Smarsh Archive Journaling for IBM Lotus Domino

Document Updated: July 9, 2014

Confidential | Copyright © 2014 Smarsh, Inc. All rights reserved.

Smarsh, Inc.

921 SW Washington Street, Suite 540

Portland, OR 97205

1-866-SMARSH-1 | www.smarsh.com

Smarsh Archive Journaling For IBM Lotus Domino

Overview

In order to capture all the necessary information needed by Smarsh Email Archiving an

additional database needs to be created on the Domino server that is used in conjunction

with the standard Domino mail journaling feature.

The standard Domino mail journaling is configured to send email to two destinations: one

goes directly to the Smarsh archiving email address that has been provided by Smarsh for

your organization, and a second gets sent to the Smarsh Archive Journaling database that

will reside on the Domino server. This database contains an agent processes the message

and forwards the additional information to Smarsh. Once the additional information is

received, Smarsh combines that with the record of the matching archived message.

The Domino administrator for your organization will use the template (SmarshArchive.ntf)

to create a Smarsh Archive Journaling database on one Domino server. The database’s

“About This Application” document details how the administrator needs to configure the

database and the standard Domino mail journaling feature. This configuration information

is also included in this document.

We will refer to the Domino server that contains the Smarsh Archive database as the

“Journaling Server”. In a multi-server environment, it will typically reside on only one

server. Optionally, in a very large or widely distributed environment it can be set up on

additional servers. For Domino mail servers to make use of Smarsh Archiving they will need

to have a Server Configuration document set to use mail journaling and a respective mail

rule enabled to forward messages to the Journaling Server.

(Documentation last updated July 9, 2014 for V1.2.20140709 )

Installation Steps: Summary

1. Create The Databases On The Journaling Server

2. Sign And Configure The Databases

a. Sign the both databases

b. Configure the Access Control Lists

c. Edit the Application Properties

3. Configure Domino Mail Journaling

a. Create a Mail-In Database document for the Smarsh Archive database

b. Create a group named "SmarshJournalGroup

c. Modify settings in the Server Configuration document

i. Enable Mail Journaling

ii. Create a new mail Rule in the Server Configuration document

iii. Modify MIME settings in the Server Configuration document

4. Configure Options: Monitoring, Notifications, Clean Up

1. Create The Databases On The Journaling Server

Use IBM Lotus Notes to create two new databases on the Domino server that is to be used

as the “Journaling Server”. First, copy the SmarshArchive.ntf and openlogSA.ntf templates

to the local Lotus Notes data folder.

a. Create the Smarsh Archive Journaling database Use the SmarshArchive.ntf template to create a new database in the data folder of your Domino server with the title “Smarsh Archive Journaling” and file name: “SmarshArchive.nsf”.

b. Create the Open Log Smarsh Archive database

Use the openlogSA.ntf template to create a new database in the data folder of your

Domino server with the title “Open Log Smarsh Archive” and file name: “openlogSA.nsf”.

* For more detailed instructions, see Appendix B Domino Administration Tips

2. Sign And Configure The Databases

a. Sign both databases with the Server ID (or a Notes ID with sufficient access to run agents on the server).

* For more detailed instructions, see Appendix B Domino Administration Tips

b. Configure the Access Control List (ACL) for both databases

Ensure that the organization’s admin group (e.g. LocalDomainAdmins) and the

Domino server have Manager rights to the database.

Set Anonymous, and all other users, servers, and groups to No Access.

Set -Default- to No Access in the Smarsh Archive Journaling.

Set -Default- to Depositor in the Open Log Smarsh Archive.

* For more detailed instructions, see Appendix B Domino Administration Tips

c. Edit the Application Properties in the Smarsh Archive Journaling database using

the button on the lower left.

Specify:

- The Smarsh Archive Email Address (provided to you by Smarsh) - The Domino Domain name of your organization (as specified in the Server

document) - The Internet Mail Domain used by email addresses in your organization

- (optional) The ID Tag and Domain to append to internal mailbox names for

identification in the Smarsh website. Ex. With the settings in the screen shot

below, a mailbox named “Tech Support” will be converted to

“Tech_Support_internal@acme.com” in the trailer emails.

Enable the Processing Agent by clicking the ON/OFF button.

Note: Optionally, DEBUG mode can be enabled when directed to provide additional information for Smarsh for troubleshooting purposes. Generally, keep this set to “No”.

