Postini Archiving Admin
description
Transcript of Postini Archiving Admin
Message ArchivingAdministration Guide
• Google Message Discovery
• Postini Message Archiving
2 Message Archiving Administration Guide
Google, Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043
www.google.com
Part number: PMAAG_643_32
February 24, 2012
© Copyright 2012 Google, Inc. All rights reserved.
Google, the Google logo, Google Message Filtering, Google Message Security, Google Message Discovery, Postini, the
Postini logo, Postini Perimeter Manager, Postini Threat Identification Network (PTIN), Postini Industry Heuristics, and
PREEMPT are trademarks, registered trademarks, or service marks of Google, Inc. All other trademarks are the property of
their respective owners.
Use of any Google solution is governed by the license agreement included in your original contract. Any intellectual property
rights relating to the Google services are and shall remain the exclusive property of Google, Inc. and/or its subsidiaries
(“Google”). You may not attempt to decipher, decompile, or develop source code for any Google product or service offering,
or knowingly allow others to do so.
Google documentation may not be sold, resold, licensed or sublicensed and may not be transferred without the prior written
consent of Google. Your right to copy this manual is limited by copyright law. Making copies, adaptations, or compilation works,
without prior written authorization of Google. is prohibited by law and constitutes a punishable violation of the law. No part of
this manual may be reproduced in whole or in part without the express written consent of Google. Copyright © by Google, Inc.
Postini, Inc. provides this publication “as is” without warranty of any either express or implied, including but not limited to the
implied warranties of merchantability or fitness for a particular purpose. Postini, Inc. may revise this publication from time to
time without notice. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions;
therefore, this statement may not apply to you.
GD Graphics Copyright Notice:
Google uses GD graphics.
Portions copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 by Cold Spring Harbor Laboratory. Funded under Grant P41-
RR02188 by the National Institutes of Health.
Portions copyright 1996, 1997, 1998, 1999, 2000 by Boutell.Com, Inc.
Portions relating to GD2 format copyright 1999, 2000 Philip Warner.
Portions relating to PNG copyright 1999, 2000 Greg Roelofs.
Portions relating to libttf copyright 1999, 2000 John Ellson ([email protected]).
Portions relating to JPEG copyright 2000, Doug Becker and copyright (C) 1994-1998, Thomas G. Lane.
This software is based in part on the work of the Independent JPEG Group.
Portions relating to WBMP copyright 2000 Maurice Szmurlo and Johan Van den Brande.
Permission has been granted to copy, distribute and modify gd in any context without fee, including a commercial application,
provided that this notice is present in user-accessible supporting documentation.
This does not affect your ownership of the derived work itself, and the intent is to assure proper credit for the authors of gd,
not to interfere with your productive use of gd. If you have questions, ask. “Derived works” includes all programs that utilize the
library. Credit must be given in user-accessible documentation.
3
This software is provided “AS IS.” The copyright holders disclaim all warranties, either express or implied, including but not
limited to implied warranties of merchantability and fitness for a particular purpose, with respect to this code and accompanying
documentation.
Although their code does not appear in gd 1.8.4, the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue
Software Corporation for their prior contributions.
Google Compliance Policies Notice:
Google assumes no responsibility in connection with the Compliance Policies lexicon-filtering feature, including any failure to
recognize credit card or social security numbers that do not follow an applicable pattern as established in Postini’s systems or
any failure to encrypt a credit card or social security number.
Contents 5
Contents
About This Guide.................................................................................................7
What This Guide Contains.....................................................................................7
Who This Guide Is for ............................................................................................7
Related Documentation .........................................................................................8
How to Get Support .............................................................................................10
How to Send Comments About This Guide .........................................................10
Chapter 1: Introduction.....................................................................................11
About Message Archiving ....................................................................................11
Why Archive Email Messages? ...........................................................................12
Features and Benefits..........................................................................................13
Message Archiving Editions.................................................................................15
Overview of Message Archiving Components .....................................................15
How Message Archiving Captures Email Messages ...........................................24
Message Archiving Security ................................................................................32
Message Retention and Deletion.........................................................................34
Continuation Events and Archiving......................................................................34
Disaster Recovery ...............................................................................................35
Maximum Message Size......................................................................................36
Requirements ......................................................................................................37
Chapter 2: Setting Up Message Archiving ......................................................39
About Setting Up Message Archiving ..................................................................39
Step 1. Ensure your Users are Registered with your Message Security Service 40
Step 2. Choose an Email Archiving Option..........................................................41
Step 3. Enable and Configure Outbound Service (Optional) ...............................42
Step 4. Set Up Your Organization Hierarchy (Optional) ......................................43
Step 5. Turn On Archiving ...................................................................................45
Step 6. Set Up Message Archiving for Journaling ...............................................47
Step 7. Grant Archiving Privileges to Your Users ................................................54
Chapter 3: Granting Message Archiving Privileges .......................................61
About Archive Privileges......................................................................................61
About Granting Message Archiving Privileges.....................................................62
Allow a User to Set Up Message Archiving .........................................................68
6 Message Archiving Administration Guide
Allow a User Full Access to the Corporate Archive .............................................69
Allow a User to Search the Corporate Archive ....................................................70
Allow a User to Manage Message Retention.......................................................71
Allow a User to View and Create Reports ...........................................................72
Allow a User to Restrict Searches .......................................................................73
Allow a User to Access the Personal Archive......................................................75
Appendix A: How To..........................................................................................79
Appendix B: Troubleshooting ..........................................................................81
Index ...................................................................................................................83
7
About This Guide
What This Guide Contains
The Message Archiving Administration Guide provides information about:
• How Message Archiving works
• Setting up Message Archiving for your message security service
• Granting Message Archiving privileges to other users
• Generating Message Archiving usage reports
This guide does not include information about using the Message Archiving
search panels, which you use to search for, view, and export archived messages;
or about creating archive audit reports. For this information, refer to the Message
Archiving User’s Guide. This document is also available on the Postini Support
Portal. For details, see “How to Get Support” on page 10.
Who This Guide Is for
This guide provides information for:
• Administrators of Google Message Discovery who have privileges to set up
Message Archiving
• Administrators of email servers, including Microsoft Exchange Server
This guide assumes that you are familiar with Google Message Discovery. For
details about using the features and components of that service, refer to the
Administration Guide for Message Discovery. This document is also available on
the Postini Support Portal. For details, see “How to Get Support” on page 10.
8 Message Archiving Administration Guide
Related Documentation
For additional information about Message Archiving and your message security
service, refer to the following related documents. These documents are available
on the Postini Support Portal. For details, see “How to Get Support” on page 10.
Document Description
Message Security Release
Notes
The latest information about new features in
this release, known issues, and resolved
issues.
Message Archiving Quick Start Instructions for quickly setting up and verifying
Inbound Archiving.
Message Archiving User’s
Guide
Instructions for searching for, viewing,
managing, and exporting archived email
messages. Also includes instructions for
creating archive-audit reports, which illustrate
user activity in the archive.
Message Archiving - Microsoft
Exchange Journaling
Configuration Guide For
Exchange Server 2000 and
2003
Message Archiving - Microsoft
Exchange Journaling
Configuration Guide For
Exchange Server 2007 and
2010
Instructions for setting up journaling on
Microsoft Exchange Server, which lets you
save copies of users’ incoming, outgoing, and
intradomain email messages and send them to
your archive.
Message Archiving - Lotus
Domino Journaling
Configuration Guide For
Domino Server 6.5.4 and up
Instructions for setting up journaling on Lotus
Domino Server, which lets you save copies of
users’ incoming, outgoing, and intradomain
email messages and send them to your
archive.
Personal Archive Quick Start
(PDF)
Instructions for using the Personal Archive.
You can distribute this guide to users to whom
you provide access to the Personal Archive.
This guide is also available in Microsoft Word
format on the Postini Support Portal. You can
use the Word version to customize the guide
for your users.
Message Security
Administration Guide
Instructions for setting up and administering
your message security service, including how
to set up your organization hierarchy, create
user accounts, grant privileges to users,
provide Message Center access to users,
configure junk email and virus filters, and
create reports.
9
Outbound Services
Configuration Guide
Step-by-step instructions for setting up your
network environment and mail server for
Outbound Services, an optional feature that
allows filtering of outbound messages.
Batch Reference Guide Instructions for using batch commands to
perform message security configuration tasks,
including creating, deleting, and modifying
organizations, users, domains, and aliases.
Document Description
10 Message Archiving Administration Guide
How to Get Support
You with several options for getting support for Message Archiving, including:
• Related documentation and FAQs
• A searchable knowledge base
• Support tools
• Email support
• Phone support
• Instructor-led and self-paced training
• Account management
To access support resources, go to the Postini Support Portal at:
https://support.postini.com
How to Send Comments About This Guide
We value your feedback. If you have comments about this guide, please send an
email message to:
In your email message, please specify the section to which your comment applies.
If you want to receive a response to your comments, ensure that you include your
name and contact information.
Chapter 1
Introduction 11
Introduction Chapter 1
About Message Archiving
Welcome to Message Archiving, an easy-to-deploy solution for storing electronic
communications for the purposes of data retention, regulatory compliance, and
legal discovery. Message Archiving can capture all email messages that users on
your network send and receive, and store them in a central corporate archive.
Authorized users can then retrieve stored messages at any time, using
comprehensive search options, and export them to files or to their email inboxes.
Moreover, you can optionally provide each user with access to the Personal
Archive, which lets a user search for, view, and export only his or her archived
email messages.
Message Archiving integrates with your Message Discovery service, a service
that filters junk and virus-infected email messages before they reach your
network.
As part of your managed Message Discovery service, Message Archiving requires
no additional hardware or software on your network, so you can streamline the
storage of all your inbound, outbound, and internal electronic communications.
And because it works with the junk-email and virus filters of your Message
Discovery service, Message Archiving stores only legitimate messages, saving
storage space and reducing the time required to retrieve specific messages from
the archive.
12 Message Archiving Administration Guide
Why Archive Email Messages?
Your company may have several reasons for archiving email messages. The
following are some of the most common reasons for establishing a message
archiving policy:
• Business continuity and disaster recovery: Organizations require secure
long-term storage of email communications, which have become key
business assets. With an archiving solution, an organization can continue to
access its complete message record even when its mail servers or local data
systems become unavailable.
• Regulatory and compliance requirements: Governmental agencies, such
as the U.S. Securities and Exchange Commission (SEC) and other regulatory
organizations, have established requirements for message retention,
accessibility, and security. To be in compliance, organizations must establish
archiving systems to retain electronic communications and assure that
requested materials can be retrieved and presented in a timely manner.
• Legal discovery and investigations: Organizations must be able to retrieve
relevant messages in the event of legal discovery, audits, and business or
personnel investigations. An archiving solution assures that evidentiary-
quality records are systematically stored in a central repository, and with
security in place to guard against issues of tampering.
• Storage management: As the volume of messages continues to increase, an
archiving solution lets organizations offload message storage from their
corporate servers. This reduction in stored messages helps to ensure that
server performance is maintained, minimizes storage costs, and greatly
simplifies restore operations in the event of a server failure.
