Administration Manual Securepoint Unified Mail Archive
Contents
1. Hash Algorithmus SHA256 Hash g ltig bis 2017 12 31T23 59 59 999 01 00 Archiv Zeitstempel Reihenfolge 1 Regel 1 3 6 1 4 1 12655 3 1 TSA 4 C DE O AuthentiDate International AG CN TSS AuthentiDate C036 1 PN Generalisierte 2011 12 20T12 55 09 800 01 00 Zeit Genauigkeit 100 Qualitat accredited Informationen zu Zertifikaten Betreff C DE O AuthentiDate International AG CN TSS AuthentiDate C036 1 PN Aussteller C DE O Bundesnetzagentur CN 12R CA 1 PN Typ X 509 gultig ab 2007 11 08T10 08 09 000 01 00 gultig bis 2012 10 18T14 00 00 000 02 002017 12 31T23 59 59 999 01 00 Signatur SHA2Z56WITHRSA Algorithmus Serial Nummer 463 Schlussel RSA Algorithmus Schl ssel Lange 2048 Schl ssel g ltig 2017 12 31T23 59 59 999 01 00 bis DataObject Order Attachment MetaData 2011_11_01_SDS_01_signed pdf Signatur Informationen Zertifikat SubjektDN SERIALNUMBER 2 CN Rohstock Olaf JAQrg C DE Zertifikat SubjektDN CN TeleSec PKS SigG CA 18 PN O Deutsche Telekom AG C DE Zertifikat SubjektDN CN 12R CA 1 PN O Bundesnetzagentur C DE Widerruf Wert Stand valid Gultigkeitszeit 2011 12 20T12 54 07 000 01 00 Widerruf Wert Stand valid Gultigkeitszeit 2011 12 20T12 54 07 000 01 00 Widerruf Wert Stand valid Gultigkeitszeit 2011 12 20T09 32 58 000 01 00 DataObject Order Body1 MetaData body SchlieBen fig 55 an inspection rport in german language The2. No TLS connection is required for the client to authenticate to the server Secure logon A TLS connection is required for the client to authenticate to the server X 509 certificate name WIN DSQSBNHDI52 fig 57 change logon method Open the Exchange Management Console Select the item Client Access from the left tree structure Server Configuration Inthe bottom window in the middle show the entries IMAP4 and POPS Click right on IMAP4 and select the context menu point Properties Switch to the tab Authentication and select the first entry Plain Text Logon Basic Authentication Securepoint 57 Security Solutions A e SECURITY SOLUTIONS Unified Mail Archive 11 2 Change the Start Type of the Service The service must be restarted for the change of the authentication method takes effect Furthermore the service should start automatically RK Server Manager T Fie Action View Help 2 E83 BA gt au pb ee E Si Roles ef Features LL Services des Diagnostics af Configuration Microsoft Exchange IMAP4 Name iption _ Status Startup T Task Scheduler Microsoft NET Framework NGE Microsoft Started Automatic D Windows Firewall with Adve Start the service x Microsoft NET Framework NGE Microsoft Manual a More Actions GA Services Microsoft Exchange Active Direc Provides A Started Automatic ij WMI Control Description
3. SECURITY SOLUTIONS Re SECURITY SOLUTIONS Administration Manual Securepoint Unified Mail Archive Securepoint Unified Mail Archive Release 1 0 0 0 Securepoint GmbH L neburg Security Solutions SECUREPOINT SECURITY SOLUTIONS Unified Mail Archive Revision Notification 1 1 01 07 2012 6 5 update to UMA version 1 0 3 10 and addition 11 dp D Securepoint D Security Solutions SECURITY SOLUTIONS Unified Mail Archive Content 1 Idee ee MT 6 2 Positioning of the UMA in the Internal Network nennen 7 2 1 Sie eet HUB e Le RE 7 2 2 Scenario Transparent Mode nenne 8 2 3 Scenario Forward Modes 9 3 PETTE Oer O EE 10 3 1 Customize the ele 10 4 COnnect Ihe E E ei elle anne een nenn nee herunter 11 4 1 ICC GOMIMC CUO actrees deeb acct a e a a a lea aettipetannsieadcadetoetana 11 4 2 Connection Over the Network s nnssnnssnnnsnnnsurnsernnnrrnnnrrnrrrrnrrnnrnerrrsnrrnnersnrene 12 5 Ee E 15 6 Lead TAB SOLO ea a er 16 6 1 Tab e Ee 16 6 1 1 Network Address Geitmgs nenn enennn nenn nenne nenne nenne nenne nnnnnenn 16 6 1 2 Local Name Settings unse seen 17 6 1 3 Nameserver Settings s uuesssneenennenennnnnennonennnnnnnnonennennnnn nenne nenne nnnnnenenne nennen 17 6 1 4 TION Ende Le 18 6 2 Ee Ee 19 6 3 Ee RN WE 20 6 3 1 Remote Mail Server Settings nenn nenne nenne nnenne nenne nennen 20 6 3 2 Remote Smarthost Settings nenne nnnnn nenne nenne nnenne nenne nnnnnenn 21 6 3 3 Re
4. Extra Folder Sent 10 10 m m e ser 13 02 2012 16 21 28 10 02 2012 11 28 43 09 02 2012 12 22 48 serrera 09 02 2012 08 07 04 a 09 02 2012 08 07 04 09 02 2012 08 00 02 a 09 02 2012 08 00 02 08 02 2012 13 52 00 08 02 2012 11 57 36 SS 08 02 2012 11 57 36 SS 08 02 2012 09 46 42 06 02 2012 17 48 27 AS nme 30 01 2012 12 12 51 TT 30 01 2012 12 02 31 n 30 01 2012 10 38 40 Ltpes u 23 01 2012 09 53 19 TTT 20 01 2012 09 59 49 RE 17 01 2012 10 03 40 17 01 2012 09 51 39 SR 17 01 2012 09 32 43 09 01 2012 09 24 08 NEE 09 01 2012 09 17 02 RE e EE 09 01 2012 08 15 30 mE 06 01 2012 16 47 59 Showing 1 to 24 of 24 entries ERE REE BB BBBBBBEBBSBBEBBEBBBE BT gt long term archive folder list selected e mails quick search fig 45 sections and functions of the UMA e mail client Securepoint 45 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 8 3 Folder List Emails Folder Long Term Archive Folder LTAIG 7IT i LIA10 0 a LTW30 0 L forever 0 Extra Folder fig 46 folder list on the left side On the left side the folders Inbox Log Term Archives LTA and Sent are listed The Inbox contains all e mails which are received by the owner of this account The send folder contains all sent e mails The LTA folders include the copies of the e mails which are classified for archiving by the global filter rules The global filter rules are de
5. Microsoft Exchange Anti spam U The Micros Started Automatic EN Pa Storage Provides Internet Message Access Microsoft Exchange EdgeSync The Micros Started Automatic Protocol IMAPA Services to dent If Microsoft Exchange File Distribu MicrosoftE Started Automatic this service is stopped clients are unable Microsoft Exchange IMAP4 Manual to connect to this computer using the zur e Microsoft Exchange Information Automatic IMAP4 protocol i Microsoft Exchange Mail Submis 220 Automatic Microsoft Exchange Mailbox Assi Microsoft Exchange Monitoring RESUME Manual Microsoft Exchange POP3 Pastal t Manual Microsoft Exchange Replication al Tasks 5 Automatic Microsoft Exchange Search Inde z Automatic Microsoft Exchange Server Exte Refresh Manual Microsoft Exchange Service Host Properties z Automatic Microsoft Exchange System Att 2 Automatic Microsoft Exchange Transport Help Automatic Microsoft Exchange TransportL Provides re Automatic Microsoft Fibre Channel Platfor Registers t Manual Microsoft iSCSI Initiator Service Manages I Manual Microsoft Search Exchange Quickly cre Manual Microsoft Software Shadow Cop Manages s Manual Multimedia Class Scheduler Enables rel Manual Net Tcp Port Sharing Service Provides a Disabled Netlogon Maintains a Automatic Network Access Protection Agent The Netwo Manual Network Co
6. com fig 37 rule table To set up a filter condition you have to enter a name for this rule first Than you select the match conditions and the archive the matching e mails should be copied to Match of conditions all rules match one rule matches no rule matches Following sections could be searched e mail header e mail body address body In dependency on the sections different conditions can be selected Section Condition 1 Condition 2 e mail header subject date contains matches is e mail body raw content text contains matches is address to trom carbon copy CO size greater than less than K M G kilobyte megabyte gigabyte Securepoint 39 Security Solutions SECURITY SOLUTIONS Unified Mail Archive Note Settings made on the tab Mail Archive Rules are global and have effect on all mailboxes Furthermore the user can set filter which copy desired e mails into archive folders with longer archive time see chapter 8 4 The global rule set is super ordinate 7 6 Tab Backup You can back up the whole system weather on network storage or onto an external medium Both backup possibilities are combinable The network storage has to be defined in the menu Setup on the tab Archive Storage External storage medium have to be connected to the appliance by USB port External hard disk drives and flash devices are supported These external devices hav
7. in the middle window with the title This connection uses the following items Click the button properties below this window Click the button Advanced in the new dialog Anew window appears Switch to the tab IP Settings Click on Add at the area IP addresses The mask TCP IP Address appears Enter an IP from the subnet 192 168 175 0 into the field IP address for example 192 168 175 11 When you switch to the field subnet mask this will be filled with 255 255 255 0 You can keep this Click on Add Close the other dialogs with OK Securepoint 56 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 11 Create a HUB E mail Account on a MS Exchange Server The following shows briefly how to create a HUB account on a Microsoft Exchange Server This article offers just a short overview For further information read the MS Exchange docu mentation The screenshots are made from a Microsoft Server 2008 R2 with service package 1 11 1 Define Authentication Method of the IMAP Server The Plain Text Logon without TLS connection must be activated for logon The Secure Logon is set by default IMAPA Properties Logon Method Specify the security settings to use for incoming connections e Plain text logon Basic authentication No TLS connection is required for the client to authenticate to the server Plain text authentication logon Integrated Windows authentication
