Connections

 

Refer to Mail Servers for specific mail server integration steps.

 

From the Configuration->Connections menu, it is possible to define one or more outgoing connections to other servers. Available client connections are as follows:
 

 

Mail Server Integration: MailArchiva integrates with various mail server brands in different ways.  Please refer to Mail Servers for tailored integration steps.

 

Listening for Traffic: This section refers to outgoing connections only. If you wish to send traffic to MailArchiva via SMTP/Milter interfaces, refer to Listeners.


IMAP / POP Client Connection

 

IMAP / POP Connections are primarily used for retrieving mail from a temporary journal mailbox. Typically, a temporary 'journal' mailbox is created in a mail server such as a Microsoft Exchange. The mail server is configured to forward copies of all internal, outgoing and external mails to the journal account. An IMAP/POP connection is created in MailArchiva to retrieve mails from the journal account, and subsequently delete them once they have been processed.


Connections details

 

Warning: By default, after MailArchiva retrieves and processes emails from the journal account, the mails are deleted so as to ensure that the journal acount is emptied.

 

 

Setting Recommended Value  Description
IMap Idle Unchecked

This switch allows MailArchiva to receive message arrival notifications from the server and thus save on bandwidth. Unfortunately, some mail servers may stop delivering notifications after a period and archiving will stop. Should this happen, it is necessary to disable the IMAP Idle setting.
Allow Partial Fetches Unchecked With this option enabled, MailArchiva will receive messages from the IMAP server in chunks, as opposed to an entire message at a time. For fast archiving, allowing partial fetches should be disabled. However, with partial fetches disabled, the server will consume more memory as entire messages will be loaded into RAM.
Process unread messages only Unchecked With this option unchecked, MailArchiva will retrieve both read and unread messages from the journal account.With this option disabled, MailArchiva will not apply any filter when retrieving the messages from the journal account. Thus, time is not wasted applying the unread filter when reading messages from the journal account.  On the other hand, the advantage of processing unread messages only is that if MailArchiva is unable to process a mesage due to unsufficient disk space, it will be marked as read in the journal account, and MailArchiva will not attempt to reprocess it over and over again.
Polling Wait Interval 50 msec When IMAP Idle is disabled, MailArchiva will poll the mail server continuously for new message arrivals. The IMAP Client downloads emails in batches between each cycle. The polling wait interval specifies how often MailArchiva should wait between batches. A higher polling interval reduces network traffic, while a lower one increases the rate at which emails are removed from the journal account.
Messages Per Cycle  50 This value specifies the batch size for message retrieval. The larger the value, the more emails that get processed per polling cycle.
Delete Option Expunge and Delete In most cases, if the connection is used for journaling purposes, emails will need to be deleted from the journal account after they are processed.
Expunge Every 500 IMAP offers a two-stage delete process. When a message is deleted, first the deleted flag is set on a message (inexpensive operation), second, an expunge command is issued to perform the actual process of deleting the message (expensive operation). Since perfoming an expunge can be time consuming, it is better to delay it for some time, for example, every 10 cycles, as opposed to each cycle. If performance is not such a concern, set the Expunge Every value to 0 and all deleted messages will be expunged on every polling cycle.
Connection Mode TLS, when available When TLS/SSL is selected, MailArchiva will apply security to the connection. In this case, the mail server's IMAP server must be configured to accept TLS connections. 
Connect Timeout 0 Timeout in mill-seconds for the successful establishment of a connection to the mail server. A value of zero instructs MailArchiva not to apply any connection timeout and to wait indefinitely for the result (either success or failure) of a connection.
No Data Timeout 0 If no data is received for the specified time period, MailArchiva wil timeout the connection. A value of zero indicates no data timeout.

 

MailArchiva's IMAP client supports the use of IMAP Idle. This technology allows MailArchiva to receive message arrival notifications from the server and thus save on bandwidth.
Unfortunately, some mail servers may stop delivering notifications after a period and archiving will stop. In this case, it is necessary to disable IMAP Idle setting.

 

Test IMAP Connection Failed: If the test IMAP Journal connection fails, please refer to IMAP Journal Connection Failed for troubleshooting steps.
 