Introduction 13
Features and Benefits
Message Archiving provides a complete solution for message capture, secure
storage, search and discovery, and archive management and access.
Feature Benefits
Email capture
and archiving
• Captures all inbound, outbound, and intradomain
(internal) email messages and attachments and
stores them in a central, corporate archive.
• Integrates with your message security service,
filtering to ensure that only legitimate email is
archived. Your message archive remains free of junk
mail and virus-infected messages.
• Automatically archives any email messages that
users or administrators view or deliver from
quarantine.
• Automatically accepts encrypted messages if your
email server uses TLS (Transport Layer Security).
Storage and
business
continuity
• Provides long-term storage of archived messages.
• In the event that your email server is unavailable,
archives inbound messages before they are spooled.
• Automatically deletes messages at the end of the
month after their retention period has expired.
• Supports holding messages beyond their retention
periods.
Search and
discovery
• Allows authorized users to search for, view, and
export messages in the archive, using a Web-based
interface.
• Provides robust search options with which users can
search for messages based on date range, sender,
recipient, subject, content, or file attachments.
Message export • Forwards archived messages to an email address.
• Saves archived messages to an industry-standard
MBOX or PST file. The MBOX format is supported by
other search and management tools, such as
litigation support systems. You can import PST files in
Outlook, or open unencrypted PST files in text or
hexidecimal editors.
14 Message Archiving Administration Guide
Investigations
management
Standard,
Professional, and
Google Message
Discovery editions
• Allows users to set up investigations that organize
and save search criteria and search results for
specific topics.
• Includes an option to place a litigation hold on saved
results to prevent them from being purged when their
retention periods expire.
• Allows an administrator to restrict the scope of an
investigator’s search to a specific set of senders and
recipients.
• Allows a user to transfer saved search criteria and
results to another Message Archiving user.
Message
retention and
purging
Standard,
Professional, and
Google Message
Discovery editions
• Place a litigation/investigation hold on messages.
• Manually purge unneeded messages from your
archive.
• Set automatic purging on or off.
Audit reports
Optional feature
• Allows authorized users to create, view, and export
detailed reports of any user’s activities in the archive,
including the search criteria the user entered and
which messages the user viewed in the corporate
archive or the Personal Archive.
• Shows authorized users a list of all archive users who
accessed a specific archived message, including the
dates and times of access.
Management and
configuration
• Provides flexible, policy-based configuration options
with which you can include or exclude archiving for
specific organizations within your enterprise.
• Allows you to control which users can configure, view,
and search the archive.
• Reports archive traffic and usage.
Personal Archive
Standard,
Professional, and
Google Message
Discovery editions
• Long-term storage solution, accessible in Message
Center.
• Lets users search for, view, print, and export their own
email messages.
• Improves email-server efficiency by allowing
administrators to reduce storage quotas on those
servers.
Feature Benefits
Introduction 15
Message Archiving Editions
Postini Message Archiving is available as a standalone product, and as part of
Google Message Discovery. Each version offers the following features:
• User access to Personal Archive
• Web-based access to corporate archive
• Message retention/purge management
• Investigation management
• Usage, archive, and audit reports
• Option to forward archived messages to your inbox as attachments
• Option to export archived messages as MBOX of PST files
• Redundant (backup) storage
You can purchase the following services:
Message Consolidation service (add to any edition)
Consolidates your legacy messages from multiple platforms, data stores, and
media types, so you can centralize management and discovery of archived data.
This service also lets you apply more-consistent retention policies across your
stored message data. For information about this service, or to purchase it, contact
your Postini account manager.
Overview of Message Archiving Components
The following provides an overview of the primary components of Message
Archiving.
Message Capture and Storage
Message Archiving can capture and store email messages, including any file
attachments, that users on your network send or receive.
Legacy message
archiving
Optional feature
• Lets you merge email messages stored on other
systems and media types with your Postini archive.
• Centralizes management and discovery of archived
data.
Note: Requires the Message Consolidation service.
Feature Benefits
16 Message Archiving Administration Guide
For details about how Message Archiving captures messages for archiving, see
“How Message Archiving Captures Email Messages” on page 24.
Introduction 17
Setup Options
You can set up Message Archiving to establish archiving polices for users, and to
grant access to the corporate archive and the Personal Archive. Because
Message Archiving settings are integrated with your Message Discovery service,
you access them through the Administration Console.
You use the following Message Archiving Settings page to turn on email archiving
for any user organization in your organization hierarchy, and to set the retention
period for archived messages.
You have two options for archiving users’ email messages:
• Inbound/outbound archiving: Stores all email messages that users receive
from and, optionally, send to addresses outside your network (all incoming
and, optionally, outgoing messages).
Inbound archiving requires no additional setup on your email server.
If you want to archive outbound email, however, you must also configure the
outbound services for your message security service. For details, see the
Outbound Services Configuration Guide.
• Journal archiving: Stores all incoming and outgoing email messages, as
well as all intradomain (internal) messages. To use this option, you must set
up your email server to journal (record copies of) users’ email messages and
send them to Message Archiving.
18 Message Archiving Administration Guide
For details about configuring journaling on Microsoft Exchange Server, refer
to:
• Microsoft Exchange Journaling Configuration Guide For Exchange Server
2000 and 2003
• Microsoft Exchange Journaling Configuration Guide For Exchange Server
2007 and 2010
For details about configuring journaling on Lotus Domino Server, refer to:
• Message Archiving - Lotus Domino Journaling Configuration Guide For
Domino Server 6.5.4 and up
You can also set the number of months that messages are archived for an org, up
to your maximum contracted retention period.
Message Indexing
Before a message enters the archive, Message Archiving indexes of the
keywords (significant or meaningful words) in all parts of the message, including
the body text, Subject line, and headers. It also indexes keywords in most types of
file attachments that include text, such as Microsoft Office documents, PDF files,
text files, and HTML pages. Message Archiving does not, however, index
common words such as articles (for example, the, that, and an), prepositions (for
example, to, in, and on), and conjunctions (for example, and, or, and so).
A message’s index is a map of its content, and specifies in which part of the
message each keyword appears, for example, in the body, Subject line, To or
From field, headers, or attachments.
When you initiate a search, Message Archiving checks the indexes for matches to
the keywords you enter rather than checking the full contents of each message
and attachment identified by your criteria, thereby reducing the retrieval time.
Introduction 19
Search and Discovery Options
Depending on privileges, users have access to either the Search tab or the
Discovery tab. Both tabs include search panels with which users can search for
archived messages, and display search results.
Search Tab
This Search tab provides authorized users with tools to search for, view, print, and
export messages in your corporate archive. The following figure shows the
Search tab:
For details about using the Search tab, refer to the Message Archiving User’s
Guide.
20 Message Archiving Administration Guide
Discovery Tab
The Discovery tab provides the same features as the Search tab, with the
additional options to set up investigations to save and organize search criteria and
results for specific topics. The following figure shows the Discovery tab:
For details about using the Discovery tab, refer to the Message Archiving User’s
Guide.
Search Panels
Both the Search tab and the Discovery tab include the following search panels, on
which users can enter criteria to retrieve archived messages:
• Email Search panel: Provides fields that let users enter criteria to find
archived email messages.
• Boolean Search panel: Lets users enter their own query strings, using the
Apache Lucene query syntax. This syntax supports Boolean operators,
wildcards, fuzzy matches, and proximity matches, allowing users to create
more-complex or targeted search queries.
Introduction 21
The following figure shows the Email Search panel:
Search Results
Once a user retrieves messages from the archive, search results appear in the
page. For example:
For details about using the Message Archiving search panels, refer to the
Message Archiving User’s Guide.
22 Message Archiving Administration Guide
Retention Tab
The Retention tab lets you manage the retention and deletion of messages from
your corporate archive. Use the Retention tab to:
• View a monthly list of messages that are on extension beyond the expiration
of their retention periods. The list indicates the month in which the messages
were archived.
Messages are on extension when their retention periods have expired but
they have not been deleted because you have turned off auto-purging.
• View how many of the messages on extension are also on hold (not available
to purge).
• Purge messages from the archive that are not on hold.
• View the history of when and by who messages were purged.
• View contact information for investigators who have placed messages on
hold.
• View the number and overall size of the messages placed on hold by each
investigator.
For complete details about using the Retention tab, refer to the Message
Archiving User’s Guide.
Introduction 23
Reports Tab
The Reports tab provides four different types of reports:
• Storage Overview An overview of mail flow, and current and historical
archive storage
• Storage Reports A month-by-month listing of the number and overall size of
archived messages and messages on extension
• Purge History A list of purge events
• Audit Reports Information about user activity in the archive
For complete details about using the Reports tab, refer to the Message Archiving
User’s Guide.
Usage Reports
You can monitor archiving activity in usage reports, which are available in the
Administration Console. These reports provide information about the number of
messages in your archive and how much storage space they occupy per domain
or user account. You can also obtain a log that provides information about which
users accessed the archive. For more information, refer to the Message Archiving
User’s Guide.
24 Message Archiving Administration Guide
Personal Archive
Optional feature
The Personal Archive is a user-level subset of the corporate archive. It provides a
user with Web-based access to only his or her archived email messages.
Users can access their archives at any time to recover (export) messages that
were lost or deleted from your email server, or to read their messages when your
server is unavailable.
Because users no longer need to store their email messages on your email server
for long periods, the Personal Archive can improve the performance of your server
and reduce the time required to recover from a server outage.
You can select which users have access to the Personal Archive. With access, the
Archive tab appears in a user’s Message Center, as shown in the following figure:
For more information about Message Center and how to provide user access,
refer to the Message Security Administration Guide.
How Message Archiving Captures Email Messages
The following overview describes how messages flow through your message
security service, and how Message Archiving captures and stores them in the
archive.
Methods of Archiving Email Messages
Email messages enter the archive differently, depending on which archiving
option you set up for your company: inbound/outbound archiving or journal
archiving.
Introduction 25
Inbound/Outbound Archiving
If you set up the inbound/outbound archiving option, Message Archiving stores
only the email messages that users receive from and, optionally, send to others
outside your network. Internal-only, or intradomain, messages, which do not leave
your network, are not archived.
Use inbound/outbound archiving if any of the following are true:
• You want to archive only messages that users receive from or, optionally,
send to others outside your network. For example, this option is appropriate if
you need to archive only communications between your organization’s
employees and your customers.
• You use the Outbound services for the message security service to enforce
policies, and you want to archive messages after the policies are enforced.
For example, if you set up your Outbound services to append a disclaimer on
all outgoing messages, using inbound/outbound archiving ensures that
archived messages contain the disclaimer.
• The email messaging environment for your network does not provide a
journaling option.
Note:
• For details about setting up the Outbound services, see the Outbound
Services Configuration Guide.
• You can archive messages in a catchall account. Those messages, however,
are not available in the Personal Archives of individual users whose mail ends
up in the catchall account. If you start archiving messages for those users
outside the catchall account, their messages are available in the Personal
Archives only after the switch from the catchall account to individual accounts.
• If you delete and then add back the same user in your message security
service, messages for that user are available in the Personal Archive only
from the point at which you add back the user.