8. 63 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive A summary of the properties of the new account is shown b Si New Mailbox Introduction New Mailbox Pl User Type When you click New the following mailbox will be created Fl User Information Pl Mailbox Settings DI New Mailbox Configuration Summary je UMA Journal Mailbox type User Mailbox Completion Organizational unit foo example de Users First name UMA Last name Joumal User name UMA Joumal User logon name User Principal Name joumal foo example de User logon name pre Windows 2000 joumal User doesnt need to change password at next logon Alias joumal Server WIN DSQSBNHDI52 Storage Group First Storage Group Mailbox Database Mailbox Database Select Ctr C to copy the contents of this page lt Back New Cancel fig 65 summary Check all selected item and approve the creating of the account by clicking New The wizard shows the result of the creation a New Mailbox Introduction Completion P User Type The wizard completed successfully Click Finish to close this wizard Elapsed time 00 00 02 Summary 1 item s 1 succeeded 0 failed e UMA Journal User Information Mailbox Settings Fl New Mailbox Exchange Management Shell command completed Pl Completion New Mailbox Name UMA Joumal Alias joumal Organizational Unit foo example de Users UserPrincipalName joumal foo example d
9. Click on Import Securepoint 26 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 6 5 3 Account Selection lf you do not want to archive all e mail accounts which are managed by the Active Directory you can select several e mail accounts To use this function you have to be logged in to an Active Directory SELECT ACCOUNTS TO STORE x enable manual select search private search public private folders i public folders Administrator 1 m anagement anette Fertigung arne Vertneb carmen Support fritz Entwicklung horst Fax Administration Technik fig 23 select e mail accounts Activate the checkbox enable manual select in the area Select Accounts To Store Two lists with the available e mail accounts and two search fields appear The left list shows the user e mail accounts The right one shows mailing lists You select desired accounts by activate the checkbox ahead of the account The selection will be work immediately An entry into the search fields limits the shown accounts This takes affect by typing only one character Securepoint 27 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 6 5 4 LDAP Search Settings The automatic selection of the e mail accounts from the Active Directory can be limit to a defined area For this use the LDA Search Settings LDAP SEARCH SETTINGS Base fig 24 set start point of searc
10. GODY E EE 49 8 7 Display an EE 50 8 7 1 Navigation in Displayed E Mailen 51 8 8 IIS DECOR Ge e 52 9 AUGO ee 53 9 1 Beeler e 54 10 Change the IP Address in Windows 7 nnannnnnnennnnnnennnnnnnnnnnnnnnnsnnnnrenrennreennnne 56 11 Create a HUB E mail Account on a MS Exchange Gener 57 11 1 Define Authentication Method of the IMAP Gener 57 11 2 Change the Start Type of the Genice nennen 58 11 3 Exchange Management Console nenn enenne nenn 60 Securepoint 5 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 1 Introduction PLEASE NOTE This documentation is based on the regulations of German law Please look after the terms of regulation which is valid in your country This Manual is made for the technicians which install and configure the Unified Mail Archive UMA software or appliance This Manual has four chapters The prologue takes care of the setup Part One describes the administration center part two explains the e mail client and the affix are found in chapter three Important information We have chosen the terms archive and archiving very deliberately We did not make a specific difference between storage and archiving It is the opinion of the writers that users call the storage of documents which is regulated by law mostly archiving You find a short definition between storage and archiving in the affix Generally the standard software Securepoint Unified mail Archive UMA
11. TAD time zone difference four digit The prefix shows if the defined hours must be added or subtracted to from the Universal Time Coordinated UTC Refresh reloads the backup list Restore installs the selected backup Users Time Webmailer IMAP SMTP Indexer Mailarchive Rules Backup Restore NETWORK STORAGE Available Backups uma backup 2012 01 23T11 07 02Z 0100 Refresh Restore EXTERNAL STORAGE Storage Connected not connected Refresh Available Backups not configured Refresh fig 39 restore backup Securepoint 37 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 7 8 Tab Maintenance In this section you can execute basic management tasks Users Time Webmailer IMAP SMTP Indexer Maillarchive Rules Backup Restore Maintenance GENERAL MAINTENANCE Reboot Device Halt Device CONFIGURATION IMPORT EXPORT Browse_ Import Export AUTOMATIC MAILBOX CLEANUP Delete Archived Emails After 6 Years Status Unable to connect to server LONG TERM ARCHIVE Status User User User User Final Email Deletion 180 Days Delete EMAILS MARKED WITH LTA ERROR FLAG Not archived Emails because of an error Retry archiving with LTA error flags FIRMWARE VERSION Active Version Available Version REMOTE LOGIN Start SSH Daemon fig 40 maintenance functions General Maintenance Reboot Device Restarts the system Halt Device Shuts down the system Configu
12. computer under MS Windows 7 read the according note in the appendix see chapter 10 direct connection network connection monitor working station IP 192 168 175 11 UMA appliance UMA appliance IP 192 168 175 254 fig 4 connection to the UMA appliance to configure the IP address Securepoint 10 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 4 Connect the UMA Appliance 4 1 Direct Connection The direct connection with monitor and keyboard is only destined to change the IP address temporary and prepare the appliance for the employment in the network without changing the IP address of your work station Login the UMA appliance with the predefined administrator account login admin password insecure You are logged in as user with restricted super user rights In delivery status the appliance adjusts a connection in transparent mode The entire network traffic will be routed over the UMA appliance The appliance only attends to the e mail traffic All other data packets will be passed through Change the IP address of the UMA appliance with the following command ip addr replace 192 168 100 10 24 bridge command new IP address with interface bitcount In this example the network uses the subnet 192 168 100 0 24 Note The command changes the IP address just temporally The address will not be stored and will reset to delivery status when the appliance will be rebooted
13. long term archive test report provides information about the qualified certificates used and the integrity of the electronic message This also includes attachments When an at tachment has been signed adequately before having been transferred into the evidence folder also the author certificate and the attachment itself will be checked regarding identity and validity of signature at the point of time of installation Securepoint 52 Security Solutions SECURITY SOLUTIONS Unified Mail Archive The category General Information informs about the programme part of the UMA which realizes the certificate inspection name of report at which point of time the test report has been compiled created at which version of test report is currently shown version no and sums up the report result of all checked certificates status The category Archive time stamp Sequence demonstrates all test report results of the qualified time stamps used Note The UMA works according to the technical directive 03125 of the Bundesamt f r Sicherheit in der Informationstechnologie Federal Office for security and information technology in order to protect the used signatures by giving them an additional on top signature with the highest crypto logical algorithm by the MERKLE Hashbaum method The qualified time stamp is taken every day If the verified e mail contains attachments that have been signed adequately the test resu
14. server 7 3 4 Generate Self Signed Certificates To set the appliance back to delivery status you can generate a self signed certificate by the appliance e GENERATE SELF SIGNED CERTIFICATES fig 35 generate self signed certificate 7 4 Tab Indexer Users Time Webmailer IMAP SMTP indexer Mailarchrve I NDENG SERVICE FOR EMAIL ATTACHMENTS indexing Enabled Status Schedule Every Day F OI F ci 00 F Update index T fig 36 attachment indexer This function indexes e mail attachments of the archived e mails This accelerates the search The indexing can be executed as a schedule The index can always be rebuilt or continued Note The indexing accelerates the access on the content of the attachments This procedure takes up disk drive space The size of the extra required disk space is depending on the size the type and the format of the attachment Securepoint 34 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 7 5 Tab Mail Archive Rules On this tab you can define rules which will be used to assign the e mails to the archives 6 years 10 years 30 years and forever Users Time Webmaier IMAP SMTP indexer Mailarchnwe Rules Backup Restore Mamienance z GLOBAL MAILARCHIVE RULES myos all rules match LTA 10 header subject TF Invoice address From T contains T axamgle cam ofers all mules maich header subject contams address From contains example