Created IMAP / POP Connections are also used for importing emails from the IMAP / POP accounts. Once an IMAP/POP connection is created, emails can be imported via Configuration-Import option and selected the relevant connection.

 

Can't get MailArchiva to archive emails? Refer to Archiving Stopped.

 

SMTP Client Connection

 

SMTP client connections are used for the purposes of establishing outgoing SMTP connections to mail servers. They are typically used for activities such as sending status notifications to administrators, replaying requested messages back to users and proxing emails using MailArchiva's routing engine.

 

Send As Rights

 

If the intention is to use the SMTP connection for the purposes of allowing Administrators or Auditors to send messages from any users back to themselves  (i.e to use the Send function in MailArchiva's search interface), then the account specified must have appropriate rights to send on behalf of any user (send emails using any from address).

 

For instance, in the case of Microsoft Exchange, users assigned Send As permission have the ability to send emails using any from address. By default, Domain Administrators have the Send As right, so it is easiest to enter a Domain Admin credentials. If this does not sit comfortably, the Send As right will need to be assigned to the specified user.

 

In Exchange 2007/2010, the Send-As right is assigned with the equivalent of the following shell command:

 

Add-ADPermission -Identity 'CN=Administrator,CN=Users,DC=domain,DC=com' -User 'domain\username' -ExtendedRights 'Send-as'.

 

In Exchange 2003, the steps would be as follows:

 

  1. On an Exchange computer, click Start, point to Programs, point to Microsoft Exchange, and then click Active Directory Users and Computers.
  2. On the View menu, click to select Advanced Features.
  3. Expand Users, right-click the MailboxOwner object where you want to grant the permission, and then click Properties.
  4. Click the Security tab, and then click Advanced.
  5. In the Access Control Settings for MailboxOwner dialog box, click Add.
  6. In the Select User, Computer, or Group dialog box, click the user account or the group that you want to grant "Send as" permissions to, and then click OK.
  7. In the Permission Entry for MailboxOwner dialog box, click This Object Only in the Apply onto list.
  8. In the Permissions list, locate Send As, and then click to select the Allow check box.
  9. Click OK three times to close the dialog boxes

SMTP Connections

 

Setting Recommended Value  Description
Server Address mailserver.company.com

The full qualified domain name of the mail server
From Address joe@company.com The from email address of the user account that will be used for sending purposes (for Exchange user's, use a domain Admin Account)
Username joe or joe@company.com Username of the user. Must correspond with the from address specified above. 
Password password Password of the user. Typically, this value must be specified.
Connection Mode TLS, when available The connection security that must be applied.
Must correspond with the required security parameters on your Mail server's SMTP server connector.
Certificate Authentication No certificate authentication Normally, certificate authentication would be disabled.
Send Strategy new message-id

Instructs MailArchiva to generate a new message ID each time a message in the archive is sent. Although the original message is modified, generating a new message-id is necessary for Exchange specifically, as Exchange won't redeliver a message with the same ID as a message that already resides in the Exchange Store.

 

If Exchange's SMTP Connect has Windows authentication is enabled, NTLM login names may be used. NTLM usernames are somewhat different in MailArchiva. Assuming the user's email address is "J.User@server.com", its Windows NT login name is "juser", its NT domain name is "dom", and its Exchange mailbox name is "Joe User", then a username of "dom\juser\J.User" should be used (Note: dom\juser will usually not suffice!).

 

Test SMTP Connection Failed: If the test SMTP connection fails and all settings above have been entered correctly, please refer to SMTP Send Failed for troubleshooting steps.


Exchange Client Connection

 

An Exchange Connection is needed to synchronize and import data from MS Exchange. Before creating the connection, ensure that an impersonation account has been created in MS Exchange.