3. Configure Domino Mail Journaling

a. Create a Mail-In Database document for the Smarsh Archive database in the Domino

Directory with the following settings:

- Mail-in name: "SmarshArchiveDatabase"

- Internet message storage: Prefers Notes Rich Text

- Encrypt incoming mail: No

- Domain: <your Domino domain>

- Server: <the Domino server name which has SmarshArchive.nsf >

- File name: SmarshArchive.nsf

b. Create a group named "SmarshJournalGroup" in the Domino Directory.

Specify 2 members: SmarshArchiveDatabase and your_account@smarsh.com

c. Modify settings in the Server Configuration document

IMPORTANT: Use the following steps to configure Mail Journaling in the

Server Configuration documents for each of the Domino mail servers that

will be using Smarsh Archiving.

i. Enable Mail Journaling

In the Domino Directory, enable the Mail Journaling feature in the Server

Configuration document for the Domino mail server, under Router/SMTP

>> Advanced... >> Journaling.

- Field Encryption Exclusion List:

Form; From; PostedDate; CopyTo; BlindCopyTo; SendTo

- Method : "Send to mail-in database"

- Mail Destination: SmarshJournalGroup

- Journal Recipients: Disable

ii. Create a new mail Rule in the Server Configuration document under Router/SMTP >> Restrictions and Controls >> Rules

IMPORTANT: To prevent creating a mail loop the rule must exclude the email address that is used to send to Smarsh Email Archiving.

Set up the rule with the following:

Condition: All Documents

Exception: To contains <your_account@smarsh.com>

For example:

Note: Large organizations may have more than one Smarsh email address. Each Smarsh email

address should have a “To” Exception rule seperated by an “OR”.

iii. Modify MIME settings in the Server Configuration document, under Advanced >>

Advanced Outbound Message Options.

Add this field name to “Always send the following Notes items in headers”:

- Smarsh-Domino

iv. Modify MIME settings in the Server Configuration document, under Advanced >>

Advanced Inbound Message Options.

Set “If each recipient's address does not appear in any address header, then add their address

to the BCC list:” to “Yes”.

v. Modify MIME settings in the Server Configuration document, under Conversion

Options >> Outbound to increase the “Outbound line length” to 125.

Plus, set “Lookup Internet address for all7” to “Enabled”

4. Configure Additional Options

Monitoring

To ensure that the processJournalMessages agent is running, optionally, the Monitoring Agent can be

enabled. This works together with the “Open Log Smarsh Archive” (openlogSA.nsf) database to provide

notification to administrators if the email processing agent is not enabled or has not run for a

reasonable amount of time.

To turn on the Monitoring Agent, edit the application properties to use the ON/OFF button in the Agents

section.

This will create logs in the Open Log Smarsh Archive database if the Processing Agent is not enabled or

has not run in the past 30 minutes. To view any of the log reports, open one of the Events views.

Notifications

To enable notifications when alerts have been logged in the Open Log Smarsh Archive, go to the

Notifications \ Profiles section. Edit the General Errors profile to enable it and specify the email

recipient(s). Next click on the “Notification Agent” button to “Toggle Status” which will enable or

disable the agent which sends the notifications.

Clean Up

Since the Smarsh Archive Journaling database acts as a work queue for the agent, it will be

accumulating messages continuously. After running the agent for a sufficient amount of

time to verify that everything is working properly, the Domino Administrator will want to

turn on the Cleanup Agent which will delete processed messages daily at 1:00 AM.

To turn on the Cleanup Agent, edit the application properties to use the ON/OFF button in the Agents

section. Set “Delete messages after days” to the desired number of days worth of messages to

maintain. NOTE: Once enabled , the Cleanup Agent will completely delete any messages older than

this interval; and there is no way to un-delete them after the agent has run.

APPENDIX A – Additional Info

APPENDIX B – Domino Administration Tasks This appendix contains instructions on how to do common Domino administration tasks

needed to install and configure Smarsh Archive Journaling.

Note: In Notes / Domino Release 8, IBM began using the term “application” for what was

previously called a “database”. This documentation uses the two terms interchangably.

Creating a new database from a template

Using Lotus Notes, select File >> Application >> New…

Specify your server, the title, the file name, and the template. When using Server: Local for

the template server, it shows templates that are in the Lotus Notes data folder. If you do

not see the Smarsh Archive template in the list, make sure that you have copied it to the

Lotus Notes data folder (which by default would be c:\Program Files\IBM\Lotus\Notes\data).

We recommend using the file name “SmarshArchive.nsf” and storing it in the data folder.

Signing a database The design of a database can be signed using the Domino Administrator client by going to

the Files tab, right-clicking on the database, and selecting Sign… Here you can sign it with

either the active user’s ID or the server’s ID.

If the user’s ID is chosen, it must have sufficient rights to run agents on this server.