15. the archive storage and save them on the network For this the UMA appliance offers three types of network storage You can transmit the backups to an fileserver via Windows Share Server Message Block Protocol via SSH Secure Shell or via FTP File Transfer Protocol z NETWORK BACKUP STORAGE Windows Share Network Protocol Windows Share Windows Share 55H Server Address 192 163 175 10 FTP Windows Share public Folder UMA backups Usermame uma dman Password een fig 19 set network storage Network Protocol Select a supported network protocol Server Address __ Declare the hostname or IP address of the server Ten l directory names with blanks Usemame Usernameatthehos Password Password of the user atthe host Windows Share Windows Share Declare the public directory of the server SSH Folder Enter the complete path from root directory of the complete path storage folders Securepoint 23 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 6 4 3 External USB Backup Storage EXTERNAL USE BACKUP STORAGE Available Storages sche USE DISE 2 0 BLOF add Regmierad Storages fig 20 available USB devices The backups can also be saved on a device which is connected to the appliance by USB This can be an USB flash drive or an external hard disc drive for example Under Available Storages all recognized USB storage mediums are shown Select
16. which defines the network subnet Click on Save The button appears behind the input field after typing After this changing the appliance is only reachable under the new IP address You have to login again Enter the new IP address of the appliance into the address bar of your browser fol lowed by a colon and the port 11115 Use the HTTPS protocol https newAddress 11115 Confirm that you trust the certificate issuer and login with the default administrator ac count Note If you change the password already use the new password for login Enter the IP address of your internet access device into the field Gateway Click on Save Securepoint 16 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 6 1 2 Local Name Settings e LOCAL NAME SETTINGS Hosiname HUEN Domain esicanter local fig 11 enter host name and domain Enter a host name for the appliance into the field Hostname and the domain of your network into the field Domain Click on Save 6 1 3 Nameserver Settings e HAMESERVER SETTINGS Nameserver 192 163 201 fig 12 enter DNS server IP addresses Enter the IP address of your nameserver in the section Nameserver Settings and click on Add lf you use more than one nameserver repeat this procedure till al nameserver are added You can define three nameserver Securepoint 17 Security Solutions SECURITY SOLUTIONS Unified Mail Archi
17. 00 1 master Master user bogging in as 500 dawecat imap login Login user gt metiod P LAIN rp 127 001 ip 127 001 mgpid 10121 EL OH d OO CH ba bi bo bo Pi bo PIP bo bo ba ba bo bo En En Ea da ha e ia KA fa G kl el bel Ee kel Ee H K k tkatka ka ka ka ba J K Dsoonnected Logged outbyes 409 2442 00 dovecot auth passdb ia push 127 0 0 1 master Master user logging in ase nrn OO dowecsot map lag n Lagin users mehod PLAIN np 127001 p 127001 daemon min Jan 10 22 1500 ka push 10116 done wah LTA 100 mat mi Jan 10 2211500 dovacot nand Disconnected Loggad autbyes 595 2972 daemon mi Jan 10 22 1500 ka push 10116 0 Messages Pushed for 2 user fig 42 protocol display Securepoint 41 Security Solutions Unified Mail Archive A SECURITY SOLUTIONS Part 2 UMA E Mail Client SECURITY soLUTIONS UMA Email Client Securepoint 42 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 8 UMA E Mail Client The UMA E mail client is the web interface for users This client is for the administration for all received and sent e mails which are archived in the UMA This UMA client is for three types of users For the normal user who wants to get access on his archived e mails with his own access code in a read only mode Second Type is the auditor This user is allowed to get access to the archives of the normal users after he received the approval o
18. CURITY SOLUTIONS Unified Mail Archive 8 1 Login You enter the e mail client web interface over the internal IP address of the appliance Type the hostname or the internal IP address of the appliance into the address field of your web browser Use the HTTPS protocol For example https my uma my domain com https 192 168 175 10 If a security warning appears assure that the used certificate is trustable In this case confirm that you trust the certificate publisher Add the certificate to the list of trust worthy certificates if this functionality is offered by your browser The e mail client web interface appears Select the user login x fig 43 icon of the uder login Enter the user name of the active directory and use the according password Ro SECURITY SOLUTIONS u a UMA Email Clieni Benutzername fred Passwort Zur cksetzen Einloggen fig 44 UMA mail client login Securepoint 44 Security Solutions O E SECURITY SOLUTIONS Unified Mail Archive 8 2 Overview After login to the user interface the personally user account opens Here are shown all e mails which are collected by the UMA in different folders The start screen shows the content of the inbox search with mutiple request logout basic search reload Refresh Logout Emails Folder _ INBOX 22 24 Long Term Archive Folder LTA 6 0 LTA 10 26 26 LTA 30 0 LTA forever 2 2
19. For permanent saving you have to change the IP address over the web interface After the IP address is adjusted to the network subnet you can open the UMA Administration Center in your web browser Securepoint 11 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 4 2 Connection Over the Network Open your web browser Enter the new UMA IP address into the browser s address bar You have to use the HTTPS protocol and the port 11115 https 192 168 100 10 11115 The web interface uses a self signed certificate which will be classified as an un trustworthy website Therefore a security warning appears Confirm that you trust the supplier of the certificate The certificate can be exchanged with an own one later which will be classified trustworthy in the network see chapter 7 3 3 The login screen of the UMA Administration Center Em appears SECURITY SOLUTIONS D D D Enter the credentials of the predefined default admin UMA Administration Center user name admin SS password insecure fig 5 login screen Note Remember to change the password as soon as possible This function is described in chapter 7 1 Note A secure password has a length of minimum 8 characters It should be a ran dom combination out of lower case upper case numeric and special charac ters CH 2 https 192 168 175 254 11115 Certificate Error Navigatio A The site s s
20. INGS Hub Mode Hub Made 8 Email domams sicenier local Hostname srvOl testcenter local Ports 25 SSL Ports fig 16 mail server settings for the HUB mode Email domains testcenter local Connect Timeout Remote Timeout fig 15 mail server settings for the Transparent and Forward Mode Hub Mode Activates the HUB mode A HUB account must have been defined on the mail server which in cludes a copy of every mail Hostname Declaration of the hostname or IP address of the mail server SSL Port Securepoint 20 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 6 3 2 Remote Smarthost Settings Apply these settings if you use a mail relay of a provider for the mail transport or if your firewall expects an authentication for the SMTP protocol REMOTE SMARTHOST SETTINGS Use Smarthost v Smarthost 192 168 175 20 Port 25 User smtprelay user Password so fig 17 settings for a remote mail relay or SMTP authentication 6 3 3 Remote Mail Accounts Define these settings if you fetch mails from e mail accounts hosted by an external provider If you use the HUB mode you have to configure the credentials to the mails server and the HUB account in this section REMOTE MAILACCOUNTS Status no mailservers have been specifie Refresh Name ext mail Servername mail_provider Protocol AUTO Username fred Password Domain testcenter local v K
21. R SETTINGS SSL Suppor Cieni Aufienicaten Mechanism PLAIN CRAM MD5 LOGIN DISEST MOS NTLM G55 SPNEGO GSS5AP Kerberos v5 fig 31 define IMAP encryption and authentication 7 3 3 Webserver Certificate IMAP Certificate SMTP Certificate These areas show information of the used certificates of the webserver the IMAP server and the SMTP server In delivery status the appliance uses self signed certificates For security reason web brows ers warn the user to open internet sites which use a self signed certificate You can import a certificate This can be an own one or a certificate from an official trusted certification center If you use a self signed certificate you have to deposit the root certificate Certification Authority CA at the domain controller as a trustable root certificate WEBSERVER CERTIFICATE IMAP CERTIFICATE Caricate Dee zeb a0ned can arcate map sel agned cert Cercate Privat Key h p sel signadkey map sel agnad key Private Key Password opsonal Prvaie Key Password op onal import Webserver Certicaie Import DAD Cerg came fig 32 certificate of the webserver fig 33 certificate of the IMAP server Securepoint 33 Security Solutions o SECURITY SOLUTIONS Unified Mail Archive SMTP CERTIFICATE Cer cate Spe s t sed carn Cemticate Prva Key amip seli signad key Private Key Password opzonaft impot SMTP Cerg cage fig 34 certificate of the SMTP
22. SOLUTIONS Unified Mail Archive 8 7 1 Navigation in Displayed E Mails Back to Folder lt lt gt gt Export Print fig 54 navigation bar in to of the shown e mail A navigation and function bar are placed above the displayed e mail Use this bar to navigate in the active folder and execute the export and print function Area Field Description Back to Folder Changes from the e mail display back to the folder view of the ac tive folder lt lt Opens the e mail which is located in the list in front of the current opened e mail Opens the e mail which is located in the list behind the current opened e mail Export Exports the opened e mail on to your system If the e mail contains attachments these will be exported too Print The e mail will be viewed in the print preview of your browser Use the pint function of your browser to print the e mail O1 Securepoint Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 8 8 Inspection Report As soon as an e mail has been signed with the qualified time stamp in a long term archive folder the e mail will be marked with a green LZA icon in the list Click on this green icon to open the test report Langzeitarchiv Pr fbericht Allgemeine Informationen Bericht Name ServletExport erstellt am 2011 12 20T12 55 19 980 01 00 Version SEN Stand g ltig Archiv Zeitstempel Sequenz Archiv Zeitstempel Kette Reihenfolge 1