Journal Archiving
Journaling is a mechanism by which your email server records copies of all email
messages that users on your network send or receive. If you set up the journal
archiving option, Message Archiving receives copies of journaled email messages
from your email server, and then stores them in the archive. These email
messages include:
• Messages that users send to and receive from others outside your network
• Internal-only, or intradomain, messages, which do not leave your network
26 Message Archiving Administration Guide
Use journal archiving if both of the following are true:
• You want to archive all inbound, outbound, and intradomain email messages
for users.
• Your email server provides a journaling option.
Note:
For details about configuring journaling on Microsoft Exchange Server, refer to:
• Microsoft Exchange Journaling Configuration Guide For Exchange Server
2000 and 2003
• Microsoft Exchange Journaling Configuration Guide For Exchange Server
2007 and 2010
For details about configuring journaling on Lotus Domino Server, refer to:
• Message Archiving - Lotus Domino Journaling Configuration Guide For
Domino Server 6.5.4 and up
If you delete and then add back the same user in your message security service,
messages for that user are available in the Personal Archive only from the point at
which you add back the user.
General Message Flow for Message Security Service
Inbound email messages, and optionally outbound email messages, flow through
your message security service, which resides in a Postini data center. As the
message security service filters your incoming email, it quarantines suspicious
messages, and then delivers legitimate messages to your email server. The
following figure shows the message flow through your message security service.
With the addition of Message Archiving, you can archive messages for users in
one or more user organizations in your organization hierarchy.
Introduction 27
The process by which users’ email enters the archive differs, however, depending
on whether you choose to use inbound/outbound archiving or journal archiving.
Message Capture for Inbound/Outbound Archiving
If you use inbound/outbound archiving, rather than journal archiving, Message
Archiving automatically captures, stores, and indexes legitimate inbound and,
optionally, outbound messages as they flow through your message security
service. The following figure shows an overview of how Message Archiving
captures inbound and outbound messages.
How Inbound Messages Are Archived
When the message security service receives an inbound message, it filters the
message if the recipient is a registered user (has an account on the service).
If the message for a registered user is not blackholed, bounced, or quarantined as
a result of filtering, or if the recipient is not a registered user, then the service
attempts to deliver the message to your email server. If your email server confirms
that the recipient is valid, it sends a 250 response code to your message security
service.
If the recipient is valid and has an account on your message security service,
Message Archiving archives the message only if the account resides in a user
organization for which archiving is turned on. (You can determine which users in
your message security service have messages archived by assigning them to
different organizations.)
If the recipient is valid and messages are archived for that account, but your mail
server rejects the message for some reason after it was filtered by the message
security service, then the message is still archived even though it was never
delivered to the recipient. In this case, the message security service relays the
response from the recipient server to the sending server.
If the recipient is valid but does not have an account on your message security
service, Message Archiving does not archive the message.
28 Message Archiving Administration Guide
If a message includes registered and non-registered addresses, the message is
archived for only the registered users for whom archiving is turned on.
After the message is archived, the message security service sends the sending
server a reply code to confirm that the message was delivered.
Blackholed and Bounced Messages
Message Archiving does not store any incoming messages that the message
security service blackholes (deletes) or bounces back to the sender.
Quarantined Inbound Messages
Message Archiving does not store any incoming messages that the message
security service quarantines. However, if a user or administrator either views a
message in a quarantine or delivers it to his or her inbox, Message Archiving then
stores the message in the archive.
User Aliases, Domain Aliases, and Domain Substripping for Inbound Messages
Message Archiving stores any inbound messages addressed to the following
types of alternate addresses if your message security service is set up to process
them:
• User aliases: For example, if a user has a primary email address
[email protected] and an alias address [email protected], Message
Archiving stores any inbound messages sent to either address.
• Domain aliases: For example, if your domain is jumboinc.com, and you set
up the domain jumboinc.net as its alias, Message Archiving stores any
inbound messages sent to either [email protected] or
• Domain substripping: For example, if your domain is jumboinc.com and you
have a subdomain sales.jumboinc.com, Message Archiving stores any
inbound messages sent to either [email protected] or
For more information about aliases and domain substripping, refer to the
Message Security Administration Guide.
Duplicate Message Handling for Inbound Messages
• If someone outside your network sends an incoming message to multiple
recipients on your network, Message Archiving stores a single copy of the
message.
• In the rare case that someone outside your network must re-send a message
to a user because the message security service was unavailable, Message
Archiving stores only a single copy of the message.
Introduction 29
How Outbound Messages Are Archived
Note: Outbound messages are archived only if you enable and configure the
Outbound service for your message security service. For details about setting up
the Outbound services, see the Outbound Services Configuration Guide.
After your message security service processes an outbound message and
determines that it adheres to your corporate policies, Message Archiving archives
the message for the sender if the sender belongs to a user org for which archiving
is turned on, and if the message is delivered to at least one recipient mail host.
Quarantined Outbound Messages
If your message security service determines that an outbound message does not
adhere to corporate policies and places it in the outbound quarantine, Message
Archiving archives the messages only if an administrator either views the
message or delivers it.
Bounced Outbound Messages
When a receiving server bounces an outbound message—for example, if it was
sent to an invalid address—Message Archiving stores both the bounced message
and the original message. Because both messages are stored, a record of the
attempted delivery can be retrieved from the archive if necessary.
Encrypted Outbound Messages
If your email server encrypts outgoing messages using TLS (Transport-Layer
Security), Message Archiving accepts the encrypted messages.
Duplicate Message Handling for Outbound Message
If a user sends an outgoing message to multiple recipients, Message Archiving
stores a single copy of the message.
30 Message Archiving Administration Guide
Message Capture for Journal Archiving
When you configure your email server for journaling, your server records a copy
of, or journals, all inbound, outbound, and intradomain messages for the users
you specify, and stores those messages in a special mailbox on your email server
or a separate journaling email server. The server then automatically forwards the
messages to your archive. The following figure shows an overview of how
Message Archiving captures email messages for journal archiving.
As Message Archiving receives journaled messages from your email server, it
checks their sender and recipient addresses. It then indexes and archives only
those messages (including attachments) that were either sent or received by
users who have accounts in an organization for which you turned on archiving. If a
user does not have an account on your message security service, Message
Archiving does not archive journaled messages for that user.
User Accounts and Journal Archiving
When you turn on archiving for an organization, Message Archiving immediately
begins to archive journaled email messages for existing users in that organization.
If you add users to an archiving-enabled organization using batch commands,
Directory Sync or Web Autocreate, or directly through the Administration Console,
Message Archiving starts to archive their messages as well. With Automatic
Account Creation, though, provisional users’ journaled messages are not archived
until your message security service promotes those users to registered users.
Blackholed or Bounced Messages
If the message security service blackholes (deletes) or bounces back (returns) to
the sender any incoming messages, your email server does not journal them.
Therefore, these messages are not archived.
Introduction 31
Quarantined Inbound Messages
If your message security service quarantines an incoming message, your email
server does not journal that message, and that message is not archived.
However, if a user or administrator views a message in a quarantine without
delivering it to his or her inbox, Message Archiving then captures the message
directly and stores it in the archive. If a user or administrator delivers a
quarantined message to his or her inbox, your email server journals the message
normally and sends it to the archive. Note that if a user or administrator first views
the message and then delivers it, Message Archiving stores only one copy of that
message.
WARNING: Keep in mind that if you view or forward mail from the junk quarantine,
then that junk mail is archived.
You cannot view or forward mail from the virus quarantine.
Quarantined Outbound Messages
Your email server journals all outbound messages before they reach the Postini
data center. Therefore, if you use Postini Outbound Services, and a user’s
outbound message is quarantined, Message Archiving still receives a copy of the
journaled message from your email server and archives it. If an administrator
views or delivers the quarantined message, another copy of the message is
archived.
WARNING: Keep in mind that if you view or forward mail from the junk quarantine,
then that junk mail is archived.
You cannot view or forward mail from the virus quarantine.
Duplicate Journaled Messages
In most cases, your email server journals only one copy of a message. For
example, Microsoft Exchange Server journals only one copy a message that a
user sends to multiple recipients or that multiple users receive. For details about
duplicate message handling during the journaling process, refer to your email
server’s documentation and support resources.
If you set up journaling on two or more email servers, multiple servers might
journal a separate copy of the same message. To handle these cases for
Exchange Servers, Message Archiving includes a feature called Exchange
Duplicate Suppression. With this feature, Message Archiving parses all journals
before storing the messages in the archive. To suppress duplicates, an
Exchange-journal fingerprint, based on the the information received in each
journal (including the original message binary, and the ordered list of sender &
recipients), is taken during indexing, and this fingerprint is stored as metadata in
the index.
When a query is issued for a customer with Exchange Duplicate Suppression
enabled, the Message Archiving service identifies the messages with identifical
fingerprints and returns only one result for the messages determined to be exact
duplicates. The duplicate messages do not appear in search results, nor in
exported results sets.
32 Message Archiving Administration Guide
To implement Exchange Duplicate Suppression, contact Support or your reseller.
How Quickly Are Email Messages Archived?
In most cases, Message Archiving typically stores an email message in the
archive within about 30 minutes after a user sends or receives it. However, the
time can be longer, depending on whether the message contains file attachments,
and the size of those attachments. Moreover, if you use the journal archiving
option, messages must be journaled by your email server before they are
archived, potentially increasing the time before they enter the archive.
Message Archiving Security
As a component of the message security service, Message Archiving provides
highly secure access, connections, and storage. In addition, if you use the journal
archiving option, Message Archiving keeps the connection between your server
and archive secure.
Access Security
With Message Archiving, you have a high level of control over which users can
configure and view the corporate message archive and which users have access
to the Personal Archive.
Access to Archive Configuration Options
Administrators of your message security service who have the Message
Archiving privilege in their authorization records have access to the Message
Archiving configuration options. These administrators can turn on archiving and
set options only for the user organizations for which they have administrative
control. They can also grant the Message Archiving privilege to other users in
their organizations.
Access to the Corporate Archive
Because your corporate message archive may contain sensitive or private
information, you can strictly control which users have access. During the Message
Archiving activation process, you can designate a single user to have access to
the archive. If this user is also an administrator with the ability to grant privileges,
he or she can grant search privileges to other users. If the user is not also an
administrator, and you later want to allow other users to search the archive, you
can request this access by contacting Postini Customer Care (if you are a direct
customer) or your reseller. For details, see “About Archive Privileges” on page 61.
Introduction 33
The account password for a user who has authorization to search the archive
must meet the same strict requirements as those for administrators’ passwords. If
a user’s password does not meet these requirements, your message security
service automatically prompts the user to change his or her password before
logging in to Message Archiving. For more information about administrator
password requirements, refer to the Message Security Administration Guide.
Access to the Personal Archive
Users access the Personal Archive in Message Center. Each user’s account in
Message Center is password protected and accessible only to that user.
Connection Security
Both Message Archiving and the Administration Console use SSL to encrypt user
name and password information. In addition, all pages in Message Archiving and
the Administration Console are 128-bit encrypted and HTTPS secured.
