Veritas Enterprise Vault™ Setting up SMTP Archiving

Last Published:
Product(s): Enterprise Vault (12.1)
  1. About this guide
    1.  
      Introducing this guide
    2. Where to get more information about Enterprise Vault
      1.  
        Enterprise Vault training modules
  2. Introducing Enterprise Vault SMTP Archiving
    1.  
      About Enterprise Vault SMTP Archiving
    2.  
      About SMTP Journaling
    3.  
      About Selective SMTP Journaling
    4.  
      About SMTP Mailbox Journaling
    5.  
      Configuring SMTP Journaling and SMTP Mailbox Journaling
    6.  
      Configuring Selective SMTP Journaling and SMTP Mailbox Journaling
    7.  
      Using Exchange Server to journal messages to Enterprise Vault
  3. Installing SMTP Archiving
    1.  
      About installing Enterprise Vault SMTP Archiving components
    2.  
      Reporting
    3.  
      Monitoring
  4. Configuring SMTP Archiving
    1.  
      Steps to configure SMTP Archiving
    2.  
      Creating archives for SMTP messages
    3. Configuring retention categories and SMTP policies
      1. About X-Headers
        1.  
          About X-Kvs X-Headers
        2.  
          Searching archives for messages with specific X-Headers
    4. Configuring the Enterprise Vault SMTP Servers in the site
      1.  
        Entering the name or IP address of connecting hosts
      2.  
        Obtaining an SSL/TLS certificate
    5. Adding SMTP target addresses
      1.  
        Additional configuration for Selective SMTP Journaling or SMTP Mailbox Journaling
      2.  
        Adding a large number of SMTP target addresses
    6. Adding an SMTP Archiving task
      1.  
        About the SMTP holding folder
      2.  
        Keeping safety copies of archived messages
      3.  
        Task summary reports
  5. Configuring target address rewriting
    1.  
      About target address rewriting
    2.  
      Steps to configure target address rewriting
    3.  
      Adding SMTP target addresses
    4.  
      Adding target address aliases
  6. PowerShell cmdlets
    1.  
      About the PowerShell cmdlets for SMTP Archiving

About Enterprise Vault SMTP Archiving

Enterprise Vault SMTP Archiving enables Enterprise Vault to archive data that is sent to the Enterprise Vault server using the SMTP protocol.

SMTP Archiving can be used to provide journaling for any application that can send messages over SMTP. Journal report messages (P1 messages) that are sent to Enterprise Vault SMTP servers must comply with the envelope journal report format that is described in the article, http://technet.microsoft.com/library/bb331962.aspx. The journal report messages are processed by Enterprise Vault, and available for searching using an eDiscovery application, such as Veritas Discovery Accelerator.

Note that SMTP Archiving does not currently process the journal report information in messages that are journaled by Domino Server.

Figure: SMTP Archiving overview

SMTP Archiving overview

Figure: SMTP Archiving overview shows an example of a simple SMTP Archiving environment:

  • An MTA receives an SMTP message from some application.

    The MTA could be an Exchange Server, or some other server that can route SMTP messages.

  • The MTA sends the message to the destination mailbox.

  • In addition, the MTA is configured to copy or journal the message to the SMTP routing address for the Enterprise Vault SMTP server. The domain used in the routing address could just be an MX record alias that you create in DNS to point to the Enterprise Vault SMTP server, for example, ev.example.com.

    In Enterprise Vault, you must configure the routing address as an SMTP target address.

  • The Enterprise Vault SMTP server receives the message, and adds the routing address to the message as an X-RCPT-TO header.

    The SMTP server then places the message as an email (.eml) file in the folder that you assign as the SMTP holding folder.

  • The SMTP Archiving task processes the message file in the holding folder, and archives it in the archive specified for the target address. During processing, the task applies the retention category that is specified in the target properties, and ensures that Enterprise Vault indexes any X-Headers that are listed in the policy.

An Enterprise Vault SMTP server is an Enterprise Vault server that hosts the Enterprise Vault SMTP Archiving components. The components include an SMTP server and an Enterprise Vault SMTP Archiving task. Table: Overview of SMTP Archiving components provides an overview of the main components of SMTP Archiving. An Enterprise Vault SMTP server can host only one SMTP server and one SMTP Archiving task. However, there can be multiple Enterprise Vault SMTP servers in a site. When you configure SMTP Archiving, the Enterprise Vault SMTP server settings and target configuration information are shared with all the Enterprise Vault SMTP servers in the site. This means that any Enterprise Vault SMTP server in the site can archive messages sent to any SMTP target in the site. You can use a load balancing solution to distribute the SMTP traffic evenly across the SMTP servers in the site.

A simple load balancing solution is to configure a DNS MX record for each of the Enterprise Vault SMTP servers, and give each record equal preference. If you use a single address for journaling, for example SMTPjournal@example.com, and the volume of traffic is more than one Enterprise Vault SMTP server can manage, you can also implement address rewriting on the SMTP servers. Address rewriting enables you to spread the archiving load over several Enterprise Vault storage servers.

See About target address rewriting.