23. associated with resource mailbox will be disabled Equipment Mailbox The equipment mailbox is for equipment scheduling and is not owned by a user The user account associated with the resource mailbox will be disabled Linked Mailbox Linked mailbox is the name for a mailbox that is accessed by a security principal user in a separate trusted forest fig 61 select mailbox type I Select the radio button User Mailbox as account type Click Next gt A mailbox can be created for an existing user or for a new user We create a new user for the Hub mailbox New Mailbox Introduction User Type El User Type You can create a new user or select existing users for whom you want to create new mailboxes New Mailbox Comoleti Create mailboxes for ompletion a New user Existing users Organizational Unit lt Back L ne gt Cancel 7 AD C ale eat car fig 62 select use Select the radio button New User Click Next gt 4 Securepoint 61 Security Solutions SECURITY SOLUTIONS Unified Mail Archive The next step queries the user information of the new user New Mailbox ER Introduction User Information E User Type Enterthe user name and account information D User Information Organizational unit Mailbox Settings oo example de Users Browse New Mailbox First name Initials Last name Completion UMA Joumal Name UMA Joumal U
24. by the UMA This combination of mail server and mail client uses the Microsoft specific message architecture MAPI with an RPC protocol To archive e mails which uses this constellation use the HUB mode see chap ter 2 1 Further protocols can be used POP2 APOP RPOP KPOP SDPS ETRN ODMR Securepoint 9 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 3 First Time Operation Some settings are predefined in delivery status This includes the IP address and the admin istrator access Predefinitions IP address 192 168 175 254 Subnet mask 255 255 255 0 User name admin Password insecure 3 1 Customize the IP Address To integrate the UMA appliance into your existing network you have to adjust the IP address of the appliance You have got two possibilities a direct connection or a network connec tion by the web interface Attach a monitor and a keyboard to the UMA appliance and configure it before your connect it with your network You can also configure the appliance within the network This is only possible if the IP ad dress 192 168 175 254 is used only once in the network in fact by the UMA appliance To establish a connection to the UMA it is needed that the computer you use for the configura tion has an IP address from the same subnet as the UMA appliance 192 168 175 1 192 168 175 253 If you need further information how to change the IP address of your
25. count The auditor can use the search the print and the print functions No e mail filter can be set and nor e mails can be copied into other folders When the user opens his account the next time a message appears that an auditor has ac cessed the account since his last login Securepoint 54 Security Solutions SECURITY SOLUTIONS Unified Mail Archive art 3 affix O1 O1 Securepoint Security Solutions SECURITY SOLUTIONS Unified Mail Archive 10 Change the IP Address in Windows 7 In delivery status the IP address of the appliance is set to 192 168 175 245 If you connect the appliance with the network you can only access the appliance if your computer has an IP address out of the subnet 192 168 175 0 For Microsoft Windows 7 follow these instructions For these settings you will need adminis trator rights Click on Start the Windows icon in the left bottom corner Select the Control Panel from the Start Menu Select the group Network and Internet in the appearing dialog Select the group Network and Sharing Center in the new dialog On the left side of the window you will find the entry Change adapter settings Select active LAN connection and click on it with the right mouse button Click on the entry Properties in the context menu The dialog Local Area Connection Properties appears Select the entry Internet Protocol Version 4 TCP IPv4
26. curity Solutions SECURITY SOLUTIONS Unified Mail Archive 6 5 2 Windows Domain Membership Settings WINDOWS DOMAIN MEMBERSHIP SETTINGS Enabled w Secunty Mode Active Directory Domain Windows Domain example de Workgroup example Password Server shadow example de Admin Account Administrator Admin Password EEEE Leave 8 LDAP Communication Security none sign sign amp encrypt Active Directory Root CA ca_ex cert Browse Import fig 22 register to a domain In this section you can decide to register the UMA appliance at an Active Directory or a Windows Domain Activate the checkbox Enable to unlock the function Select the registration type and click the according button Enter the name of the domain into the field Windows Domain Type the name of the group into the field Workgroup Enter the hostname or the IP address of the server into the field Password Server Enter the administrator credentials into the fields Admin Account and Admin Pass word Click Join lf the registration was successful the symbol beneath the button becomes green Furthermore the communication security of the LPDA connection can be set To open this area click the button with the arrow below the buttons Join and Leave Select the security level of the connection at the row LDAP Communication Securi ty To deposit a root certificate CA click on Browse and select a CA from your system
27. decide if all condition or just one has to match LTA 6 01 02 2012 Normal Search B Matchall v Date before v 29 02 2012 Start advanced search From v fred flintstone example com fig 51 search for an e mail from Fred Flintstone between the 1st and the 29th of February 8 6 Copy E Mails Copy selected Emails to folder LTA 30 Subject From Fr a 50 Rabatt auf Adobe Photoshop Elements 10 amp 50 Rabatt auf Adobe Photoshop Elements 10 amp Verwenden Sie mit Acrobat X Inhalte aus PDF Dai Verwenden Sie mit Acrobat X Inhalte aus PDF Dai E Re E Mail Test fig 52 copy two mails into LTA 30 folder E mails can be copied from one folder into another one If you decide on a later date that accounts should be stored for 30 years and not only for 10 years you can search the de pendent e mails and copy them into the according folder The e mails will be copied not moved Securepoint 49 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive E mails with an activated checkbox in the second column of the table will be copied If all e mails should be selected or unselected activate or deactivate the checkbox in the title bar of the list 8 7 Display an E Mail Back to Folder lt lt gt gt Export Print From To Subject Verwenden Sie mit Acrobat X Inhalte aus PDF Dateien m he Date Wed 14 Mar 2012 11 19 19 0100 Plain View HTML View ern nn ne m gem EE nme n
28. dress wa Joumal Scope Ge Global all messages intemal intemal messages only Extemal messages with an extemal sender or recipient Joumal messages for recipient V Enable Rule 3 To use premium joumaling you must have an Exchange Enterprise Client Access License CAL Cancel fig 70 select messages and activate rule Select the radio button Global all messages Activate the checkbox Enable Rule Securepoint 66 Security Solutions Unified Mail Archive SECURITY SOLUTIONS A summary of the selected settings and the result of the creation is show in the last window Le New Journal Rule El New Joumal Rule Completion EI Completion The wizard completed successfully Click Finish to close this wizard Elapsed time 00 00 00 Summary 1 item s 1 succeeded 0 failed RE UMA Jounal Exchange Management Shell command completed newjoumalRule Name UMA Jounal JoumalEmailAddress foo example de Users UMA Joumal Scope Global Enabled Sne Elapsed Time 00 00 00 Select Ctri C to copy the contents of this page fig 71 rule created successfully Check the summary and click Finish All e mails will be copied into the new mailbox If the UMA is configured in Hub mode all e mails will be fetch from this mailbox After the e mails are fetched from the hub mailbox they can be deleted Securepoint Security Solutions Lake o
29. e SamAccountName joumal FirstName UMA Initials LastName Joumal Password System Securty Secure String ResetPasswordOnNextLogon Sfalse Database WIN DSQSBNHDI52 First Storage Group Mailbox Database Elapsed Time 00 00 00 Select OC to copy the contents of this page lt Back fig 66 mailbox created successfully Close the wizard by clicking Finish Securepoint 64 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive You will be directed back to the Exchange Management console Exchange Verwaltungskonsole File Action View Help 9 Alm Om 3 Microsoft Exchange sas Organization Configuration jy Mailbox ait Client Access i ici 3 New Remote Domain x Hub Transport _ ait Unified Messaging 23 Default p 5 Server Configuration New E mail Address Polic z u R Recipient Configuration ES New Transport Rule EA Mailbox Ss New Accepted Domain a Distribution Group New Journal Rule GF Mail Contact Ra Disconnected Mailbox d Toolbox New Edge Subscription New Send Connector Export List View OO Refresh Help fig 67 Exchange mangement console Hub Transport view Click under Organization Configuration on Hub transport in the left tree structure Click in the right window actions on New journal rule The dialog New Journal rule will be opened Fi New Journal Rule El New Joumal R
