older than
this interval; and there is no way to un-delete them after the agent has run.
APPENDIX A – Additional Info
APPENDIX B – Domino Administration Tasks This appendix contains instructions on how to do common Domino administration tasks
needed to install and configure Smarsh Archive Journaling.
Note: In Notes / Domino Release 8, IBM began using the term “application” for what was
previously called a “database”. This documentation uses the two terms interchangably.
Creating a new database from a template
Using Lotus Notes, select File >> Application >> New…
Specify your server, the title, the file name, and the template. When using Server: Local for
the template server, it shows templates that are in the Lotus Notes data folder. If you do
not see the Smarsh Archive template in the list, make sure that you have copied it to the
Lotus Notes data folder (which by default would be c:\Program Files\IBM\Lotus\Notes\data).
We recommend using the file name “SmarshArchive.nsf” and storing it in the data folder.
Signing a database The design of a database can be signed using the Domino Administrator client by going to
the Files tab, right-clicking on the database, and selecting Sign… Here you can sign it with
either the active user’s ID or the server’s ID.
If the user’s ID is chosen, it must have sufficient rights to run agents on this server.