 

  1. In Configuration->Connections, select "Exchange Client", then click New Connection
  2. Leave Auto Discover checked
  3. In the Server address field, enter the fully qualified domain name (FQDN) of Exchange Client Access Server (CAS) (e.g. exchange.company.com)
  4. In the Impersonate Account field, enter the User Principal Name (UPN) of the impersonation account (e.g. user@company.local)
  5. Enter the associated Impersonation Account password
  6. In the Connection Mode field, select "Secure"
  7. Click Save to save the configuration
  8. Click Test Connection to verify whether the connection is functioning as expected


Exchange Connection details

 

Setting Recommended Value  Description  
Exchange Version   Choose a specific version that is closest to the version of MS Exchange running. For example, if running Exchange 2013 SP1, select Exchange 2013.  
Server Address win-sae8ihcr8ws.company.com

The current fully qualified domain name (FQDN) of the primary Exchange Client Access Server (CAS) (not IP address or made up DNS name!)

  
Impersonate Account joe@company.com The user principal name or primary SMTP address of the account assigned impersonation rights. On some older versions of Exchange, contrary to hint on the connection settings, it may be necessary to simply enter the mailbox name (e.g. just "joe" instead of "joe@company.com").  
Password password Password of impersonation account. In Active Directory Users and Computers, make sure the flag to reset password on next login for the impersonation account is not checked.  
Connection Mode TLS, when available The connection security must be applied. Must correspond with the required security parameters defined in the Default IIS site on the CAS server. To verify, in your browser enter the equivalent of https://win-sae8ihcr8ws.company.com/ews/Exchange.asmx in the URL field. Do you receive a response? If so, set the connection mode to TLS. If not, try accessing http://win-sae8ihcr8ws.company.com/ews/Exchange.asmx in your browser. If you receive a response, set connection mode to Insecure.  
Auto Discovery Enabled

Some enterprise environments split their mailboxes up into groups, with each group of mailboxes residing on a separate Exchange Client Access Server (CAS). With auto discovery enabled, during Exchange sync, MailArchiva will use Exchange's auto discovery service to determine on which Exchange Client Access Server (CAS), each mailbox resides. In most cases, the auto discovery option should be left enabled. However, in the event that Exchange auto discovery service is inaccessible or there is only one CAS server, this option can be switched off. When using Office 365, auto discovery must be enabled.

  

 

Exchange Connection Test Not Successful? Internal Error? or Unable to Access Mailbox? Refer to Cannot Establish Exchange Connection for a resolution.

 

Google Client Connection

 

Google Connections are used for the purposes of connecting MailArchiva to Gmail over the Internet. With the Google connection enabled, MailArchiva will continously archive new emails from all mailboxes in a GoogleApps domain. Refer to Google Apps Archiving & Sync for specific instructions on how to setup archiving with Google Apps.

 

There are two modes of retrieval:
 

  • Synchronize - MailArchiva will continously synchronize all new email and folders residing in all mailboxes in a Google Apps domain.
  • Monitors -  MailArchiva will instruct Google to setup 'monitors' for each and every account defined in Google Apps. When a monitor is setup for a particular account, a copy of all incoming, outgoing and internal mail will be sent to a temporary mailbox. Over time, MailArchiva will attempt to ensure that if new users are created in Google Apps, monitors will automatically be setup for each new account.

 

The Synchronize method is a newer method of retrieval. It has the advantage that folder structures are automatically synchronized with MailArchiva. The Monitor receive method is used in rare situations where Google Audit envelope data is needed. Since the Synchronize method obtains emails from Gmail accounts directly, only the original messages are downloaded.




With a Google Coonnection enabled, MailArchiva will automatically download and archive emails passing through Google Apps. Since MailArchiva v3.4.0 and higher, a separate IMAP connection is no longer needed.

 

Maildir `Client Connection

 

Maildir Connections are used for the purposes of sweeping up emails in Maildir format from a user's home directory for the purposes of data import. Once a Maildir connection is created, emails can be imported from a repository of emails in Maildir format by clicking Configuration->Import and selecting the Maildir connection.

MailDir Connection details

Object Store Client

 

MailAchiva has the capability to archive and backup to remote object stores. An object store client connection defines the connection between MailArchiva and an object store service. After an object store connection is created, it becomes possible to define a volume in Configuration->Volumes whose store path refers to it.