30. e mail account password into the field Password If you want to enter more than one e mail address click the button add Another field E mail appears Store the entry with the button Save If you click Cancel the mask will be closed without saving the data Securepoint 29 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 6 5 7 Import CSV File You can also import an e mail account list This must be given in CSV format Following in formation are necessary for a successful import account name password first name last name e mail address optional e mail address The whole list is set into quotation marks Example fredr secret Fred Flintstone fFrede flintst ne Tv Tred d2lintst ne CSC donald topsecret Donald Duck donald duck com LOCAL USERS Format userid password firstname lastname email optionalemail Browse Import Cancel fig 27 import mask Click on Browse to select a CSV file from your system Click on Import If the import process was successful the updated list appears Securepoint 30 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 7 Lead Tab Administration 7 1 Tab Users On this tab the system users will be declared These users configure the system and can manage mailboxes Normal users which use the UMA E mail Client interface don t have to be declared be cause they will be a
31. e to be registered in the menu Setup on the tab Archive Storage Users Time Webmaier IMAP SMTP indexer Mailarchive Rules Backup Re NETWORK STORAGE Backup Enabled Schedule Every Day FTilaz loo T Number CH Bachugps 10 e Backup Test not configured Test e BACKUP TO EXTERNAL STORAGE Backup Enabled Schedule Every Day oo F or Humber CH Bachugps 0 e Backup Test not configured Test fig 38 activate and schedule backup Backup Enabled Activates the automatic backup routine Schedule You can select the day of the week and the time Besides the val ues workday and every day are offered Number Of Backups Defines the number of stored backups If the value will be exceeded the oldest backup will be deleted Backup Test Tries to establish a connection to the storage medium Backup Now Creates a backup instantly Securepoint 36 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 7 7 Tab Restore The functions on this tab restore saved backups The restore is available from network stor age or external medium Saved backups are shown in the dropdown field Available Backups The name of a backup is composed like this uma backup YYYY MM DDTHH MM SSZ TZD tar gz YYYY year four digit MM month two digit DD day two digit The following T stands for Tag day HH hour two digit MM minute two digit SS second two digit The following Z stands for Zeit time
32. ecurity certificate is not trusted templed to reach 192 168 20 236 but the server presented a certificate issued by an entity sted by your computers operating system This ay mean that the s je a5 fig 7 security warning of Google Chrome fig 6 security warning MS Internet Explorere Securepoint 12 Security Solutions SECURITY SOLUTIONS Unified Mail Archive e HETWORE ADDRESS SETTINGS Local IP Address 197 153 20 Gateway 192 164 20 1 fig 8 set new IP address Enter the new IP address of the UMA appliance at the UMA Administration Center Switch to the tab Setup Network Network Address Settings Enter the new IP address into the field Local IP Address for example 192 168 175 20 Click on Save The IP address will be stored permanently in the configuration file Securepoint 13 Security Solutions SECURITY SOLUTIONS Unified Mail Archive Part 1 UMA Administration Center N C IS Securepoint 1 D Security Solutions C SECURITY SOLUTIONS Unified Mail Archive 5 Tab Status Saws Setup Admneraton STORAGE TIME STATUS B Free ai Gey Curent Tine Wed Jan L 2022 1129 14 GMT O100 CET Cer ME Time Daiierence 26 464930229105185 5 LTA Storage 616 15 KE IMAP Storage 200 41 KB a Archived E mails I7 d dl ah e Kess emsoss ease E Jess H Wad Dei D Ts E H y MEMORY USAGE E ENTROFY ka 2 01 fig 9 f
33. eep Mails Fetch Mails Every Minute SSL Protocol SSL3 v SSL Add Account Remove fig 18 mail accounts on an external server Status Shows the notifications of the last retrieve Refresh Starts a new retrieve immediately Server Name Declaration of the hostname or IP address of the e mail server Protocol Selection of the used protocol for example POPS IMAP Name Define a name for the external account Securepoint 21 Security Solutions SECURITY SOLUTIONS Unified Mail Archive Note AN Usually is sufficient to set the protocol selection to AUTO 6 4 Tab Archive Storage The storage for the e mail archive will be initialized under this tab Furthermore settings of the backup function will be defined The backups could be saved on network storage or an USB device 6 4 1 Local Storage Integration The e mail archives will be stored on the local hard disc drives of the appliance The drives are conducted in a RAID system Depending on the accouterment of the appliance this is managed by a software or hardware RAID controller lf a software RAID controller is used the correct RAID level will be selected automatically At the initial startup of the appliance the archive storage has to be initialized first For this click the Button Initialize Securepoint 22 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 6 4 2 Network Backup Storage You can create backups of
34. en the current version to the previous version Remote Login Start SSH Start the SSH services on the appliance So you Daemon can connect the appliance with an SSH client For login use following credentials user name admin password insecure This service waits for connection the next ten minutes If no login occurs in this time the service will be shut down Securepoint 39 Security Solutions Unified Mail Archive 7 9 Tab Tools SECURITY SOLUTIONS This tab offers operations which test for example the functionality of e mail delivery network availability and hard disk functionality E Mail Delivery Test Network Tools S M A R T Hard Drive Test Webm e EMAL DELIVERY TEST Host Emal Address Results NETWORK TOOLS Tool Host IP Results e SMART HARDORIVE TEST Schedule Slats fig 41 maintenace tools Aner i Host Enter the host name or the IP address of the mail server which shall send the e mail E Mail Address Enter the address of the recipient of the test e mail Shows the result of the test You can select between the functions ping host and traceroute Host IP Enter the IP address or the host name of the tar get system for the test Run Starts the test no the Starts the test a the result of the test Schedule Select a schedule for the hard disk test The test can be executed monthly half yearly or yearly Status 00 Sho
35. ern en er nenne teen armer Tools im Handumdrehen in andere Formate um berzeugen Sie sich selbst gt lt http mail adobe direct com r xnviTcJEQWJHVEWHT qWwPWPy gt Adobe Acrobat X Pro Produktabbildung Verwerten Sie Inhalte aus nahezu jeder PDF Datei weiter Jetzt k nnen Sie Inhalte aus PDF Dateien mithilfe von Adobe Acrobat X Pro in wenigen Schritten f r andere Projekte wiederverwenden Neue Funktionen wandeln nahezu jede PDF Datei m helos in ein Microsoft Word oder Excel Dokument um Konvertieren Sie eine gesamte PDF Datei oder kopieren Sie eine Tabelle oder Grafik um sie in einem anderen Dateiformat weiter zu bearbeiten bertragen Sie Textpassagen Tabellen oder Grafiken Exportieren Sie eine PDF Datei vollst ndig oder teilweise Acrobat X Pro beh lt jederzeit die relative Positionierung von Tabellen Bildern und mehrspaltiqem Text bei Sehen Sie selbst wie einfach Sie Inhalte aus PDF Dokumenten in ein anderes Format bertragen und sich eine erneute Formatierung oder Dateneingabe ersparen fig 53 display of an e mail By clicking on an e mail in the list it will be opened The mail can be show in plain text or in HTML format For switching the format use the buttons below the date Attachments of the e mail can be downloaded by clicking on it Note To display Attachments you will maybe need according display programs on your system Securepoint 50 Security Solutions SECURITY
36. f the privacy officer data protection commissioner The third type is the privacy officer Auditor and privacy officer only can be named once on each appliance Every user is able to get logged in with his active directory registration code to see his e mail account You can see an inbox all received e mail a sent box place of all send e mail and the long term archives folder The user is able to search after e mails he can copy mails into other archive folders and is able to create personal filter setting These settings allow that e mails are placed additional in long term archive folders Note The lawfully authenticity is made by qualified time stamps and by the im plementation of the specifications of the technical guideline 03125 of the BSI This marking only happens in the long term files All data will be protected against unauthorized inspection from others by the four eyes principle The auditor can use the e mail client interface as Login into various accounts In order to receive an unlimited access to UMA mail accounts the auditor s access must be confirmed by a Private Officer The auditor and the Private Officer will be registered on the administrators interface This system only offers the necessary protection if the auditor and the Private Officer are not the same person and the administrator proceeds conscientiously regarding their assignation Securepoint 43 Security Solutions SE