Archive Storage Security
Message Archiving processes your company’s electronic messages in
geographically-distributed primary and secondary (backup) data centers. Each
data center is located in a physically secured facility with SAS-70 certification, is
serviced by a Tier-1 or better network provider, and contains multiple layers of
redundancy for network connectivity and power.
During the processing of a message, indexing servers create an index for the
message, and then store the index on multiple devices. When the message
processing has finished, the message is then written to at least two separate
geographical locations.
Journal Archiving Security
If you use the journal archiving option, Message Archiving generates a private
email address for your corporate archive. In addition, when setting up Message
Archiving for journaling, you must specify an access control list (ACL) that tells
Message Archiving the IP addresses of email servers from which it can accept
incoming journaled messages. The combination of access control and private
archive address prevents malicious senders from sending messages to your
archive.
To further enhance security for journal archiving, you can use TLS (Transport-
Layer Security) encryption. If the email server that forwards journaled messages
to your archive uses TLS encryption, Message Archiving automatically accepts
the encrypted messages. It then decrypts the messages before storing them in
the archive.
34 Message Archiving Administration Guide
Message Retention and Deletion
You specify the maximum retention period for your messages when you purchase
Message Discovery. Message Archiving can retain messages for periods of up to
10 years. You set a separate retention period up to that maximum for each user
org. The flexibility to set retention periods on a per-org basis lets you tailor
message retention to the needs of various user groups.
You can retain messages longer than your retention period if you turn off Auto-
purge (see below).
The Message Archiving Settings page for an organization indicates the retention
period. For information about setting the retention period for an organization, see
“Step 5. Turn On Archiving” on page 45.
You can use the Auto-purge option to have Message Archiving automatically
delete messages at the end of the month in which their retention periods expire
(Auto-purge ON), or you can choose to manually purge messages from the
archive (Auto-purge OFF). You can also place a hold on saved search results,
which temporarily halts automatic message deletion. This option may be useful
during an investigation or notice of litigation.
You can use the Retention tab to turn the Auto-purge function on and off, and to
manually purge messages from the archive. For more information, see the
Message Archiving User’s Guide.
Note: You cannot delete messages from your corporate archive before their
retention periods expire or if they are on hold beyond their retention periods.
Continuation Events and Archiving
If a continuation event occurs (failover to the secondary data center), Message
Archiving continues to process and archive messages as usual. However, during
a full continuation event, some features are not available, as the following table
describes. For more information about continuation events, refer to the Message
Security Administration Guide.
Feature
Available during mailflow
continuation event?
Available during full
continuation event?
Message
capture and
storage
Yes. Message Archiving
continues to archive email.
Yes. Message Archiving
continues to archive email.
Message
indexing
Yes. Message Archiving
updates the message
indexes as usual.
Yes. Message Archiving
updates the message indexes
as usual.
Introduction 35
Disaster Recovery
If you have set up automatic spooling for your message security service, and your
email server experiences an outage, the following occurs:
• If you set up inbound/outbound archiving, Message Archiving stores all
legitimate inbound messages before they are spooled. In this case, while your
email server is still down, you can view these inbound messages in the
corporate archive, and users can view their own messages in the Personal
Archive. Outbound messages are archived only if you are using the outbound
service and your outbound email server is able to send messages to the
message security service.
• If you set up journal archiving, once your email server is back up, it will
receive the spooled messages, journal them, and send them to your archive.
During your server outage, however, messages are not archived because
your server is unable to send journaled messages to the archive.
For more information about the spooling feature of your message security service,
refer to the Message Security Administration Guide.
Search or
Discovery tab
Reports tab
Yes. Users with Archive
Search privilege can use
the Search tab or
Discovery tab (depending
on the options included
with your Message
Archiving service).
Users with the Archive
Search, Archive Discovery,
Archive Audit, or Archive
Retention privilege can
use the Reports tab and
the corresponding reports.
No. Attempts to log in to
Message Archiving return a
message indicating that
access is temporarily
unavailable.
Message
Archiving
settings
Yes. Administrators can
edit settings.
No. Settings are active, but
administrators cannot edit
them.
Archiving
reports
Yes. Message Archiving
continues to update report
data for the following day’s
report. Administrators can
view reports.
No. Message Archiving
continues to update report
data for the following day’s
report. However,
administrators cannot view
reports.
Feature
Available during mailflow
continuation event?
Available during full
continuation event?
36 Message Archiving Administration Guide
Maximum Message Size
Message Archiving supports a maximum message size of 200 MB. This maximum
size is the total for the message and any attachments. However, the maximum
size for a message that can be archived may be lower, depending on the setting
for the Inbound Attachment Manager Message Size filter for your message
security service.
For example, if the Message Size filter for Inbound Attachment Manager is set to
50 MB, Message Archiving will not store messages over 50 MB.
Note: The Inbound Attachment Manager Message Size filter affects all messages
sent to Message Archiving for storage, including inbound, outbound, and internal-
only (intradomain) messages. Other Inbound Attachment Manager filter settings
do not affect acceptance of messages into the archive.
The default setting for Inbound Attachment Manager Message Size filter is 200
MB. For more information about setting this filter for Inbound Attachment
Manager, refer to the Message Security Administration Guide.
Introduction 37
Requirements
The following table lists the requirements for Message Archiving. For more
information on supported configurations and platforms, please contact your
account manager.
Service
configurations
• Message Discovery
Email server platforms
for journaling
• Microsoft Exchange 2007 and 2010 Standard &
Enterprise Editions
• Microsoft Exchange 2003 Standard & Enterprise
Editions
• Microsoft Exchange 2000 Standard & Enterprise
Editions
• Microsoft Windows Small Business Server
• Lotus Domino 6.5.4 to 8.0.2
For the complete list of requirements for Microsoft
Exchange Server, refer to:
• Microsoft Exchange Journaling Configuration
Guide For Exchange Server 2000 and 2003
• Microsoft Exchange Journaling Configuration
Guide For Exchange Server 2007 and 2010
For details about configuring journaling on Lotus
Domino Server, refer to:
• Message Archiving - Lotus Domino Journaling
Configuration Guide For Domino Server 6.5.4
and up
Browser for access to
Message Archiving
• Microsoft Internet Explorer 6.x and 7.x on
Windows XP
• Mozilla Firefox 1.5.x on Windows XP
• Mozilla Firefox 1.5.x on Redhat Linux
• Safari 1.3.x on Mac OS X
Chapter 2
Setting Up Message Archiving 39
Setting Up Message Archiving Chapter 2
About Setting Up Message Archiving
To store email messages in your archive, you need to set up Message Archiving
on your Message Discovery service. The following table summarizes the steps to
set up Message Archiving:
Step Description
Step 1. Ensure your Users
are Registered with your
Message Security Service
Make sure the users for whom you want to
archive messages are registered with your
message security service.
Step 2. Choose an Email
Archiving Option
Determine which type of email archiving you
want to set up: journal or inbound/outbound or
archiving.
Step 3. Enable and
Configure Outbound
Service (Optional)
If you choose the inbound/outbound archiving
option, configure your Outbound service if you
have not already done so.
Step 4. Set Up Your
Organization Hierarchy
(Optional)
Choose which users’ messages you want to
archive, and optionally set up or rearrange your
organization hierarchy.
Step 5. Turn On Archiving Turn on archiving for your message security
service at the user organization level, and select
archiving options, including retention period.
40 Message Archiving Administration Guide
Note:
If you chose the journal archiving option for email messages, you must also set up
journaling on your email server.
For details about configuring journaling on Microsoft Exchange Server, refer to:
• Microsoft Exchange Journaling Configuration Guide For Exchange Server
2000 and 2003
• Microsoft Exchange Journaling Configuration Guide For Exchange Server
2007 and 2010
For details about configuring journaling on Lotus Domino Server, refer to:
• Message Archiving - Lotus Domino Journaling Configuration Guide For
Domino Server 6.5.4 and up
Step 1. Ensure your Users are Registered with your Message Security
Service
In order to archive email for a user, that user must be registered with your
message security service.
Step 6. Set Up Message
Archiving for Journaling
If you chose the journal archiving option, set up
Message Archiving on your message security
service to accept incoming journaled messages
from your email server.
Turn on archiving alerts so the system can keep
you apprised of any anomalies with journaled
messages reaching the archive.
To complete this step, you need the IP address
or address range for your email servers.
You also need to set up journaling on your email
servers.
Step 7. Grant Archiving
Privileges to Your Users
Once you have set up the type of archiving you
want to provide for your organization, you then
need to grant archiving privileges to your users
so they can access and manage the archive, and
run the necessary reports.
Step 7. Search the
Archive, Manage Message
Retention, Run Reports
After you grant archiving privileges to your users,
they can (depending on their privileges) search
the archive, set up investigations, manage
message retention, and run reports.
Step Description
Setting Up Message Archiving 41
You can use Google Apps Directory Sync for Message Security to synchronize
the user directory on your LDAP server with your message security service. For
more information, see:
Google Apps Directory Sync Administration Guide
Note: You can also add users manually by following the instructions in:
Message Security Administration Guide
Step 2. Choose an Email Archiving Option
Message Archiving provides two options for archiving email messages: journal
archiving and inbound/outbound archiving:
Archiving Option Description
Journal archiving Captures all email messages that flow into and out
from your organization, as well as all messages that
users send to each other within your network. With
this option, Message Archiving does not capture
messages directly; instead, it archives messages
that your email server records through its journaling
option.
To archive journaled messages, you must set up
journaling on your email server. Once you complete
this task, your email server journals (records a copy)
all email messages that users send or receive, and
then forwards those messages to Message
Archiving. Note that these operations can impact the
performance of your email server and network.
For an overview of how messages flow into your
archive for journal archiving, see “Message Capture
for Journal Archiving” on page 30.
Note: You cannot use journal archiving if you are a
Google Apps customer. Google Apps Email does not
provide an option to journal messages. If you are a
Google Apps customer, use the Inbound/Outbound
option described below.
42 Message Archiving Administration Guide
WARNING: If you use both journal and inbound/outbound archiving, Message
Archiving stores two copies of each inbound and outbound message: one copy is
captured during the journaling process on your email server, and the other copy is
captured as it flows through your message security service.
Step 3. Enable and Configure Outbound Service (Optional)
If you choose the inbound/outbound archiving option, and you want to archive
email messages that users send to addresses outside your network, ensure that
the Outbound service is enabled and configured for your message security
service. The Outbound service must be set up for the email configuration
associated with the user organization for which you want to turn on archiving. For
details about using the Outbound service, refer to the Message Security Service
Administration Guide.
If you are a Google Apps Premier Edition customer who has activated your Postini
services, your outbound gateway is already configured. To confirm, open the
Google Apps Control Panel, click the Service Settings tab, and check the entry
under Outbound gateway. When you upgrade your service to include Google
Message Discovery, your message security service is updated to include the
same information on the Outbound Servers tab in the Postini Administration
Console. In this case, you do not have to enable and configure the Postini
Outbound Service.
For more information about activating your Postini services, see the Activation
Guide.
Inbound/Outbound
archiving
Captures messages sent from outside your network
to users in your network.