You can configure SMTP Archiving in different ways depending on whether you want to archive all messages that are sent to the Enterprise Vault SMTP servers, or just selected messages. Table: SMTP Archiving configurations provides a summary of the different journaling configurations that you can implement. These configurations are explained in more detail in the sections indicated.

Table: SMTP Archiving configurations

SMTP Archiving configuration

Description

SMTP Journaling

All messages that are sent to the Enterprise Vault SMTP servers are stored in one or more journal archives.

See About SMTP Journaling.

Selective SMTP Journaling

You configure the Enterprise Vault SMTP servers to archive only messages to or from specific addresses. Enterprise Vault can store all the messages in the same archive, or in several different archives.

See About Selective SMTP Journaling.

SMTP Mailbox Journaling

This is similar to Selective SMTP Journaling. Enterprise Vault stores all messages to and from a specific address in a journal archive that is exclusive to that address.

See About SMTP Mailbox Journaling.

You can configure SMTP Archiving to perform the following combinations of journaling:

With Selective SMTP Journaling, SMTP Mailbox Journaling, or the above combinations, a copy of a message may be stored in multiple archives. Enterprise Vault implements single-instance storage as permitted by the vault store configuration.

If a message contains multiple target addresses that have the same destination archive, and the same retention category and policy are applied to the target addresses, only one copy of the message is stored in the archive.

To implement SMTP Archiving, you install the Enterprise Vault SMTP Archiving components and the Enterprise Vault server components on the computers that you want to perform SMTP Archiving. Table: Overview of SMTP Archiving components provides an overview of the main components of SMTP Archiving. You can configure SMTP Archiving using the Enterprise Vault Administration Console, or Enterprise Vault PowerShell cmdlets.

Table: Overview of SMTP Archiving components

Component

Description

Enterprise Vault SMTP server

The SMTP server is implemented as the Windows service, Enterprise Vault SMTP service. This service is displayed in the Windows Services Console, but not in the Enterprise Vault Administration Console.

The SMTP server manages SMTP connections, and receives messages that are sent to the Enterprise Vault SMTP server by relay Message Transfer Agents (MTAs), such as Exchange Server, or SMTP servers. The Enterprise Vault SMTP server stores the messages as .eml files in the SMTP holding folder.

An Enterprise Vault SMTP server can host only one SMTP server.

SMTP Archiving task

The SMTP Archiving task processes the email files in the holding folder as follows:

  • Checks if the routing address in the message is an SMTP target that is enabled for archiving. If the advanced SMTP site setting, Selective Journal Archiving is Yes, also searches for SMTP target addresses in the To, From, CC, BCC, and Sender fields in the message file.

  • Performs the following actions on each SMTP target address found that is enabled for archiving:

    • Applies the policy associated with the target address.

    • Stores the message in the archive associated with the target address.

    • Applies the target address retention category.

  • By default, deletes the message file from the holding folder when archiving is completed successfully. If errors occur, the task does not delete the file.

    In Selective SMTP Journaling and SMTP Mailbox Journaling, you can change the default behavior for certain messages.

    See About the SMTP holding folder.

An Enterprise Vault SMTP server can host only one SMTP Archiving task.

SMTP holding folder

The SMTP holding folder is a local folder that is assigned to the SMTP Archiving task. The folder location is in the SMTP Archiving task properties. The Enterprise Vault SMTP server places messages in the folder for the archiving task to process.

Messages that the archiving task fails to archive are not deleted automatically from the holding folder. The messages are placed in a Failed subfolder.

SMTP policies

An SMTP policy is assigned to an SMTP target address. The policy defines how the SMTP Archiving task manages journal reports and X-Headers, when archiving messages that contain the target address.

You can specify the following using policy properties:

  • The X-Headers that you want Enterprise Vault to index.

  • Whether the archiving task processes or discards journal reports.

  • How the archiving task processes RMS-protected items.

The target addresses to which the policy applies are also displayed in the policy properties.

The SMTP policies are displayed in the Administration Console, under Policies > SMTP.

SMTP target addresses

The SMTP target addresses are the SMTP addresses that the Enterprise Vault SMTP server and SMTP Archiving task look for in the messages that are sent to the Enterprise Vault SMTP server. The target properties contain the following settings:

  • The SMTP address that you want to make a target address.

  • The policy to assign to messages that contain the target address.

  • The retention settings to assign to the messages.

  • The archive in which to store the messages.

  • Whether to archive messages sent from or received by the target address. When configuring Selective SMTP Journaling or SMTP Mailbox Journaling, this option lets you control which archives Enterprise Vault uses for messages that are sent to selected addresses.

The SMTP targets are displayed in the Administration Console, under Targets > SMTP.

SMTP archives

The SMTP Archiving task can store SMTP messages in any type of archive. However, we recommend that you use journal type archives if you are configuring SMTP Journaling or Selective SMTP Journaling. User archive types, such as Exchange Mailbox or Internet Mail archives, should only be used for SMTP Mailbox Journaling.

You can create SMTP journal archives. These are displayed in the Administration Console, under Archives > SMTP.

SMTP Archiving does not create archives automatically. The required archive must exist before you add an SMTP target address.

See Creating archives for SMTP messages.