37. fined by the ad ministrator and are valid for all accounts You can set personal filter for your own account These filters are only additional to the glob al filters 8 4 E Mail Filter In this section filters can be adjusted which copy e mails into the folders 6 years 10 years 30 years or forever Several filters can be defined which can contain several conditions To set up a filter condition you have to enter a name for this rule first Than you select the match conditions and the archive the matching e mails should be copied to Match of conditions all rules match one rule matches no rule matches Following sections could be searched e mail header e mail body address body Securepoint 46 Security Solutions SECURITY SOLUTIONS Unified Mail Archive Note The section body includes the content of all attachments In dependency on the sections different conditions can be selected Section Conditiont _ Condition2 to from carbon copy 00 K M G kilobyte megabyte gigabyte Email Filter Settings sent accounts all rules match mo ei header subject contains account address From contains Bl example de fig 47 one e mail filter with to conditions Example All accounts which are sent to customers should be copied to the LTA folder 10 stor age duration 10 years Enter a name for the filter for example sent accounts Because all
38. following condition should be matched select from the first dropdown field all rules match From the second dropdown field select the desired LTA folder For this example LTA 10 In the next row the first condition will be defined Select e mail header as section Define the exact section of the header and enter the term subject As search mode select contains and type the word account into the filed Click on the button with the plus symbol in front of the first condition to define a second one This time select address as section Select as limitation from out of the second dropdown filed and Securepoint 47 Security Solutions SECURITY SOLUTIONS Unified Mail Archive as search mode contains Type your e mail domain as text to search for Note Global filter settings set by the administrator take effect to all e mail accounts Filters which are defined in this section supplement the filter rules see chapter 7 5 8 5 Searching You can search e mails in to modes Use the quick search to find an e mail in the active folder The search located in the main bar up to eight conditions can be defined The functions will be explained in the following chapters 8 5 1 Quick Search fig 48 quick search field for the current folder The quick search is located directly above the title bar of the e mail list The searching is always limited to the current open folder From the second typed character
39. h Define the point the search should begin from The directory tree will be searched downward Enter this point into the field Base If you want to include references in the directory tree click on the button On behind the field Referrals 6 5 5 Local Users If you selected the option local users you can archive the e mail accounts by the UMA with out using an Active Directory You can enter e mail accounts manually or import them from a comma separated list You can also combine both options LOCAL USERS Add User CSW Import search fred wilma daisy e donald delete fig 25 list of local user accounts The area Local Users offers the options Add User manual input and CSV Import Entered e mail accounts are shown in a list below Securepoint 28 Security Solutions SECURITY SOLUTIONS Unified Mail Archive An entry into the search field limits the shown accounts This takes affect by typing only one character You can edit an e mail account by clicking on it If an account should be deleted from the list click on the button delete beneath the respective account 6 5 6 Add User lf you want to add user e mail accounts manually click the button Add User in the Local Users area The following entry mask appears LOCAL USERS Usemame Password first Name last Name Email dd fig 26 add users manually Enter the queried data Type the
40. irst shown screen after login The tab Status appears after login It shows system information graphically The area Archive Storage shows the available memory capacity and the used storage space according to several directories Furthermore the numbers of archived e mails is shown Note The storage is not initialized and no e mail is archived at initial operation So no information can be shown The display will be refreshed hourly The area Time Status shows the current time and the difference between system time and the called time from the time server This information will be shown when the time server is defined and accessible The displayed graphs show the hardware utilization Note The system time has no influence to the probative value This is only bound to the qualified timestamp Securepoint 15 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 6 Lead Tab Setup At the initial startup of the appliance you have to define general settings The first configuration steps are summarized under this tab 6 1 Tab Network On the tab Network several settings of the environment are subsumed 6 1 1 Network Address Settings NETWORK ADDRESS SETTINGS Local IP Address 192 163 20 238 24 Gateway 192 168 20 1 fig 10 set the appliance IP and the Gateway IP Define the desired IP address of the appliance in the area Network Address Setting The declaration expects a bit count
41. is offered with a hardware appliance If an appliance solution is mentioned in this document this statement is also valid for the software solution The hardware appliance can get assembled with multiple hard drive disks and in this way it offers in combination with a software RAID controller or an integrated hardware RAID a high level of data security In dependency of the amount of available hard drive disks the highest possible RAID level is chosen The UMA archives the entire e mail transfer with a high degree of transparency automatically on a central system E mails are saved legally compliant and unchangeable The Data are saved encrypted on the system and additional a qualified daily time stamp confirms that no changes on the documents are made during the storage time All mails which come through the UMA are going to be saved in copy Due of this mails which are deleted on the e mail server or on the e mail client can be reactivated out of the archive Securepoint 6 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 2 Positioning of the UMA in the Internal Network You have got several options to integrate the UMA into the existing network The employ ment depends on the used e mail receive and send method Following three scenarios are possibly All scenarios suppose that a mail server is carried on the internal network It is used for receiving and sending external mails sending internal mails a
42. lts of the accepted certificates are shown in the category Data Object Folder 9 Auditor Access An auditor access can be defined in the administration web interface The auditor can access every e mail account if the privacy officer allows this access To prevent a misuse of this possibility the data are stored in four eyes principle This means that the auditor cannot access to foreign e mail account himself After the auditor has to en ter his login credentials the privacy has to approve the access by entering his own creden tials The accounts of the auditor and the privacy officers are managed at the administration inter face The administrator has to ensure that the auditor and the privacy officer are not the same person Securepoint 53 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 9 1 Login as Auditor After opening the e mail client web interface of the UMA the supervisor mode has to be selected x fig 56 icon of the auditor login The mask for the external auditor login appears The auditor has to enter the user name and the password into the according fields These credentials are not the Active Directory credentials After successful login the e mail account which should be shown has to be selected from the dropdown list The privacy officer enable the access to the selected e mail account by enter his cre dentials The auditor now has access to the selected e mail ac
43. mote Mail Accounts 21 6 4 TabArchive Stord Fee Fee rare ep nern Feen 22 6 4 1 Local Storage Integration 22 6 4 2 Network Backup Storage nenn nenne nenne nnnnne nenne nnnnnenn 23 6 4 3 External USB Backup Storage nenne nenne nnenne nenne nnnnnenn 24 6 5 Ee geen 25 6 5 1 User Repository ueassuensneensnenennenennnnnnenennonennnnnnenennnnnnnnennonennnnnnenennnnennnnnnen essen 25 Securepoint 3 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 6 5 2 Windows Domain Membership Settings nenn nenne nnnnn nennen 26 653 E e ue EE 27 654 LDAP Search EUNIS ers ee 28 659 OCA EEN 28 565 ele Oc EE 29 SC Ee le el OON FE E 30 7 Lead Tab AGIMINISW GON nennen 31 7 1 Ee WR EE 31 7 2 TOTI E 32 7 3 Tab Webmailer IMAP GMT 33 E Een e 33 FE IMAP CIV Cr Se UNIO Se Seen ee ee een 33 7 3 3 Webserver Certificate IMAP Certificate SMTP Certificate 33 7 3 4 Generate Self Signed Certificates ccccccccseccccseeeceeeeeseeeeseeesseeeeseeessaeeesees 34 7 4 Ee Wine EE 34 7 9 Ee IY WE eet SRS EE 35 7 6 MAD ACH le EE 36 1 1 FORO IOO E 37 7 8 HEIN Ma WEE 38 7 9 NEI RR ONS ven et nee a ee ae een ee 40 7 10 RE BE e GE 41 8 UMA E Mail Client E 43 8 1 Bee 44 8 2 ETAY A nennen 45 8 3 e O E IIS EE E A EEE AE ee 46 8 4 ESM GT 46 8 5 EE ee 48 SAS M ee e o gt 17 1 ME 48 EE e Een Een EE 49 Securepoint 4 Security Solutions Unified Mail Archive 8 6
44. n the administration interface of your server sys tem Exchange Verwaltungskonsole p Fie Action View Help 3 2m Elm 3 Microsoft Exchange E ss Organization Configuration 5 Server Configuration E 2 Recipient Configuration are ch Find SA Distribution Group 05 Mail Contact g Disconnected Mailbox ER Toolbox ci Export List Z Modify the Maximum Num View OO Refresh Help Disable gt Remove be Move Mailbox Ve Enable Unified Messaging Manage Send As Permissi ta Manage Full Access Permi a Properties Help fig 60 Exchange Management Console Switch in the left tree structure to the item Recipient Configuration sub item Mail box Click on the item New Mailbox in the right window named Actions The Mailbox Wizard appears Securepoint 60 Security Solutions SECURITY SOLUTIONS Unified Mail Archive The wizard guides you through the several steps of creation a new mailbox New Mailbox El Introduction Introduction This wizard will guide you through the steps for creating a new mailbox resource mailbox User Type yP linked mailbox and mail enabling an existing user New Mailbox Choose mailbox type Completion aa User Mailbox This mailbox is owned by a user to send and receive messages This mailbox cannot be used for resource scheduling Room Mailbox The room mailbox is for room scheduling and is not owned by a user The user account