Optionally, captures messages that users send to
addresses outside your network if you enable and
configure the Outbound service for your message
security service. This option, however, does not
capture messages that users send within your
network.
Note: If you are a Google Apps customer, use this
option.
For an overview of how messages flow into your
archive for inbound/outbound archiving, see
“Message Capture for Inbound/Outbound Archiving”
on page 27.
Archiving Option Description
Setting Up Message Archiving 43
Step 4. Set Up Your Organization Hierarchy (Optional)
Before you turn on archiving, determine the users for whom you want to archive
email messages. Because you must turn on archiving at the user organization
(org) level of your organization hierarchy—not the user account level—you may
need to reorganize your organization hierarchy. How you reorganize your
hierarchy depends on whether you are using journal archiving or inbound/
outbound archiving.
Note:
• Regardless of the number of organizations in your hierarchy, Message
Archiving stores all messages in one corporate archive.
• You can archive messages in a catchall account. Those messages, however,
are not available in the Personal Archives of individual users whose mail ends
up in the catchall account. If you start archiving messages for those users
outside the catchall account, their messages are available in the Personal
Archives only after the switch from the catchall account to individual accounts.
• If you delete and then add back the same user, messages for that user are
available in the Personal Archive only from the point at which you add back
the user.
• For details about setting up organization hierarchies, refer to the Message
Security Service Administration Guide.
Set Up Your Hierarchy for Inbound/Outbound Archiving
Inbound/outbound archiving captures received and sent messages for users on
your network who do not have accounts on your message security service. All
inbound messages that your server accepts for your domain are captured, and all
outbound messages from your email server are captured.
Once you create accounts on your message security service, however, the
following rules apply to those accounts:
• To archive messages for only specific users: Create accounts for those
users on your message security service, and then add those accounts to user
organizations for which archiving is turned on.
• To prevent archiving for only specific users: Create accounts for those
users on your message security service, and then add those accounts to user
organizations for which archiving is turned off.
• To archive messages for all users: Turn on archiving for all user
organizations in your organization hierarchy. You do not need to reorganize
the hierarchy.
Note: If you turn on Non-Account Bouncing for your message security service,
you must create user accounts for all the email accounts that exist on your email
server. Any incoming messages addressed to recipients without user accounts on
your message security service are bounced and therefore not archived.
44 Message Archiving Administration Guide
Set Up Your Hierarchy for Journal Archiving
If you use the journal archiving option, Message Archiving stores journaled
messages only for users who have accounts on your message security service,
and only if those accounts reside in a user organization for which you turned on
archiving.
• To archive messages for only specific users: Set up your organization
hierarchy such that you place these users in separate user organizations. For
example, if you want to archive messages for only your company’s
executives, ensure that you place these users in a separate user org—for
example acme_execs. You can then turn on archiving for only that
organization.
If you use the journal archiving option with Microsoft Exchange Server, you
may want also want to map your mailbox databases or your Hub Transport
servers to your user organizations. For more information about configuring
journaling on Microsoft Exchange Server, refer to:
• Microsoft Exchange Journaling Configuration Guide For Exchange Server
2000 and 2003
• Microsoft Exchange Journaling Configuration Guide For Exchange Server
2007 and 2010
If you use the journaling option with Lotus Domino Server, refer to:
• Message Archiving - Lotus Domino Journaling Configuration Guide For
Domino Server 6.5.4 and up
• To archive messages for all users: Turn on archiving for all the user
organizations in your organization hierarchy. You don’t need to reorganize
your organization hierarchy.
Setting Up Message Archiving 45
Step 5. Turn On Archiving
You must turn on archiving for each user organization (org) that contains users for
whom you want to archive email messages.
Before turning on archiving, ensure that you:
• Choose an email archiving option. For details, see “Step 2. Choose an Email
Archiving Option” on page 41.
• Set up your Email-Security-service organization hierarchy, if necessary. For
details, see “Step 4. Set Up Your Organization Hierarchy (Optional)” on
page 43.
Note: You can also use a batch command to turn on archiving and select an
archiving option. For details about this batch command, refer to the Batch
Reference Guide.
To turn on archiving:
1. Go to https://login.postini.com.
2. Log in to your message security service, and open the Administration
Console.
3. Click the Orgs and Users tab, or click the Show Hierarchy link in the upper-
left corner of the Home page.
4. Select the user organization (org) for which you want to turn on archiving.
5. On the Organization Management page, under Organization Settings, click
Archiving.
46 Message Archiving Administration Guide
The Message Archiving Settings page appears.
6. On the Message Archiving Settings panel, select Archive messages for this
organization.
7. Select one of the following options:
• All inbound and outbound messages
• All journaled messages
WARNING: If you select both options, Message Archiving will store two copies
of all inbound and outbound messages.
Note: If you are a Google Apps customer, use the All inbound and outbound
messages option. You cannot use the All journaled messages option as
Google Apps Email does not provide a method of journaling messages.
For details about the options on the Archive Settings panel, see “About the
Message Archiving Settings Page for a User Org” on page 54.
8. Click Save.
9. On the Archive Retention panel, enter the number of months you want to set
for the archive retention period.
Setting Up Message Archiving 47
The retention period you set applies to all messages entering the archive from
that point on. It does not apply to messages already in the archive. If you need
to ensure that existing messages with shorter retention periods are not
deleted from the archive, turn off auto-purge on the Message Archiving
Retention tab.
You can enter any retention period up to the number of months equivalent to
the maximum retention period you purchased. For example, if you purchased
one year of retention, you can enter any number of months up to 12.
10. Click Save.
Note: If you select the All journaled messages option, your next step is to set up
Message Archiving for journaling. This generates the email address for your
archive, which you use when you set up journaling on your email server. See
“Step 6. Set Up Message Archiving for Journaling” on page 47.
Step 6. Set Up Message Archiving for Journaling
If you selected the All journaled messages option when turning on archiving for
a user org, you need to:
• Set up Message Archiving to accept incoming journaled messages from
your email server. Add a journaling-configuration entry to the email
configuration (config) that contains the user organization for which you turned
on archiving. Message Archiving then generates the email address for your
archive. You use this address when you configure your email server to send
journaled messages to Message Archiving.
For instructions to add a journaling configuration, see “Add a Journaling
Configuration to Your Email Config” on page 48.
Note: You must add a journaling-configuration entry to each email
configuration that contains user organizations for which you want to archive
messages. Keep in mind, though, that Message Archiving generates only one
archive email address, regardless of the number of email configurations you
set up.
• Set up your email server for journaling.
For details about configuring journaling on Microsoft Exchange Server, refer
to:
• Microsoft Exchange Journaling Configuration Guide For Exchange Server
2000 and 2003
• Microsoft Exchange Journaling Configuration Guide For Exchange Server
2007 and 2010
For details about configuring journaling on Lotus Domino Server, refer to:
• Message Archiving - Lotus Domino Journaling Configuration Guide For
Domino Server 6.5.4 and up
48 Message Archiving Administration Guide
Add a Journaling Configuration to Your Email Config
A journaling configuration identifies the type of server and the IP address (or
address range) of the server from which Message Archiving can accept incoming
journaled email messages. You can also use the journaling configuration to turn
non-account archiving on or off, turn archive alerts on or off, and to specify the
address to which archive alerts are delivered. In addition, you can turn the
journaling configuration itself on or off.
After you configure a journaling configuration, you can edit or delete it at any time.
IP-Address Range
The IP-address range for an email server must be:
• External IP addresses. If your network uses network address translation
(NAT), ensure that you enter your external IP address.
• Within a single class C address space.
• Contiguous. If you use non-contiguous IP addresses for your server, make a
separate entry for each different range.
Tip: If you are using Postini Outbound Services, the IP-address range you enter
for your journaling configuration is usually the same address range you entered
for Outbound Services.
Note: If you set up an IP Lock for your own domain on your message security
service, ensure that the IP address of your email server is included in the IP lock
configuration. Otherwise, your message security service will reject journaled
messages from your server. For information about IP Lock, refer to the Message
Security Service Administration Guide.
Alerts
We recommend that you set the Alert Status to ON so that the system can keep
you apprised of any interruption in journaled messages being copied to the
archive. When you turn Alert Status on, the system sends an alert when:
• Journaled messages from your mail server are being bounced
Message text:
Journal messages from your server are currently being bounced. Check to see that your IP address is properly configured. Click here for more information: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.
Note: This condition occurs when the IP address of the server from which you
are sending journaled messages is not listed in the Administration Console. If
the system bounces three messages within a minute without receiving any
good messages, this alert is issued.
• Journaled messages from your mail server not in the correct envelope journal
format
Setting Up Message Archiving 49
Message text:
Journal messages from your server are not in the correct envelope journal format. Check to see that your server is properly configured according to these instructions: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.
• The system has not received any journaled messages from your server for:
• One hour: if the system has not received a journaled message for one
hour, then an initial alert is sent.
• Six hours: After the initial one-hour alert, the system then sends an alert
every six hours until it receives a journaled message from your server.
Message text:
We have not received any messages from your journaling server. Check to see that your server is properly configured according to these instructions: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.
For Alert Address, we recommend that you use a long-standing group address
rather than an individual address so that it remains viable over the long term. With
a group address, you can add and remove individual address from the group as
your personnel change, but you can leave the group address in place in your
Journaling Configuration.
To add a journaling configuration to your email config:
1. Go to https://login.postini.com.
2. Log in to your message security service, and access the Administration
Console.
3. Click the Orgs and Users tab, or click the Show Hierarchy link in the upper-
left corner of the Home page.
4. Select the email configuration (config) associated with the user organization
for which you turned on archiving.
50 Message Archiving Administration Guide
5. On the Organization Management page, under Organization Settings, click
Archiving.
The Message Archiving Journaling Configuration page appears.
6. Click Add Journaling Configuration.
Setting Up Message Archiving 51
7. Configure the following options:
Option Value
Configuration Status Select ON to archive journaled messages from
the server identified in the Sending IP Address
Range option. Those messages are archived
according to the settings on this page.
Select OFF to suspend the archiving of
messages from the server identified in the
Sending IP Address Range option. You can set
the status to OFF when you are configuring
journal archiving ahead of time, or when you
want to suspend archiving messages from a
server but want to preserve your configuration.
Server Type Select the type of server from which journaled
messages are sent:
• Exchange
• Domino
Your selection identifies the format of journaled
messages so the email security service can
ingest them properly.
Sending IP Address
Range
Enter the IP-address range for your email
server.
If your server has only one address, enter that
address is both fields.
52 Message Archiving Administration Guide
Non-account
Archiving
Select ON to archive messages to and from
users on a particular email server who do not
also have accounts on your message security
service.
When you enable non-account archiving, you
immediately begin archiving all journaled
messages without having to first register users
with your message security service. This option
can be useful when the urgency of archiving
messages outweighs the need for granular
control of whose messages are archived. You
can enable this option to ensure that you don't
miss any messages, and then go through the
process of registering users.
Once you have registered all the users for whom
you want to archive messages, you can then
turn off this option to avoid storing unnecessary
messages in your archive.
