Google Workspace / Gmail
 

MailArchiva is capable of archiving emails flowing through Google Workspace, and synchronizing folder structures.

 

• MailArchiva On-Premise Setup - Configure Google Workspace archiving and folder sync with MailArchiva On-Premise
• Import - Importing historical emails from Google Apps
• Login - Authenticating Google Apps users

 

MailArchiva On-Premise Setup

  

The following high-level steps need to be taken:

 

• Create an SMTP listener - An SMTP listener is needed to receive traffic from Google Workspace
• Enable SMTP journaling - Configure Google Workspace to send traffic to MailArchiva
• Enable Api access - Enable Api access to Google Workspace
• Setup folder sync - Configure MailArchiva to synchronize folders

 

Create an SMTP listener

 

• Login to MailArchiva web console using a web browser. If connecting locally, enter the address https://localhost:8090.
• Click Configuration->Listeners, then select SMTP Listener, then New Listener.
• Enter a friendly name for the connection, check Enabled, set SMTP listen port to 25. Click Save.
• Create a firewall rule to forward port 25 from an external IP address on the edge of your network to the MailArchiva server running internally. 
• Using your DNS provider's editor, create an A record on your domain for the DNS equivalent of mailarchiva.company.com to the external iIP address above.


•  

Enable SMTP journaling

 

Choose Option 1) or Option 2) below.

 

Option 1) Google Workspace Enterprise customers

 

• Go to the Admin Console of your Google Apps domain

• Choose Apps, then Google Workspace, then Gmail

• Select Routing at the bottom of the page.

• Click Configure in Third party archiving section

• Below, "Send journal messages to this email address":
  • If using the MailArchiva USA site, enter the address archive@archive.archiva.com
  • If using the MailArchiva EU site, enter the address archive@archive.mailarchiva.eu
  • If using MailArchiva-On-Premise or (if On-Premise), the equivalent of archive@mailarchiva.company.com.
• Click Save.

 

Option 2) All Google Workspace customers

 

• Go to the Admin Console of your Google Apps domain

• Choose Apps, then Google Workspace, then Gmail

• Select Routing at the bottom of the page.

• In the Routing section, click Configure.

• Enter MailArchiva for a short description of the route.

• Select Internal sending and Internal receiving.

• Check Add more recipients under "For the above types of messages, modify message.."

• In the email address field, enter:

  • If using the MailArchiva USA site, enter the address archive@archive.archiva.com
  • If using the MailArchiva EU site, enter the address archive@archive.mailarchiva.eu
  • If using MailArchiva-On-Premise or (if On-Premise), the equivalent of archive@mailarchiva.company.com.
• Click Save.

 

Enable Api access

 

 

Add Service Account

 

From inside Google Developers Console:

 

• Go to the Google Developers Console.
• Select a project, or create a new one.
• Click the top left menu icon to open the side bar, click APIs & API Services -> API Library menu item.
• In Search for API's input box, search for Gmail API and Admin SDK. Ensure they are enabled.
• Click the top left menu icon to open the side bar, click IAM & Admin -> Service Accounts menu item.
• Click Create Service Account menu item.
• In the dialog, enter mailarchiva as the service account name, then click Create and Continue button.
• Under "Grant this service account access to project", select role as Owner, then click Continue button.
• Click Done. The newly created service account will appear on the service account list.
• In the Actions column, click triple dot next to the service account row, select Manage Keys.
• Click Add key, then Create a new key, Select Key type as P12.
• Check "Furnish a new private key".
• Select P12 as the key type. Click Create button.
• In the service account list, click Manage details next to the newly created mailarchiva service account. Copy the Unique ID and Service Account to notepad.
  
  
   

Grant Api access

 

From inside Google Apps Admin Console:
 

• Go to the Admin Console of your Google Apps domain

• Click Security (Manage security features) and choose Access and data control, then Api controls

• Click Manage third party app access. 

• Click Add app, then select OAuth app name or client ID

• Enter the Unique ID copied to notepad at an earlier step. Click Search. Select the app.

• Check Client ID and click the Select button. Click Trusted: Can access all Google services. Click Configure button.

 

Assign Api permissions

 

• Go to the Admin Console of your Google Apps domain

• Click Security (Manage security features) and choose Access and data control, then Api controls

• Click Manage domain-wide delegation button, then Add new link.

• In the popup dialog Client ID field in the dialog popup, enter the Unique ID copied to notepad at an earlier step.

• In OAuth scopes field enter: https://www.googleapis.com/auth/gmail.readonly, https://www.googleapis.com/auth/admin.directory.domain.readonly, https://www.googleapis.com/auth/admin.directory.customer.readonly, https://apps-apis.google.com/a/feeds/compliance/audit, https://www.googleapis.com/auth/userinfo.profile, https://apps-apis.google.com/a/feeds/compliance/audit/, https://www.googleapis.com/auth/admin.directory.user.readonly, https://mail.google.com/, https://www.googleapis.com/auth/admin.directory.group.member.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly

• Click Authorize.

 

Setup folder sync

 

Follow the steps below to configure folder synchronization.

 

Import certificate

 

In the MailArchiva Console, visit Configuration->Certificates.

• Click Import Private Key button
• Select the P12 key file downloaded earlier from the Google Developers Console.
  Enter the password "notasecret" and specify a storage alias of "gsuite" (or another name of your choosing)
• Save the configuration.
  
  

 

Create Google Workspace connection

 

• In the MailArchiva Console, Click Configuration->Connections
• Select Google Workspace connection, Click New connection.
• Select the "Synchronize folders only" Retrieval method.
• In the Admin email field, enter the email address of the Google Workspace domain administrator.
• In the Service account email field, enter the service account email (noted earlier in the Google Developers Console, and saved earlier to notepad).
• In the private key field, select the alias of the imported private key.
• Save the configuration. Click the Test Connection to verify that MailArchiva can connect to the Gmail API. 
• If the test is successful, enable the connection by checking Enabled. Save.
• To enable Folder view in the Search Interface, click Configuration->Search. 
• Enable tree view by selecting "When Data Available" in the Show Tree View field 
  
  

 

Import

 

To import existing mail from all mailboxes in Google Apps, the Google connection must be prepared above. Thereafter, follow these steps:
 

• Click Configuration->Volumes
• Click Import
• Select the Google Connection created earlier
• Click Import Data

 

Authentication

 

MailArchiva supports OpenID Connect authentication. Thus, it can be configured to authenticate Google Apps users using their Google credentials.

 

To setup authentication to Google Apps, the Google connection must be prepared as in the Archiving section above. Thereafter, follow the Google Apps OpenID Connect setup instructions.