45. nd dispersing mails in the internal network 2 1 Scenario HUB Modus The UMA is not physically positioned in front of the mails server as in the other scenarios The appliance is connected as server into the inter nal network The e mails will not be conducted over the UMA The UMA fetches the e mails form the mail server A HUB account has to exist on the Exchange server This account contains a copy from eve ry received and sent e mail E mails which are sent over the MAPI interface will be copied into this account In this way all e mails will be ar chived by the UMA You can also copy already existing e mails into the HUB account When the UMA connects the Exchange server the e mail stock will be ar E E chived _ MS Exchange Server with HUB account fig 1 HUB mode Note The preservation of probative value for later archived e mails begins at the date of the import Possible probative value loss which occurred before the import into the UMA will remain Securepoint 7 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 2 2 Scenario Transparent Mode E mails arrive by SMTP at the router and will be hand on the mail server Thereby the e mails pass the UMA E mails which are sent from the internal network into the internet pass the UMA on the way to and from the mail server The same applies for e mails inside of the in ternal network Thereby all e mails will be s
46. nnections Manages o Manual Network List Service Identifies t Manual Network Location Awareness Collects an Automatic Pause Automatic fig 58 start IMAP4 service Open the Server Manager Select the item Services form the tree structure point Configuration Select the item Microsoft Exchange IMAP4 from the list Open the context menu by clicking on this item with the right mouse button Click on the entry Start to start the service Securepoint 58 Security Solutions o SECURITY SOLUTIONS Unified Mail Archive Microsoft Exchange IMAP4 Properties WIN DS Service name MSExchangelmap4 Display name Microsoft Exchange IMAP4 RE Provides Intemet Message Access Protocol IMAP4 l Services to clients If this service is stopped clients L Path to executable C Program Files Microsoft Exchange Server ClientAccess Poplmap Micn Startup type Automatic You can specify the start parameters that apply when you start the service from here fig 59 set start type to automatic Activate the context menu of the entry Microsoft Exchange IMAP4 a second time Click on the item Properties Switch to the tab General Select from the dropdown menu Start type the item Au tomatic Click OK Securepoint 59 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 11 3 Exchange Management Console Open the Exchange Management Console i
47. r fig 28 settings for users with special rights 7 2 Tab Time Here you have to set the time of the appliance The appliance obtains the time from a time server in the internet or in the internal network By defining the time zone the time is adjusted to the desired time zone Note This setting isn t importing for the qualified timestamp QTS Only the QTS are relevant for the judicial probative value of the e mails Users Time Webmailer IMAP SMTP indexer Mailarch SYSTEM TIME Time Zone Europe T Berin T NTP Server ng securepointde fig 29 select time zone and time server sub continent Select the continent the appliance stands ity Select the city which is placed in the same time zone NTP Server Enter the hostname or the IP address of a server Network Time Protocol which publishes the current time Securepoint 32 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 7 3 Tab Webmailer IMAP SMTP On this tab the security settings like certificates and encryption of the server services are defined 7 3 1 Webmail Access This activates the UMA E Mail Client which is reachable under the internal address of the UMA appliance WEBMAIL ACCESS Enable Access fig 30 activates the access to the e mail client 7 3 2 IMAP Server Settings Define if the IMAP server uses SSL encryption and which user authentication type should be used we IMAP SERVE
48. ration Choose File Opens a dialog to search a configuration file on Import Export the local system Import The selected file from the local system will be im ported to the appliance Exports the current running configuration Automatic Mailbox Slide Control Use the slide control to set the number of years Cleanup the e mails should be saved E mails which are older than the adjusted time will be deleted Securepoint 38 Security Solutions e SECURITY SOLUTIONS Unified Mail Archive The values are selectable between 1 and 20 years and never Status Shows which mailboxes are cleaned up Long Term Archive Status Shows a warning which mailboxes and how many e mails will be affected by a deletion Only e mails which have reached the storage time will be deleted Slide Control lf e mails have exceeded the long term archive duration they will be held back before definitely deletion With this control the hold back time can be set between 180 to 365 days E mails Marked Not archived e Shows the number of e mails which are not ar With LTA Error Flags mails chived caused by an error Retry Copies the marked e mails to the LTA at the next archive run Firmware Version Active Version Shows the version number of the utilized standard software Available Ver Shows the version number of potential updates sion Download Limits the bandwidth for the download Bandwidth Changelog Shows the changes betwe
49. ser logon name User Principal Name oumal ES example de SS User logon name pre Windows 2000 oumal Password Confirm password User must change password at next logon lt Back Cance fig 63 enter user information Enter the Organization unit of the user Use the button Browse and select the unit in the appearing dialog Enter the Last name and the First name of the user Define the User logon name and the Password Confirm the password by retyping it Click Next gt In the next step enter the alias of the user Introduction Mailbox Settings Pi User Type Enter the alias for the mailbox user and then select the mailbox location and policy settings User Information Alias El Mailbox Settings Joumal New Mailbox Mailbox database Completion WIN DSQSBNHDI52 First Storage Group Haben Database T Managed folder mailbox policy Exchange ActiveSync mailbox policy 3 Managed custom folders are a premium feature of messaging records management Mailboxes with policies that include managed custom folders require an Exchange enterprise client access license CAL lt Back Next gt Cancel fig 64 select alias name and storage location Select the storage location of the mailbox in the field Mailbox database Click Next gt O gt NO Securepoint Security Solutions SECURITY SOLUTIONS Unified Mail Archive d Securepoint
50. sun 00 boron scheduler 4193 boron exec roof CMD ebe once Ra push 00 dovecot auth pasedb ta push 127 0 0 1 master Master user logging in as 000 dawecat map login Lagin user gt methhod PLAIN np 127 0 01 ip 127 001 mpid 10003 ganini Jan 10 fo Jan 10 fo Jan 10 fo Jan 10 fo Jan 10 LA OO vw PoP po po E Pa Pd ba ba bo PREPRESS fi 000 dawecat imapi k Disconnected Loggad out byes 409 2442 000 davecot auth passdi Ma push 1270 01 master Master user bogging in asz 000 davecot imap login Lagin user metiad PLAN rip 127001 io Jan 10 fo Jan 10 io Jan 10 p 0006 TL daermon m Jan 10 22 10 mailinio Jan 10 22 1000 daemon m Jan Got fb Jan 10 cron m i Jan 10 fo Jan 10 fo Jan 10 fo Jan 10 fo Jan 10 fo Jan 10 2 io Jan 10 2 ha bi Bo BPR D Dg HI bo Po bo CH Oba gousbfoaaatdone weh LTALIO awacat map k Disconnected Logged autbyes 545 2972 00 ka push 9994 0 Messages Pushed for 2 user 00 beron schedulerf4193 boron exec roof CMD test x ksrbtiapun 22 aiat 00 boron scheduler419a boran exec roai test x ksrbbiapun amp amp aniar 00 beron schedulerf4193 boron exec root CMD test x ussAiblarun SS Asbl 00 boron scheduler 4193 boron exec root CMD test x kasrbbiagun SS Kssbtiasun 00 beron schedulerf4198 boran exec rood test x ksrbbiapun SS uaman 00 beron schedulerf4198 boran exec root CMD im once ka push 00 davecot auth passdb a push 137
51. t Sales Locafon L neburg Province State Niedersachsen County DE Contact Name Securepoint UMA Signing CA Contact Email salesiisecurepamide fig 14 example for a license Switch to the tab License under the lead tab Setup Click on the button Choose File and select the license file in the file dialog from the files system of your computer Click on the button Register If the file is installed you can set further settings Note The license file can only be placed at the disposal if the document Unterrich tung gem 6 SigG mit 6 SigVo betreffend Leistung von akkreditierten Zeit stempeldiensten is signed by the owner of the UMA appliance and sent back to the Securepoint GmbH The document is available under following URL httos my securepoint de in the reseller portal Securepoint 19 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 6 3 Tab Mail Server On this tab you have to define the settings of internal and external mail server 6 3 1 Remote Mail Server Settings Enter here the settings of the mail server of your internal network If you use the HUB mode you have to define the domain you want to retrieve mails from Furthermore you have to de fine the connection data to the mail server where the HUB account is hosted This is de scribed in the chapter Remote Mail Accounts see chapter 6 3 3 REMOTE MAILSERVER SETTINGS e REMOTE MAILSERVER SETT