Caution: When you enable non-account
archiving, you run the risk of archiving spam and
virus-infected messages. Messages sent or
received by users who are not registered with
your Postini Email Security system are not
filtered by the system. With non-account
archiving, those unfiltered messages are
archived.
Alert Status You can choose to receive daily email alerts
when it appears that your journaled messages
are not being archived correctly. There are alerts
that cover the following conditions:
• Journaled messages from your server are
being bounced
Note: This condition occurs when the IP
address of the server from which you are
sending journaled messages is not listed in
the Administration Console. If the system
bounces three messages within a minute
without receiving any good messages, this
alert is issued.
• Journaled messages from your server are
not in the correct envelope journal format
• The system has not received any journaled
messages from your server for the last 24
hours
Option Value
Setting Up Message Archiving 53
8. Click Save.
The IP address range that you entered appears on the page, along with the
other configuration settings.
The email address for your archive also appears in the message area at the
top of the page, in the following format:
archive@your_ID.archive.psmtp.com
You must use this address when you configure your email server for
journaling.
Edit or Delete a Journaling Configuration
You can edit or delete your journaling configuration at any time.
Important: If you are using Postini Outbound Services, you may be using the same
IP-address range for both Outbound Services and your journaling configuration. If
so, remember to also update the address range for Outbound Services in the
Administration Console.
To edit a journaling configuration:
In the list of journaling configurations, click the Edit icon for the configuration you
want to edit, set the options as desired, then click Save.
To delete a journaling configuration:
In the list of journaling configurations, click the Delete icon for the configuration
you want to delete.
Alert Address Enter the email address at which you want to
receive alerts.
We recommend that you use a long-standing
group address rather than an individual address
so that it remains viable over the long term.
Option Value
54 Message Archiving Administration Guide
Step 7. Grant Archiving Privileges to Your Users
After you’ve completed the previous steps to set up archiving for your
organization, you then need to grant privileges to your administrators and users
so they can have access to the archive. For information, see “Granting Message
Archiving Privileges” on page 61.
Message Archiving Setup Reference
About the Message Archiving Settings Page for a User Org
Use the Archive Settings page to:
• Turn on email archiving for an organization.
• Select an archiving option.
• Access the archive (requires the Search Archive privilege in your
authorization record).
Message Archiving Settings panel:
Option Description
Archive messages for
this organization
Turns on email archiving for this organization.
You must turn on archiving for all organizations that
contain users for whom you want to archive email
messages.
All inbound and
outbound messages
Archives email messages flowing through your
message security service. Inbound messages are
archived by default when you select this option.
Outbound messages are archived only if you use the
optional Outbound service.
This option does not archive any intradomain email
messages—that is, messages that do not leave your
private network.
To archive outbound messages with this option, you
must turn on and configure the Outbound service for
your message security service. For details, refer to
the Administration Guide for Message Discovery.
Setting Up Message Archiving 55
All journaled
messages
Archives all email messages that your email server
journals for users on your network, including
inbound, outbound, and intradomain messages
(internal messages that do not leave your private
network).
WARNING: If you select this option, Postini
recommends that you do not also select the option
All inbound and outbound messages. If you
select both options, Message Archiving stores two
copies of all inbound and outbound messages.
Next steps:
If you select this option, you must set up Message
Archiving, and set up journaling on your email
server:
1. Go to the Message Archiving Journaling Setup
page for the email configuration for this
organization:
At the top of the Message Archiving Settings
page, in the Choose Org drop-down list, select
the email configuration.
2. Specify the IP-address range for the email
server that will send journaled messages to the
archive.
The email address for your archive is then
displayed.
3. Set up your email server to send journaled
messages to the address for your archive.
Current Retention
Months
Enter the number of months that Message Archiving
keeps messages in the archive.
Option Description
56 Message Archiving Administration Guide
About the Message Archiving Journaling Configuration
Page for an Email Config
Use this page to:
• Set up Message Archiving to accept journaled email messages from your
email server.
• Obtain the email address for your archive. Use this address when you
configure your email server to send journaled messages to the archive.
• See a list of Journaling Configurations and their settings, along with options to
edit and delete those configurations.
Click Add Journaling Configuration to open the Message Archiving Journaling
Configuration panel.
Message Archiving Journaling Configuration panel:
Option Value
Configuration Status Select ON to archive journaled messages from the
server identified in the Sending IP Address Range
option. Those messages are archived according to
the settings on this page.
Select OFF to suspend the archiving of messages
from the server identified in the Sending IP Address
Range option. You can set the status to OFF when
you are configuring journal archiving ahead of time,
or when you want to suspend archiving messages
from a server but want to preserve your
configuration.
Server Type Select the type of server from which journaled
messages are sent:
• Exchange 2000/2003
• Exchange 2007/2010
• Domino
Your selection identifies the format of journaled
messages so the email security service can ingest
them properly.
Sending IP Address
Range
Enter the IP-address range for your email server.
If your server has only one address, enter that
address is both fields.
Setting Up Message Archiving 57
Non-account
Archiving
Select ON to archive messages to and from users
on a particular email server who do not also have
accounts on your message security service.
When you enable non-account archiving, you
immediately begin archiving all journaled messages
without having to first register users with your
message security service. This option can be useful
when the urgency of archiving messages outweighs
the need for granular control of whose messages
are archived. You can enable this option to ensure
that you don't miss any messages, and then go
through the process of registering users.
Once you have registered all the users for whom you
want to archive messages, you can then turn off this
option to avoid storing unnecessary messages in
your archive.
Caution: When you enable non-account archiving,
you run the risk of archiving spam and virus-infected
messages. Messages sent or received by users who
are not registered with your Postini Email Security
system are not filtered by the system. With non-
account archiving, those unfiltered messages are
archived.
Option Value
58 Message Archiving Administration Guide
Alert Status You can choose to receive daily email alerts when it
appears that your journaled messages are not being
archived correctly. There are alerts that cover the
following conditions:
• Journaled messages from your server are being
bounced
Message text:
Journal messages from your server are currently being bounced. Check to see that your IP address is properly configured. Click here for more information: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.
Note: This condition occurs when the IP address
of the server from which you are sending
journaled messages is not listed in the
Administration Console. If the system bounces
three messages within a minute without
receiving any good messages, this alert is
issued.
• Journaled messages from your server are not in
the correct envelope journal format
Message text:
Journal messages from your server are not in the correct envelope journal format. Check to see that your server is properly configured according to these instructions: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.
• The system has not received any journaled
messages from your server for the last 24 hours
Message text:
We have not received any messages from your journaling server for 24 hours. Check to see that your server is properly configured according to these instructions: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.
Alert Address Enter the email address at which you want to receive
alerts.
We recommend that you use a long-standing group
address rather than an individual address so that it
remains viable over the long term.
Option Value
Setting Up Message Archiving 59
Journaling Configurations List:
Option Description
Enable ACL The On/Off value for Configuration Status
Server Type Indicates the type of email server for which you
entered an IP-address range.
IP Address Range Indicates the IP-address range that you entered for
an email server.
Non-Account
Archiving
The On/Off value for Non-Account Archiving.
Alerts The On/Off value for Alert Status.
Alert Address The address to which alerts are sent.
Edit Edit the Journaling Configuration.
Non-Account
Archiving
Specifies whether to archive messages to recipients
or from senders who do not have accounts on your
Message Security service.
You can use this option to immediately begin
archiving all journaled messages without having to
first register users with your Postini Message
Security service.
Delete Removes the Journaling Configuration from your
message security service. Once you delete a
Journaling Configuration, Message Archiving no
longer accepts journaled email messages from that
IP-address range.
Chapter 3
Granting Message Archiving Privileges 61
Granting Message Archiving Privileges Chapter 3
About Archive Privileges
Your corporate message archive will likely contain highly sensitive corporate
information, as well as private employee information. Therefore, we recommend
that you provide only one or two employees with privileges to search your archive,
purge messages, and create audit reports. Typically, you provide these privileges
only to employees who need access to your archive for the purposes of
compliance, legal discovery, or human-resources management.
To help ensure restricted access to your corporate archive, Postini Customer Care
must grant the following privileges to the first user accounts that receive them:
• Message Archiving
• Archive Security Administration
• Archive Search
• Archive Discovery
• Archive Audit
• Archive Retention
• Archive Investigator Security
• Archive Reports
To request these privileges for a user account, you must do the following:
• If you are a direct customer, contact Postini Customer Care. You will receive
instructions for creating a support case to request the privileges for the
account. If you participate in the Message Archiving activation process with a
Customer Care representative, the representative will provide you with
instructions for requesting these privileges.
• If you are not a direct customer, contact your reseller, who will make the
request to grant the privileges on your behalf.
62 Message Archiving Administration Guide
You must also provide a formal, written request to grant the privileges to the
account. This request must be signed by an officer of your company on company
letterhead, and faxed to Postini Customer Care or your reseller.
Note: If you request any of the Message Archiving privileges for an administrator
who also has the Assign Authority privilege, he or she can grant the respective
privileges to any other user for whom he or she can create or edit authorization
records. Therefore, if you request these privileges for an administrator who has an
authorization record at the account level of your organization hierarchy, this
administrator can then grant those privileges to any other user, without you first
having to contact Postini Customer Care or your reseller. Before you provide this
ability to a user, we recommend that you carefully consider how it might affect the
security of your archive.
For more information about the administration of privileges, see the Message
Security Administration Guide.
About Granting Message Archiving Privileges
Using the message-security-service Administration Console, you can grant
Message Archiving privileges that allow users to set up Message Archiving,
search and manage investigations of the corporate archive, purge messages from
the corporate archive, create reports, and use the Personal Archive.
Granting Message Archiving Privileges 63
The following table describes the Message Archiving privileges available for
administrators and users.
Privilege Description
Message Archiving The user can turn on archiving and set archiving options
for specific organizations (orgs) in your organization
hierarchy. Optionally, you can grant a user “read”
privilege only, which allows the user to view Message
Archiving settings but not modify them.
For details about setting up and using your organization
hierarchy, refer to the Message Security Administration
Guide.
Archiving Security
Administration
The user has full access to the corporate archive,
including access to the Discovery, Retention, Reports,
and Admin tabs, and the ability to restrict searches.
WARNING: A user with the Archiving Security
Administration privilege may have access to sensitive
corporate and employee information. Therefore, we
recommend that you take caution when granting this
privilege. For more information, see “About Archive
Privileges” on page 61.
64 Message Archiving Administration Guide
Archive Search The user can access the Search tab to (depending on
the options your service includes) search for, view, and
print email messages in your corporate archive.
You can forward messages to your email inbox.
You can export messages as MBOX files.
The user can access the Reports tab, and the Storage
Overview and Storage reports. For an overview of
reports, see “Reports Tab” on page 23.
If you use journal archiving, Postini recommends that
you create additional, separate email accounts on your
email server for users who have access to your
corporate archive. Do not archive email for these special
accounts so you can prevent re-archiving of exported
messages.