 

The following object storage providers are currently available:

 

  Object Store Provider Description
Backblaze BackBlaze B2 Storage BackBlaze B2 is currently the most cost effective public cloud storage on the market.
Amazon S3 Amazon offers both Standard S3 and Glacier storage classes. Glacier is typically used for long term archival.
Open Stack Swift Swift is an on premise, highly available, distributed, eventually consistent object/blob store.
Azure Blob Storage Microsoft Azure is one of the major public cloud object storage offerings. Multiple tiers are available including Standard Blob Storage, Cool Blob Storage and Archive Blob Storage tiers.
Rackspace Cloud Files Rackspace offers public cloud storage that has the ability to replicate data across their content delivery network (CDN) for fast retrieval.
Minio Minio is an open source object storage server with Amazon S3 compatible API. Choose the S3 link.
Delll EMC Atmos Software-defined object storage designed for both traditional and next-generation workloads.
S3 Compatible Blob Storage MailArchiva should integrate with object stores that support the S3 API spec.

 

Before defining the connection, signup to a public object store service or install an on premise object store server.
 

Field Description
ID MailArchiva identifier for the connection (read only). The identifier is added to the Volume store path to link a volume to this object store connection.
Friendly Name Enter any suitable name to identify the connection.
Store Engine Protocol used to connect to the object service. For example, use the S3 protocol to connect to the Minio object store.
Identity Identifier used to connect
Credential Logon credential
Location Location identifier of object store service (used by AWS S3). For Azure enter the location "azureblob".

 

Object Storage Connection Setup

 

The process for configuring MailArchiva to archive to an object store is as follows:
 

  1. Create an object store account with your preferred cloud provider
  2. Create an object store client connection in Configuration->Connections
  3. Click the Test on the connection to test the connection to the blob store
  4. If the test succeeds, check the enable the connection box, click Save.
  5. In Configuration->Archive, select new Volume Format to EXTERNAL. Click Save.
  6. In Configuration->Volumes, close any existing active volume.
  7. in Configuration->Volumes, click New Volume button.
    1. In the store path, select the newly created blob store connection.
    2. Adjust index path as required.
    3. Click Save

Refer to Using Object Stores for further instructions on how to create a volume referencing an object store connection.

 

Backblaze Object Store Connection

 

Setup cloud storage account with Backblaze B2. When creating a Backblaze Object Store connection:

 

  1. In Store Engine field, select "b2"
  2. In Identity, enter Account Id for Backblaze B2 (obtained from Backblaze)
  3. In Credential, enter Master Secret for Backblaze B2 (obtained from Backblaze)
  4. In Bucket UID, enter the UID of an existing Backblaze Bucket (create one if necessary!)

 

Azure Object Store Connection

 

When creating an Azure Object Store connection:
 

  1. In Store Engine field, select "azureblob"
  2. In Identity, enter the Azure storage account name (obtained from Access Keys in Azure)
  3. In Credential, enter your Azure key (obtained from Access Keys in Azure)
  4. In Location, enter "azureblob".

 

Digital Ocean Spaces Connection (S3 Compatible Storage)

 

Create a Spaces account in Digital Ocean and associated Spaces APIaccess credentials. Example Spaces API credentials are illustrated below:

 

archiva
V6HBN6NLZUUJTE3TCDIA 
More 
 
  • Rename
  • Regenerate Key
  • Delete

 

Confirm delete Item

This action is irreversible. To confirm deletion, click the button below.
Secret
bfvNZjkqlAjAH4sL+Nft9xM8957ZwdTFa+MyhKGpO5Q

 

  1. In Store Engine field, select "s3"
  2. In Location, enter the equivalent of "https://ams3.digitaloceanspaces.com"
     
  3. Note: It is necessary to remove the prefix from the Digital Ocean location URL.
  4. In Bucket UID, enter the name of the desired bucket.
  5. In Identity, enter the identity key (e.g.: V6HBN6NLZUUJTE3TCDIA)
  6. In Secret, enter the secret key (e.g. bfvNZjkqlAjAH4sL+Nft9xM8957ZwdTFa+MyhKGpO5Q)

 

© 2005 - 2024 ProProfs

Found this information useful? Visit mailarchiva.com to learn more about MailArchiva.

-