52. the de sired medium out of the list and click in the according row on add The medium will be shown under Registered Storages Attention You need a configuration backup of the UMA see the tab Maintenance chap ter 7 8 to play back a storage backup from the USB device The USB device has to be already registered in the configuration A new registration of the USB device will delete all data on the medium Securepoint 24 Security Solutions SECURITY SOLUTIONS Unified Mail Archive 6 5 Tab Accounts On this tab you can decide from which source the e mail accounts information will be re ceived Furthermore it can be decided which e mail accounts should be archived by the UMA 6 5 1 User Repository You can choose between two types of receiving the account information The UMA system can be integrated into a Windows domain The e mail accounts can be took from the Active Directory The second possibility is to enter the e mail accounts manually or import them by a comma separated list CSV file USER REPOSITORY Local Users Windows Active Directory fig 21 select source Select the desired source in the area User Repository Choose Local User for manually entry or import of a CSV file Choose Windows Active Directory to use the Windows directory service According to the selected method the tab will be designed to record the relevant pa rameters Securepoint 25 Se
53. the real time search will be executed All e mails the searching pattern applies to will be shown All attributes shown in the list will be included You can narrow down the matches by extending the search pattern The order of the pattern is irrelevant So you can first search for a date and then limit the matches by entering a name For example Search pattern 14 03 ado Copy selected Emails to folder Search 14 03 ado G Subject From Date 50 Rabatt auf Adobe Photoshop Elements 10 amp Adobe Systems 14 03 2012 11 20 04 Showing 1 to 1 of 1 entries filtered from 6 total entries fig 49 result for search pattern 14 03 ado Securepoint 48 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 8 5 2 Advanced Search fig 50 advanced search bar at the top of the client The advanced search is located in the main bar of the client and can be activated by the but ton Advanced Search You can define the folder which should be searched and set up to eight conditions for the search The conditions are composed of a search group and a search pattern If the search group is a date the date must be selected from a calendar so the date is a sin gle day To search for an e mail in a date range you have to set two conditions The text search will searched for words and word fragments in the selected section You can add and delete conditions by the buttons with the Plus and Minus symbol on it You can
54. tored by the UMA in bridged mode the UMA hands emails to the Exchange server transparent mode fig 2 transparent mode Note If the internal computers of the network use the e mail client Microsoft Outlook and if the mail server is a Microsoft Exchange server e mails from these clients will not be stored by the UMA This combination of mail server and mail client uses the Microsoft specific message architecture MAPI with an RPC protocol To archive e mails which uses this constellation use the HUB mode see chap ter 2 1 Securepoint 8 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 2 3 Scenario Forward Mode In this scenario the UMA appliance is also posi tioned between router and mail server The UMA fetches e mails from an external e mail provider extemal For this the protocols IMAP POP3 and others can be used The fetched mails will be archived and hand to the mail server fetching emails by POP3 or IMAP The dispatch operates identically E mails reach the internal mail server which hand them to the UMA The UMA sends the e mails to the exter nal provider services by SMTP transfer the fetched emails to the Exchange server MS Exchange Sei fig 3 forward mode Note If the internal computers of the network use the e mail client Microsoft Outlook and if the mail server is a Microsoft Exchange server e mails from these clients will not be stored
55. ule New Joumal Rule Completion This wizard helps you create a new joumal rule When enabled the new joumal rule is executed on your organization s Hub Transport servers Rule name UMA Jounal Send Joumal reports to e mail address Browse Scope Global all messages intemal intemal messages only Extemal messages with an extemal sender or recipient T Joumal messages for recipient IV Enable Rule EZ ane premium joumaling you must have an Exchange Enterprise Client Access License L lt Back Cancel fig 68 set name for journal rule Enter a name for the new rule into the field rule name Click Browse beneath the field Send Journal report to e mail address Securepoint 65 Security Solutions SECURITY SOLUTIONS Unified Mail Archive Select Recipient foo example de File View Scope Search Find Now Clea Re ING 1 4 Administrator Administrator User Mailbox F UMA Joumal joumal User Mailbox fig 69 select recipient Select the new created user as recipient in the appearing window Click OK You have to define which messages should be copied to the Hub account Le New Journal Rule DI New Joumal Rule New Joumal Rule Completion This wizard helps you create a new joumal rule When enabled the new joumal rule is e executed on your organization s Hub Transport servers Rule name fu MA Jounal Send Joumal reports to e mail ad
56. uthenticated by the Active Directory Note DyUDe Dynamic User Detection Mailboxes will be created dynamically The UMA appliance automatically cre ates archive mailboxes if an e mail is sent or an e mail is received The UMA generates a mailbox per user when the users receives or sends e mails The number of mailboxes is limited by the license If the license allows five mailboxes e mails will be archived for five users E mails of remaining us ers will not be archived The e mail database will be saved in four eyes mode Inspection of user mail account by other persons is only allowed for an auditor if the privacy officer authorizes the access After the auditor has logged on to the e mail client web interface the privacy officer has to log in to approve the access Securepoint 31 Security Solutions SECURITY SOLUTIONS Unified Mail Archive Area Field Description Loginname ad System Login Name Declare the user name for egen me Administrator the web interface ni iii RealName Enter the first and the last ver e Privacy name of the user PRIVACY OFFICER Officer 1 Password Define the password of the user Privacy Officer 2 Confirm Confirm the password by Password retype the password External E mail Enter the e mail address of Auditor the user Send Reports daily Reports will be sent in the weekly selected interval for administrator Monthly and privacy of Never fice
57. ve 6 1 4 Proxy Settings lf you use a proxy in your network define the settings the appliance needs to establish a connection to the internet HTTP PROXY SETTINGS Server 192 168 175 1 Port 8080 Username fred Password i eeeeee ee fig 13 proxy credentials Enter the hostname or the IP address of proxy server into the field Server Type the port the proxy works on into the field Port The credentials the UMA appliance should use for authentication have to be defined in the fields Username and Password Note The UMA only supports the Basic Authentication Now the general network settings are made Securepoint 18 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 6 2 Tab License To use all functions and features of the UMA you have to import a license A license can be purchased from the Securepoint GmbH or from your reseller License Network Mallserver Arche Storage LICENSE Upload License Choose File 1o le chosen License Number 7314345 Valid frome 2011 12 14 163329 Valid unal 2012 12 14 1653329 Product UMA License Type 10 Mailbox Count 100 This Anpllanoe is Boensed to Organizan Securepomt GmbH Deparment Sales Locason L neburg Province State Medersachsen County DE Contact Name UMA Teskey 100 User 1 Jahr Contact Email salesgsecurepamtde Vendor specific License information Organization Securapoint GmbH Deparmen
58. ws the result of the test MAP SMTP indexer Malarchive Rules Tools Mamienance av Liesicenier local Mantily devs sda DEMU HARDOTSE Temp My A Temp A A AA Securepoint 40 Security Solutions O SECURITY SOLUTIONS Unified Mail Archive 7 10 Tab Logs Syslog protocol entries can be saved on the appliance or on an external syslog server External Logs Enable Activates the sending of protocol entries to an external syslog server Syslog Server Enter the IP address or the host name of the syslog serv er Enter the port the syslog server uses default 514 Show Log Protocol entries can be show ordered by service Fetch Logfile Loads the desired log entries Filter Die displayed entries can be filtered Possible filters are none all entries are shown error only error messages warning only warnings info only information messages debug only debug messages user defined User can define the search pattern in the entry field Filter Button Starts the filter Resets the search filter bere Time Wepmaier IMAP SMTP indexer Malarchwe Rules Bac kup AECH E Mamienance Tools Loga e EXTERNAL LOGS Enabled of Syslog Server 19216317515 Por 514 SHOW LOG Sense all F oameni Filter Mone T 00 beron schedulerf4193 boron axec rool CMD test x uerlib atun SS fusniblarun 00 boron scheduler4193 boron exec root CMD test e Aussihlarun SS Kssbtia
Download Pdf Manuals
Related Search