For details about configuring journaling on Microsoft
Exchange Server, refer to:
• Microsoft Exchange Journaling Configuration Guide
For Exchange Server 2000 and 2003
• Microsoft Exchange Journaling Configuration Guide
For Exchange Server 2007 and 2010
For details about configuring journaling on Lotus Domino
Server, refer to:
• Message Archiving - Lotus Domino Journaling
Configuration Guide For Domino Server 6.5.4 and
up
WARNING: The Archive Search privilege lets a user
search all messages in the archive.and may allow that
user access to sensitive corporate and employee
information. Therefore, we recommend that you take
caution when granting this privilege. For more
information, see “About Archive Privileges” on page 61.
Privilege Description
Granting Message Archiving Privileges 65
Archive Discovery The user can access the Discovery tab. With this
privilege, the Discovery tab replaces the Search tab
(described above). The Discovery tab includes all the
functionality of the Search tab, plus the ability to manage
investigations and place holds on messages.
With investigations, you can:
• Save named investigations, including the search
criteria and search results
• Edit saved investigations
• Set the retention periods for saved search results
• Export search results as MBOX or PST files
• Transfer investigations to other users who also have
the Archive Search and Archive Discovery
privileges
You can place a hold on all messages in a search-result
set, and place a hold on messages for an individual user.
The user can access the Reports tab, and the Storage
Overview and Storage reports. For an overview of
reports, see “Reports Tab” on page 23.
Requires that you also grant the Archive Search
privilege.
WARNING: A user with the Archive Discovery privilege
may have access to sensitive corporate and employee
information. Therefore, we recommend that you take
caution when granting this privilege. For more
information, see “About Archive Privileges” on page 61.
Archive Audit The user can access the Reports tab, and the Audit
reports. For an overview of reports, see “Reports Tab” on
page 23.
WARNING: A user with the Archive Audit privilege may
have access to sensitive corporate and employee
information. Therefore, we recommend that you take
caution when granting this privilege. For more
information, see “About Archive Privileges” on page 61.
Privilege Description
66 Message Archiving Administration Guide
Archive Retention The user can access the Retention tab to:
• View a monthly list of messages that are on
extension beyond the expiration of their retention
periods.
• View how many of the messages on extension are
also on hold (not available to purge).
• Turn Auto-archiving on and off.
• Purge messages from the archive that are not on
hold.
• View the history of when and by who messages
were purged.
• View contact information for investigators who have
placed messages on hold.
• View the number and overall size of the messages
placed on hold by each investigator.
The user can access the Reports tab, and the Purge
History report. For an overview of reports, see “Reports
Tab” on page 23.
WARNING: A user with the Archive Retention privilege
may have access to sensitive corporate and employee
information. Therefore, we recommend that you take
caution when granting this privilege. For more
information, see “About Archive Privileges” on page 61.
Archive Investigator
Security
The user can access the Admin tab to restrict searches
by users who have the Archive Search and Archive
Discovery privileges. Searches are restricted to a
defined set of senders and recipients.
Requires that you also grant the Archive Search
privilege.
Archive Reports The user can access the Reports tab. The user has
access to specific reports based on having additional
privileges. For more information, see “Allow a User to
View and Create Reports” on page 72.
Privilege Description
Granting Message Archiving Privileges 67
Note: If you grant privileges to a user and then remove them, the functions to
which that user had access are no longer available to that user (for example, the
ability to conduct investigations and save search criteria and results). If you
subsequently re-grant the same privileges to that user, those functions are
available again, along with any related information that was previously saved (for
example, saved search criteria and results).
Personal Archive When you grant the Personal Archive privilege, the
related Archive Search and Archive Recover
privileges are granted automatically.
• Archive Search permits users to search for and
view email messages in their personal archives.
When you grant Archive Search, the Archive tab
appears in the user’s Message Center. This tab
includes the search options for finding messages in
the Personal Archive. For more information about
the Personal Archive, including an example of the
Archive tab in Message Center, see “Personal
Archive” on page 24.
• Archive Recover permits users to export email
messages from their personal archives. In order to
use Archive Recover, Archive Search must also be
granted.
Privilege Description
68 Message Archiving Administration Guide
Allow a User to Set Up Message Archiving
To grant the Message Archiving privilege to another user, your administrator
account must have:
• The Assign Authority privilege for the organization in which the user’s
account resides
• The Message Archiving privilege
WARNING: If you grant the Message Archiving privilege to an administrator who
also has the Assign Authority privilege, this administrator can grant this privilege
to any other user for whom he or she can create or edit authorization records.
To grant the Message Archiving setup privilege to a user:
1. Go to https://login.postini.com.
2. Log in to your message security service and access the Administration
Console.
3. Open the user’s authorization record. If the user does not yet have an
authorization record, create a record for the user.
For details on opening or adding authorization records for users, refer to the
Message Security Administration Guide.
4. In the authorization record, under Advanced Applications, do one or both of
the following, depending on which privileges you want to grant to the user:
• To allow the user to set up archiving for the organization, select the
Message Archiving check box in the Modify (right-hand) column.
• To allow the user to only view Message Archiving settings, select the
Message Archiving check box in the Read (left-hand) column only.
Granting Message Archiving Privileges 69
Allow a User Full Access to the Corporate Archive
To grant the Archive Security Administration privilege to another user, your
administrator account must have:
• The Assign Authority privilege for the organization in which the user’s
account resides
• The Archive Security Administration privilege
If no administrator account has this privilege, you must submit a request to Postini
Customer Care or your reseller to add the Archive Security Administration
privilege to a user account. For more information, see “About Archive Privileges”
on page 61.
WARNING: If you grant the Archive Security Administration privilege to an
administrator who also has the Assign Authority privilege, this administrator can
grant this privilege to any other user for whom he or she can create or edit
authorization records.
To grant the Archive Security Administration privilege to a user:
1. Go to https://login.postini.com.
2. Log in to your message security service and access the Administration
Console.
3. Open the user’s authorization record on your message security service. If the
user does not yet have an authorization record, create a record for the user.
For details on opening or adding authorization records for users, refer to the
Message Security Administration Guide.
4. Scroll down to the bottom of the list of privileges.
5. Select the Archive Security Administration check box.
70 Message Archiving Administration Guide
Allow a User to Search the Corporate Archive
To grant the Archive Search or Archive Discovery privilege to another user,
your administrator account must have:
• The Assign Authority privilege for the organization in which the user’s
account resides
• The Archive Search, and optionally, Archive Discovery privilege
Note: To grant the Archive Discovery privilege, you must also grant the Archive
Search privilege.
If no administrator accounts have these privileges, you must submit a request to
Postini Customer Care or your reseller to add the Archive Search or Archive
Discovery privilege to a user account. For more information, see “About Archive
Privileges” on page 61.
Note: Before granting one of these privileges to a user, you may want to consider
setting up a special account on your email server for this user in order to prevent
re-archiving of exported messages.
WARNING: If you grant the Archive Search or Archive Discovery privilege to an
administrator who also has the Assign Authority privilege, this administrator can
grant either privilege to any other user for whom he or she can create or edit
authorization records.
To grant the Archive Search or Archive Discovery privilege to a user:
1. Go to https://login.postini.com.
2. Log in to your message security service and access the Administration
Console.
3. Open the user’s authorization record on your message security service. If the
user does not yet have an authorization record, create a record for the user.
For details on opening or adding authorization records for users, refer to the
Message Security Administration Guide.
4. Scroll down to the bottom of the list of privileges.
Granting Message Archiving Privileges 71
5. Select the Archive Search, and optionally, the Archive Discovery check
box.
Allow a User to Manage Message Retention
To grant the Archive Retention privilege to another user, your administrator
account must have:
• The Assign Authority privilege for the organization in which the user’s
account resides
• The Archive Retention privilege
If no administrator account has this privilege, you must submit a request to Postini
Customer Care or your reseller to add the Archive Retention privilege to a user
account. For more information, see “About Archive Privileges” on page 61.
WARNING: If you grant the Archive Retention privilege to an administrator who
also has the Assign Authority privilege, this administrator can grant this privilege
to any other user for whom he or she can create or edit authorization records.
To grant the Archive Retention privilege to a user:
1. Go to https://login.postini.com.
2. Log in to your message security service and access the Administration
Console.
3. Open the user’s authorization record on your message security service. If the
user does not yet have an authorization record, create a record for the user.
For details on opening or adding authorization records for users, refer the
Message Security Administration Guide.
4. Scroll down to the bottom of the list of privileges.
72 Message Archiving Administration Guide
5. Select the Archive Retention check box.
Allow a User to View and Create Reports
The following table lists the reports that are available with each archive privilege:
To grant the Archive privileges to another user, your administrator account must
have:
• The Assign Authority privilege for the organization in which the user’s
account resides
• The corresponding Archive privileges you want to assign
Privileges Available Reports
Archive Search
Archive Reports
Storage Overview
Storage Report
Archive Search
Archive Retention
Archive Reports
Storage Overview
Storage Report
Purge History
Archive Search
Archive Audit
Archive Reports
Storage Overview
Storage Report
Audit Reports
Archive Search
Archive Retention
Archive Audit
Archive Reports
Storage Overview
Storage Report
Purge History
Audit Reports
Granting Message Archiving Privileges 73
If no administrator account has this privilege, you must submit a request to Postini
Customer Care or your reseller to add the relevant Archive privilege to a user
account. For more information, see “About Archive Privileges” on page 61.
Note: An audit report can show the messages that users accessed in the archive.
If you want a user with the Archive Audit privilege to be able to view the content
of these messages in the report, you must also assign the Archive Search, and
optionally, the Archive Discovery privilege to that user. For more information
about audit reports, refer to the Message Archiving User’s Guide.
WARNING: If you grant the Archive privileges to an administrator who also has the
Assign Authority privilege, this administrator can grant this privilege to any other
user for whom he or she can create or edit authorization records.
To grant Archive reporting privileges to a user:
1. Go to https://login.postini.com.
2. Log in to your message security service and access the Administration
Console.
3. Open the user’s authorization record on your message security service. If the
user does not yet have an authorization record, create a record for the user.
For details on opening or adding authorization records for users, refer the
Message Security Administration Guide.
4. Scroll down to the bottom of the list of privileges.
5. Select the check box for the appropriate Archive privilege.
Allow a User to Restrict Searches
To grant the Archive Investigator Security privilege to another user, your
administrator account must have:
• The Assign Authority privilege for the organization in which the user’s
account resides
• The Archive Investigator Security privilege
74 Message Archiving Administration Guide
If no administrator account has this privilege, you must submit a request to Postini
Customer Care or your reseller to add the Archive Investigator Security
privilege to a user account. For more information, see “About Archive Privileges”
on page 61.
You must also grant the Archive Search privilege so the user can access
Message Archiving.
WARNING: If you grant the Archive Investigator Security privilege to an
administrator who also has the Assign Authority privilege, this administrator can
grant this privilege to any other user for whom he or she can create or edit
authorization records.
To grant the Archive Investigator Security privilege to a user:
1. Go to https://login.postini.com.
2. Log in to your message security service and access the Administration
Console.
3. Open the user’s authorization record on your message security service. If the
user does not yet have an authorization record, create a record for the user.
For details on opening or adding authorization records for users, refer the
Message Security Administration Guide.
4. Scroll down to the bottom of the list of privileges.
5. Select the Archive Investigator Security check box.
Granting Message Archiving Privileges 75
Allow a User to Access the Personal Archive
Users access the Personal Archive in Message Center, where they can also
manage their junk and virus quarantines. If users don’t currently have access to
Message Center, you must provide that access.
Note:
• You can limit access to only the Personal Archive, without allowing users to
also manage their message quarantines.
• For complete instructions on enabling and disabling access to Message
Center and selecting Message Center privileges for users, refer to the
Message Security Administration Guide.
Personal Archive privileges:
To grant the Personal Archive privilege to users:
1. Go to https://login.postini.com.
2. Log in to your message security service and access the Administration
Console.
3. Click the Orgs and Users tab, or click the Show Hierarchy link in the upper-
left corner of the Home page.
4. Select the user organization (org) that contains the users for whom you want
to provide access to the Personal Archive.
Privilege Description
Archive Search Adds the Archive tab to Message Center. Users can
search for and view any archived email messages that
they sent or received.
Archive Recover Adds the Recover button to the Archive tab in
Message Center. Users can export messages from their
Personal Archives, by forwarding them to their email
addresses.
Note: Any messages that users forward are archived
again. These archived messages contain the following
subject line:
Archive Export: original subject line of forwarded message
76 Message Archiving Administration Guide
5. On the Organization Management page, under Organization Settings, click
User Access.
The User Access page appears.
6. Under Personal Archive, do one of the following:
• To allow users to view and forward archived messages to their inboxes,
select both the Archive Search and Archive Recover check boxes.
Note: Any messages that users forward are archived again.
• To allow users to only view their archived messages, select only the
Archive Search check box. Your changes take effect immediately.
Granting Message Archiving Privileges 77
Allow an External User to Access your Corporate Archive
You may grant message archive access to a third-party, such as a regulatory
agency, as necessary to comply with an investigation or audit. You give these
external users access by adding them as users in Message Archiving and setting
up their permissions to search the archive and/or view activity logs.
To grant access to external users:
1. Create a new user org and add the external user with your domain as their
address.
For example, if you want an investigator such as [email protected] to
access your archive, you can add that user as yuki-
[email protected] to Message Archiving.
The user can access your archive, but cannot receive or send email unless
you add them to your mail server.
2. If you’re using Directory Sync to manage your users: Add the user to your
LDAP directory or to Directory Sync as an exception (existing only in
Message Archiving), so the user isn’t automatically removed during
synchronization.
3. Give permissions to the user to conduct an investigation. See “About Granting
Message Archiving Privileges” on page 62.
4. Notify the user that they cannot forward search results to their email account
(since they have no email account on your servers), but they can download to
their desktop or upload to an FTP server. See Export Search Results in the
Message Archiving User’s Guide.
Appendix A
How To 79
How To Appendix A
This section provides a link to each procedure in the Message Archiving
Administration Guide. These links are provided to give you easy access to the
procedural information, and are organized by chapter.
Setting Up Message Archiving
To turn on archiving:
To add a journaling configuration to your email config:
To edit a journaling configuration:
To delete a journaling configuration:
Granting Message Archiving Privileges
To grant the Message Archiving setup privilege to a user:
To grant the Archive Security Administration privilege to a user:
To grant the Archive Search or Archive Discovery privilege to a user:
To grant the Archive Retention privilege to a user:
To grant Archive reporting privileges to a user:
To grant the Archive Investigator Security privilege to a user:
To grant the Personal Archive privilege to users:
Appendix B
Troubleshooting 81
Troubleshooting Appendix B
This section discusses some of the problems that have been observed with
Message Archiving, and the solutions to those problems.
Journaled messages are being forwarded from your Exchange server to the
correct Message Archiving address, but are being bounced with the error code
“554 Cannot relay journal - psmtp.”
The IP address of the Exchange server sending the journaled messages is not
correctly identified in the relevant journaling configuration.
After you update your journaling configuration, check the Storage Overview > Mail
Flow report to verify that there is a decrease in the number of bounced messages.
Journaled messages in HTML format from your Exchange 2000 or Exchange
2003 server are being archived as plain text.
Verify that your Exchange server’s Internet Message Format is configured to
provide message bodies as both HTML and plain text.
Reports indicate that messages have been archived for users who belong to
orgs for which archiving is not turned on.
If a user for whom mail is not archived is a recipient of a message also addressed
to a user for whom mail is archived, the non-archived recipient’s address can
show up in a report.
To eliminate users for whom the messages are not archived, run the report from
an org where Message Archiving is enabled.
Index 83
Index
A
adding
services for Message Archiving 15
users to organization for journal archiving 30
Admin tab
access 66
Admin tab access 66
Aid4Mail, obtaining 64, 65
alerts for journaled messages 48
alias
addresses, how Message Archiving works with 28
domains, how Message Archiving works with 28
archive access
granting privileges 62
security 32
archive alerts, turn on 48
Archive Audit privilege
description 65
process for granting to account 61
Archive Discovery privilege
description 65
process for granting to account 61
Archive Investigator Security privilege
description 66
granting 73
process for granting to account 61
Archive Investigator Security privilege, granting 66, 73
Archive privileges
granting 72
Archive Reports privilege
description 66
process for granting to account 61
Archive Reports privilege, granting 66
Archive Retention privilege
description 66
granting 71
process for granting to account 61
Archive Retention privilege, granting 66
Archive Search privilege
description 64
granting 70
process for granting to account 61
Archive Security Administration privilege
granting 69
process for granting to account 61
Archive Security Administration, granting 69
archive storage security 33
archived messages
searching for in corporate archive 19
types 15
viewing in Personal Archive 24
archiving
email messages, overview 24
reasons for 12
audience for this guide 7
B
blackholed messages
how handled for inbound/outbound archiving 28
how handled for journal archiving 30
Boolean Search panel, overview 20
bounced messages
how handled for inbound/outbound archiving 28, 29
how handled for journal archiving 30
browser requirements 37
C
catchall account, archiving messages in 25, 43
comments about this guide, sending 10
components of Message Archiving 15
configuration of archive, access security 32
continuation events, how they affect archiving 34
creating reports, overview 23
creating user accounts for journal archiving 30
customer support, receiving 10
D
data centers, security 33
deleted user, message availability in Personal
Archive 25, 26, 43
deleting messages from the archive 34
Discovery tab
access 65
overview 20
documentation, related 8
84 Message Archiving Administration Guide
domain aliases, how Message Archiving works with 28
domain substripping, how Message Archiving works
with 28
duplicate message handling
for inbound/outbound archiving 28, 29
for journal archiving 31
E
Email & IM Search panel, overview 20
email configuration
setting up for archiving 47
email messages
archived, overview 24
how quickly archived 32
types stored with inbound/outbound archiving 25
types stored with journal archiving 25
email messages, retrieved
saving to mbox file 64, 65
saving to pst file 65
Email Search panel, overview 20
encrypted messages, how handled for inbound/outbound
archiving 29
exporting retrieved email messages
saving to mbox file 64, 65
saving to pst file 65
F
failovers, how they affect archiving 34
features and benefits 13
feedback about this guide, sending 10
G
granting
Archive Audit privilege 65
Archive Discovery privilege 65
Archive Investigator Security privilege 66, 73
Archive Reports privilege 66
Archive reports privileges 72
Archive Retention privilege 66, 71
Archive Search privilege 64, 70
Archive Security Administration privilege 69
Message Archiving setup privilege 63, 68
Personal Archive privilege 67, 75
Personal Archive Recover privilege 67
Personal Archive Search privilege 67
privileges, overview 32, 62
I
inbound messages, how archived 27
inbound/outbound archiving
definition 25, 42
inbound message processing and storage 27
outbound message processing and storage 29
overview 27
setting up Outbound service 42
when to use 25
indexing of message and attachment content,
overview 18
J
journal archiving
definition 25, 41
security 33
setting up for email configuration 47
when to use 26
journaling
email, description 25
journaling configuration
adding 48
delete 53
editing 53
journaling configuration, setup 47
M
maximum message size supported 36
mbox file
saving retrieved email messages 64, 65
Message Archiving
69
adding services 15
components 15
Discovery tab, overview 20
features and benefits 13
maximum message size supported 36
overview 11
packages available 15
privileges, overview 62
Reports tab, overview 23
reports, overview 23
Retention tab, overview 22
search panels and results, overview 19
Search tab, overview 19
security, overview 32
setup options, overview 17
setup privilege, granting 63, 68
system requirements, general 37
Message Archiving privilege
description 63
granting 68
process for granting to account 61
Message Archiving reports, overview 23
Message Archiving, setting up
choosing email options 41
choosing users 43
overview 39
turning on archiving 45
message capture
email, overview 24
inbound/outbound archiving 27
message capture and storage, overview 15
message flow through message security service,
overview 26
message retention and deletion 34
message retention, overview 22
message size, maximum supported 36
O
organization hierarchy, setting up for archiving 43
outbound messages, how archived 29
Outbound service, setting up for inbound/outbound
archiving 42
Index 85
P
packages, for Message Archiving 15
Personal Archive
access privilege 75
overview 24
Personal Archive privilege
description 67
granting 75
Personal Archive Recover privilege, description 67
Personal Archive Search privilege, description 67
Postini Message Archiving Administration Guide
audience 7
overview 7
related documentation 8
privileges
Archive Audit, granting 61, 65
Archive Discovery, granting 61, 65
Archive Investigator Security, granting 61, 66, 73
Archive Reports, granting 61, 66
Archive Retention, granting 61, 66, 71
Archive Search, granting 61, 64, 70
Archive Security Administration, granting 61, 69
granting Archive 72
Message Archiving setup, granting 63, 68
Message Archiving, granting 61
Personal Archive Recover, granting 67
Personal Archive Search, granting 67
Personal Archive, granting 67, 75
pst file, saving retrieved email messages 65
Q
quarantined messages
how handled for inbound/outbound archiving 28, 29
how handled for journal archiving 31
R
related documentation 8
Reports tab
access 65, 66
overview 23
reports, creating 23
reports, overview 23
requirements, browsers 37
retention periods 34
retention privilege, granting 71
Retention tab
access 66
Retention tab, access 66
Retention tab, overview 22
S
saving
retrieved email messages to mbox file 64, 65
retrieved email messages to pst file 65
search access 32
Personal Archive, security 33
security 32
search panels, overview 20
search privilege, granting 64, 65, 70
Search tab
access 64
Search tab, overview 19
security
archive access and authorizations 32
archive configuration 32
archive storage 33
connection 33
connection to Message Archiving 33
corporate archive 32
journal archiving 33
overview 32
Personal Archive 33
setting up Message Archiving
choosing email options 41
choosing users 43
overview 39
setup options
for email archiving 41
overview 17
setup privilege, granting 63, 68
spooling, how Message Archiving processes messages
during 35
support, technical, receiving 10
system requirements 37
T
technical support, receiving 10
TLS (Transport Layer Security), using with journal
archiving 33
turning on archiving 45
types of archived messages 15
U
user accounts
need for with inbound/outbound archiving 27
need for with journal archiving 30
user aliases, how Message Archiving works with 28